node-sass - npm Package Compare versions

Comparing version 3.0.0-beta.7 to 3.0.0

lib/extensions.js

@@ -5,4 +5,3 @@ /*!
 
-var eol = require('os').EOL,
-    flags = {},
+var flags = {},
     fs = require('fs'),
@@ -54,3 +53,3 @@ package = require('../package.json'),
  * If environment variable SASS_BINARY_NAME or
- * process aurgument --binary-name is provide,
+ * process argument --binary-name is provided,
  * return it as is, otherwise make default binary
@@ -67,6 +66,6 @@ * name: {platform}-{arch}-{v8 version}.node
     binaryName = flags['--sass-binary-name'];
+  } else if (process.env.SASS_BINARY_NAME) {
+    binaryName = process.env.SASS_BINARY_NAME;
   } else if (package.nodeSassConfig && package.nodeSassConfig.binaryName) {
     binaryName = package.nodeSassConfig.binaryName;
-  } else if (process.env.SASS_BINARY_NAME) {
-    binaryName = process.env.SASS_BINARY_NAME;
   } else {
@@ -82,8 +81,25 @@ binaryName = [process.platform, '-',
 /**
- * Retrieve the URL to fetch binary.
- * If environment variable SASS_BINARY_URL
- * is set, return that path. Otherwise make
- * path using current release version and
- * binary name.
+ * Determine the URL to fetch binary file from.
+ * By default feth from the node-sass distribution
+ * site on GitHub.
  *
+ * The default URL can be overriden using
+ * the environment variable SASS_BINARY_SITE
+ * or a command line option --sass-binary-site:
+ *
+ *   node scripts/install.js --sass-binary-site http://example.com/
+ *
+ * The URL should to the mirror of the repository
+ * laid out as follows:
+ *
+ * SASS_BINARY_SITE/
+ *
+ *  v3.0.0
+ *  v3.0.0/freebsd-x64-14_binding.node
+ *  ....
+ *  v3.0.0
+ *  v3.0.0/freebsd-ia32-11_binding.node
+ *  v3.0.0/freebsd-x64-42_binding.node
+ *  ... etc. for all supported versions and platforms
+ *
  * @api private
@@ -93,22 +109,9 @@ */
 function getBinaryUrl() {
-  return flags['--sass-binary-url'] ||
-         package.nodeSassConfig ? package.nodeSassConfig.binaryUrl : null ||
-         process.env.SASS_BINARY_URL ||
-         ['https://github.com/sass/node-sass/releases/download/v',
-          package.version, '/', sass.binaryName].join('');
+  var site = flags['--sass-binary-site'] ||
+             process.env.SASS_BINARY_SITE  ||
+             package.nodeSassConfig.binarySite;
+	return [site, 'v' + package.version, sass.binaryName].join('/');
 }
 
-/**
- * Get Sass version information
- *
- * @api private
- */
 
-function getVersionInfo() {
-  return [
-           ['node-sass', package.version, '(Wrapper)', '[JavaScript]'].join('\t'),
-           ['libsass  ', package.libsass, '(Sass Compiler)', '[C/C++]'].join('\t'),
-  ].join(eol);
-}
-
 collectArguments(process.argv.slice(2));
@@ -121,3 +124,2 @@
 sass.runtime = getRuntimeInfo();
-sass.versionInfo = getVersionInfo();
 
@@ -127,3 +129,3 @@ /**
  * If environment variable SASS_BINARY_PATH or
- * process aurgument --binary-path is provide,
+ * process argument --sass-binary-path is provided,
  * select it by appending binary name, otherwise
@@ -144,6 +146,6 @@ * make default binary path using binary name.
     binaryPath = flags['--sass-binary-path'];
+  } else if (process.env.SASS_BINARY_PATH) {
+    binaryPath = process.env.SASS_BINARY_PATH;
   } else if (package.nodeSassConfig && package.nodeSassConfig.binaryPath) {
     binaryPath = package.nodeSassConfig.binaryPath;
-  } else if (process.env.SASS_BINARY_PATH) {
-    binaryPath = process.env.SASS_BINARY_PATH;
   } else {
@@ -154,3 +156,3 @@ binaryPath = path.join(__dirname, '..', 'vendor', sass.binaryName.replace(/_/, '/'));
   if (!fs.existsSync(binaryPath) && throwIfNotExists) {
-    throw new Error('`libsass` bindings not found. Try reinstalling `node-sass`?');
+    throw new Error(['`libsass` bindings not found in ', binaryPath, '. Try reinstalling `node-sass`?'].join(''));
   }
@@ -157,0 +159,0 @@

