node-jq - npm Package Compare versions

Comparing version 2.3.5 to 3.0.0

lib/exec.js

@@ -20,3 +20,4 @@ "use strict";
             maxBuffer: TEN_MEBIBYTE,
-            cwd: cwd
+            cwd: cwd,
+            env: {}
         };
@@ -23,0 +24,0 @@ var process = _childProcess.default.spawn(command, args, spawnOptions);

lib/utils.js

@@ -17,3 +17,3 @@ "use strict";
 var isJSONPath = function(path) {
-    return /\.json$/.test(path);
+    return /\.json|.jsonl$/.test(path);
 };
@@ -20,0 +20,0 @@ exports.isJSONPath = isJSONPath;

package.json

 {
   "name": "node-jq",
-  "version": "2.3.5",
+  "version": "3.0.0",
   "description": "Run jq in node",
@@ -25,3 +25,3 @@ "main": "lib/jq.js",
   "engines": {
-    "npm": ">=6.0.0"
+    "node": ">=12"
   },
@@ -28,0 +28,0 @@ "keywords": [

src/exec.js

@@ -11,3 +11,3 @@ import childProcess from 'child_process'
 
-    const spawnOptions = { maxBuffer: TEN_MEBIBYTE, cwd }
+    const spawnOptions = { maxBuffer: TEN_MEBIBYTE, cwd, env: {} }
 
@@ -14,0 +14,0 @@ const process = childProcess.spawn(command, args, spawnOptions)

src/options.test.js

@@ -381,2 +381,21 @@ import { expect } from 'chai'
 
+  describe('inherited env var', () => {
+    it('process.env should not be sent in to jq execution', done => {
+      process.env.X_TEST_ENV_VAR = 'TEST_VALUE'
+      run('$ENV', PATH_JSON_FIXTURE, {
+        output: 'string'
+      })
+        .then(output => {
+          expect(output).to.be.a('string')
+          expect(output).to.not.contain('X_TEST_ENV_VAR')
+          done()
+        })
+        .catch(error => {
+          done(error)
+        }).finally(() => {
+          delete process.env.X_TEST_ENV_VAR
+        })
+    })
+  })
+
   describe('raw: true', () => {
@@ -383,0 +402,0 @@ it('output should be able to output raw strings instead of JSON texts', done => {

src/utils.js

@@ -9,3 +9,3 @@ import isPathValid from 'is-valid-path'
 export const isJSONPath = (path) => {
-  return /\.json$/.test(path)
+  return /\.json|.jsonl$/.test(path)
 }
@@ -12,0 +12,0 @@

src/utils.test.js

@@ -8,2 +8,3 @@ import { expect } from 'chai'
 const PATH_JS_FIXTURE = path.join(PATH_FIXTURES, '1.js')
+const PATH_JSONL_FIXTURE = path.join(PATH_FIXTURES, '1.jsonl')
 
@@ -16,2 +17,6 @@ describe('utils', () => {
 
+    it('should return true when you give a json file', () => {
+      expect(isJSONPath(PATH_JSONL_FIXTURE)).to.equal(true)
+    })
+
     it('should return false when you a non-json file', () => {
@@ -18,0 +23,0 @@ expect(isJSONPath(PATH_JS_FIXTURE)).to.equal(false)

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1156143

increased by83.2%

Number of package files

38

increased by2.7%

Lines of code

3522

increased by0.66%

Worsened metrics

Number of low supply chain risk alerts

10

increased by42.86%

No dependency changes