node-gyp-build
Advanced tools
Comparing version 3.3.0 to 3.4.0
@@ -9,3 +9,7 @@ #!/usr/bin/env node | ||
try { | ||
test = require(path.join(process.cwd(), 'package.json')).prebuild.test | ||
var pkg = require(path.join(process.cwd(), 'package.json')) | ||
if (pkg.name && process.env[pkg.name.toUpperCase().replace(/-/g, '_')]) { | ||
process.exit(0) | ||
} | ||
test = pkg.prebuild.test | ||
} catch (err) { | ||
@@ -12,0 +16,0 @@ // do nothing |
@@ -19,2 +19,7 @@ var fs = require('fs') | ||
try { | ||
var name = require(path.join(dir, 'package.json')).name.toUpperCase().replace(/-/g, '_') | ||
if (process.env[name + '_PREBUILD']) dir = process.env[name + '_PREBUILD'] | ||
} catch (err) {} | ||
var release = getFirst(path.join(dir, 'build/Release'), matchBuild) | ||
@@ -21,0 +26,0 @@ if (release) return release |
{ | ||
"name": "node-gyp-build", | ||
"version": "3.3.0", | ||
"version": "3.4.0", | ||
"description": "Build tool and bindings loader for node-gyp that supports prebuilds", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
6384
103
15