lib/index.js

@@ -5,4 +5,6 @@ /*!
 
-var path = require('path'),
-    util = require('util');
+var eol = require('os').EOL,
+    path = require('path'),
+    util = require('util'),
+    package = require('../package.json');
 
@@ -18,2 +20,15 @@ require('./extensions');
 /**
+ * Get Sass version information
+ *
+ * @api private
+ */
+
+function getVersionInfo(binding) {
+  return [
+           ['node-sass', package.version, '(Wrapper)', '[JavaScript]'].join('\t'),
+           ['libsass  ', binding.libsassVersion(), '(Sass Compiler)', '[C/C++]'].join('\t'),
+  ].join(eol);
+}
+
+/**
  * Get input file
@@ -405,2 +420,3 @@ *
 
+process.sass.versionInfo = getVersionInfo(binding);
 module.exports.info = process.sass.versionInfo;
@@ -407,0 +423,0 @@

package.json

 {
   "name": "node-sass",
-  "version": "3.0.0-beta.7",
-  "libsass": "3.2.0-beta.6",
+  "version": "3.0.0",
+  "libsass": "3.2.2",
   "description": "Wrapper around libsass",
@@ -21,2 +21,5 @@ "license": "MIT",
   "main": "lib/index.js",
+  "nodeSassConfig": {
+    "binarySite": "https://github.com/sass/node-sass/releases/download"
+  },
   "bin": {
@@ -56,7 +59,7 @@ "node-sass": "bin/node-sass"
     "mkdirp": "^0.5.0",
-    "nan": "^1.7.0",
+    "nan": "^1.8.4",
     "npmconf": "^2.1.1",
-    "pangyp": "^2.1.0",
+    "pangyp": "am11/pangyp",
     "request": "^2.55.0",
-    "sass-graph": "^1.2.0"
+    "sass-graph": "^2.0.0"
   },
@@ -63,0 +66,0 @@ "devDependencies": {

README.md

@@ -43,2 +43,4 @@ # node-sass
 
+**Having installation troubles? Check out our [Troubleshooting guide](/TROUBLESHOOTING.md).**
+
 ## Usage
@@ -358,3 +360,3 @@
 
-Both `node-sass` and `libsass` version info is now present in `package.json` and is exposed via `info` method:
+Both `node-sass` and `libsass` version info is now exposed via the `info` method:
 
@@ -374,2 +376,4 @@ ```javascript
 
+Since node-sass >=v3.0.0 libsass version is determined at run time.
+
 ## Integrations
@@ -376,0 +380,0 @@

scripts/build.js

@@ -101,6 +101,8 @@ /*!
 
-function installGitDependencies(cb) {
+function installGitDependencies(options, cb) {
   var libsassPath = './src/libsass';
 
-  if (fs.access) { // node 0.12+, iojs 1.0.0+
+  if (process.env.LIBSASS_EXT || options.libsassExt) {
+    cb();
+  } else if (fs.access) { // node 0.12+, iojs 1.0.0+
     fs.access(libsassPath, fs.R_OK, function(err) {
@@ -124,3 +126,3 @@ err && err.code === 'ENOENT' ? initSubmodules(cb) : cb();
 function build(options) {
-  installGitDependencies(function(err) {
+  installGitDependencies(options, function(err) {
     if (err) {
@@ -176,2 +178,4 @@ console.error(err.message);
       options.debug = true;
+    } else if (arg.substring(0, 13) === '--libsass_ext' && arg.substring(14) !== 'no') {
+      options.libsassExt = true;
     }
@@ -178,0 +182,0 @@

scripts/install.js

@@ -9,3 +9,4 @@ /*!
     path = require('path'),
-    request = require('request');
+    request = require('request'),
+    package = require('../package.json');
 
