node-gyp-build - npm Package Compare versions

Comparing version 3.3.0 to 3.4.0

build-test.js

@@ -9,3 +9,7 @@ #!/usr/bin/env node
 try {
-  test = require(path.join(process.cwd(), 'package.json')).prebuild.test
+  var pkg = require(path.join(process.cwd(), 'package.json'))
+  if (pkg.name && process.env[pkg.name.toUpperCase().replace(/-/g, '_')]) {
+    process.exit(0)
+  }
+  test = pkg.prebuild.test
 } catch (err) {
@@ -12,0 +16,0 @@ //  do nothing

index.js

@@ -19,2 +19,7 @@ var fs = require('fs')
 
+  try {
+    var name = require(path.join(dir, 'package.json')).name.toUpperCase().replace(/-/g, '_')
+    if (process.env[name + '_PREBUILD']) dir = process.env[name + '_PREBUILD']
+  } catch (err) {}
+
   var release = getFirst(path.join(dir, 'build/Release'), matchBuild)
@@ -21,0 +26,0 @@ if (release) return release

package.json

 {
   "name": "node-gyp-build",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "description": "Build tool and bindings loader for node-gyp that supports prebuilds",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6384

increased by5.21%

Lines of code

103

increased by8.42%

Worsened metrics

Number of low supply chain risk alerts

15

increased by87.5%

No dependency changes