@@ -24,17 +25,34 @@ require('../lib/extensions');
 function download(url, dest, cb) {
+  var reportError = function(err) {
+    cb(['Cannot download "', url, '": ',
+      typeof err.message === 'string' ? err.message : err].join(''));
+  };
+  var successful = function(response) {
+    return response.statusCode >= 200 && response.statusCode < 300;
+  };
+
   applyProxy({ rejectUnauthorized: false }, function(options) {
-    var returnError = function(err) {
-      cb(typeof err.message === 'string' ? err.message : err);
+    options.headers = {
+      'User-Agent': [
+        'node/', process.version, ' ',
+        'node-sass-installer/', package.version
+      ].join('')
     };
-
-    request.get(url, options).on('response', function(response) {
-      if (response.statusCode < 200 || response.statusCode >= 300) {
-        returnError(['Can not download file from:', url].join());
-        return;
-      }
-
-      response.pipe(fs.createWriteStream(dest));
-
-      cb();
-    }).on('error', returnError);
+    try {
+      request(url, options, function(err, response) {
+        if (err) {
+          reportError(err);
+        } else if (!successful(response)) {
+            reportError(['HTTP error', response.statusCode, response.statusMessage].join(' '));
+        } else {
+            cb();
+        }
+      }).on('response', function(response) {
+          if (successful(response)) {
+            response.pipe(fs.createWriteStream(dest));
+          }
+      });
+    } catch (err) {
+      cb(err);
+    }
   });
@@ -41,0 +59,0 @@ }

src/libsass/Readme.md

@@ -10,3 +10,3 @@ Libsass
 [![Coverage Status](https://img.shields.io/coveralls/sass/libsass.svg)](https://coveralls.io/r/sass/libsass?branch=feature%2Ftest-travis-ci-3)
-[![Join us](https://still-ridge-9421.herokuapp.com/badge.svg)](https://still-ridge-9421.herokuapp.com/)
+[![Join us](https://libsass-slack.herokuapp.com/badge.svg)](https://libsass-slack.herokuapp.com/)
 
@@ -13,0 +13,0 @@ https://github.com/sass/libsass

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1149881

increased by1.59%

Lines of code

910

increased by4.72%

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

522

increased by0.77%

Worsened metrics

Number of high supply chain risk alerts

3

increased by50%

Number of low supply chain risk alerts

17

increased by6.25%

Dependency changes

• + Addedamdefine@1.0.1(transitive)

• + Addedcall-bind@1.0.7(transitive)

• + Addedcamelcase@3.0.0(transitive)

• + Addedcliui@3.2.0(transitive)

• + Addedcode-point-at@1.1.0(transitive)

• + Addeddefine-data-property@1.1.4(transitive)

• + Addeddefine-properties@1.2.1(transitive)

• + Addedes-define-property@1.0.0(transitive)

• + Addedes-errors@1.3.0(transitive)

• + Addedfs.realpath@1.0.0(transitive)

• + Addedget-caller-file@1.0.3(transitive)

• + Addedget-intrinsic@1.2.4(transitive)

• + Addedglob@7.2.3(transitive)

• + Addedgopd@1.0.1(transitive)

• + Addedhas-property-descriptors@1.0.2(transitive)

• + Addedhas-proto@1.0.3(transitive)

• + Addedhas-symbols@1.0.3(transitive)

• + Addedinvert-kv@1.0.0(transitive)

• + Addedis-fullwidth-code-point@1.0.0(transitive)

• + Addedjs-base64@2.6.4(transitive)

• + Addedlcid@1.0.0(transitive)

• + Addedlodash@4.17.21(transitive)

• + Addednumber-is-nan@1.0.1(transitive)

• + Addedobject-keys@1.1.1(transitive)

• + Addedobject.assign@4.1.5(transitive)

• + Addedos-locale@1.4.0(transitive)

• + Addedrequire-directory@2.1.1(transitive)

• + Addedrequire-main-filename@1.0.1(transitive)

• + Addedsass-graph@2.2.6(transitive)

• + Addedscss-tokenizer@0.2.3(transitive)

• + Addedset-blocking@2.0.0(transitive)

• + Addedset-function-length@1.2.2(transitive)

• + Addedsource-map@0.4.4(transitive)

• + Addedstring-width@1.0.2(transitive)

• + Addedwhich-module@1.0.0(transitive)

• + Addedwrap-ansi@2.1.0(transitive)

• + Addedy18n@3.2.2(transitive)

• + Addedyargs@7.1.2(transitive)

• + Addedyargs-parser@5.0.1(transitive)

• - Removedansi@0.3.1(transitive)

• - Removedare-we-there-yet@1.0.6(transitive)

• - Removedasn1@0.1.11(transitive)

• - Removedassert-plus@0.1.5(transitive)

• - Removedasync@0.9.2(transitive)

• - Removedaws-sign2@0.5.0(transitive)

• - Removedbl@0.9.5(transitive)

• - Removedblock-stream@0.0.9(transitive)

• - Removedboom@0.4.2(transitive)

• - Removedcaseless@0.8.0(transitive)

• - Removedcombined-stream@0.0.7(transitive)

• - Removedcommander@2.20.3(transitive)

• - Removedcore-util-is@1.0.3(transitive)

• - Removedcryptiles@0.2.2(transitive)

• - Removedctype@0.5.3(transitive)

• - Removeddelayed-stream@0.0.5(transitive)

• - Removeddelegates@1.0.0(transitive)

• - Removedforever-agent@0.5.2(transitive)

• - Removedform-data@0.2.0(transitive)

• - Removedfstream@1.0.12(transitive)

• - Removedgauge@1.0.2(transitive)

• - Removedglob@4.3.54.5.3(transitive)

• - Removedgraceful-fs@3.0.12(transitive)

• - Removedhas-unicode@1.0.1(transitive)

• - Removedhawk@1.1.1(transitive)

• - Removedhoek@0.9.1(transitive)

• - Removedhttp-signature@0.10.1(transitive)

• - Removedisarray@0.0.11.0.0(transitive)

• - Removedlodash@2.4.2(transitive)

• - Removedmime-db@1.12.0(transitive)

• - Removedmime-types@1.0.22.0.14(transitive)

• - Removedminimatch@2.0.10(transitive)

• - Removednatives@1.1.6(transitive)

• - Removednode-uuid@1.4.8(transitive)

• - Removednpmlog@1.0.0(transitive)

• - Removedoauth-sign@0.5.0(transitive)

• - Removedpangyp@2.3.3(transitive)

• - Removedprocess-nextick-args@2.0.1(transitive)

• - Removedqs@2.3.3(transitive)

• - Removedreadable-stream@1.0.342.3.8(transitive)

• - Removedrequest@2.51.0(transitive)

• - Removedrimraf@2.2.8(transitive)

• - Removedsafe-buffer@5.1.2(transitive)

• - Removedsass-graph@1.3.0(transitive)

• - Removedsntp@0.2.4(transitive)

• - Removedstring_decoder@0.10.311.1.1(transitive)

• - Removedstringstream@0.0.6(transitive)

• - Removedtar@1.0.3(transitive)

• - Removedtldts@6.1.46(transitive)

• - Removedtldts-core@6.1.46(transitive)

• - Removedtough-cookie@5.0.0(transitive)

• - Removedtunnel-agent@0.4.3(transitive)

• - Removedutil-deprecate@1.0.2(transitive)

• - Removedwhich@1.0.9(transitive)

• Updatednan@^1.8.4

• Updatedpangyp@am11/pangyp

• Updatedsass-graph@^2.0.0