node-sass - npm Package Compare versions

Comparing version 6.0.1 to 7.0.0

lib/extensions.js

@@ -84,2 +84,3 @@ /*!
     case 93: return 'Node.js 16.x';
+    case 102: return 'Node.js 17.x';
     default: return false;
@@ -86,0 +87,0 @@ }

package.json

 {
   "name": "node-sass",
-  "version": "6.0.1",
+  "version": "7.0.0",
   "libsass": "3.5.5",
@@ -57,3 +57,3 @@ "description": "Wrapper around libsass",
     "async-foreach": "^0.1.3",
-    "chalk": "^1.1.1",
+    "chalk": "^4.1.2",
     "cross-spawn": "^7.0.3",
@@ -67,3 +67,3 @@ "gaze": "^1.0.0",
     "node-gyp": "^7.1.0",
-    "npmlog": "^4.0.0",
+    "npmlog": "^5.0.0",
     "request": "^2.88.0",
@@ -75,4 +75,4 @@ "sass-graph": "2.2.5",
   "devDependencies": {
-    "eslint": "^7.10.0",
-    "fs-extra": "^0.30.0",
+    "eslint": "^8.0.0",
+    "fs-extra": "^10.0.0",
     "mocha": "^9.0.1",
@@ -79,0 +79,0 @@ "nyc": "^15.1.0",

README.md

@@ -16,8 +16,9 @@ # node-sass
 
-Below is a quick guide for minimum and maximum support supported version of node-sass:
+Below is a quick guide for minimum and maximum supported versions of node-sass:
 
 NodeJS  | Supported node-sass version | Node Module
 --------|-----------------------------|------------
+Node 17 | 7.0+                        | 102
 Node 16 | 6.0+                        | 93
-Node 15 | 5.0+                        | 88
+Node 15 | 5.0+, <7.0                 | 88
 Node 14 | 4.14+                       | 83
@@ -599,8 +600,9 @@ Node 13 | 4.13+, <5.0                 | 79
 
-Variable name    | .npmrc parameter | Process argument   | Value
------------------|------------------|--------------------|------
-SASS_BINARY_NAME | sass_binary_name | --sass-binary-name | path
-SASS_BINARY_SITE | sass_binary_site | --sass-binary-site | URL
-SASS_BINARY_PATH | sass_binary_path | --sass-binary-path | path
-SASS_BINARY_DIR  | sass_binary_dir  | --sass-binary-dir  | path
+Variable name            | .npmrc parameter         | Process argument           | Value
+-------------------------|--------------------------|----------------------------|------
+SASS_BINARY_NAME         | sass_binary_name         | --sass-binary-name         | path
+SASS_BINARY_SITE         | sass_binary_site         | --sass-binary-site         | URL
+SASS_BINARY_PATH         | sass_binary_path         | --sass-binary-path         | path
+SASS_BINARY_DIR          | sass_binary_dir          | --sass-binary-dir          | path
+SASS_REJECT_UNAUTHORIZED | sass_reject_unauthorized | --sass-reject-unauthorized | value
 
@@ -619,2 +621,4 @@ These parameters can be used as environment variable:
 
+If you are using self-signed certificates for your binary then `SASS_REJECT_UNAUTHORIZED` will override (rejectUnauthorized)[https://nodejs.org/docs/latest/api/tls.html#tls_tls_createserver_options_secureconnectionlistener].
+
 ## Post-install Build
@@ -621,0 +625,0 @@

scripts/util/downloadoptions.js

 var proxy = require('./proxy'),
-  userAgent = require('./useragent');
+  userAgent = require('./useragent'),
+  rejectUnauthorized = require('./rejectUnauthorized');
 
@@ -17,3 +18,3 @@ /**
   var options = {
-    rejectUnauthorized: false,
+    rejectUnauthorized: rejectUnauthorized(),
     timeout: 60000,
@@ -20,0 +21,0 @@ headers: {

test/downloadoptions.js

@@ -11,3 +11,3 @@ var assert = require('assert').strict,
         var expected = {
-          rejectUnauthorized: false,
+          rejectUnauthorized: true,
           timeout: 60000,
@@ -37,3 +37,3 @@ headers: {
         var expected = {
-          rejectUnauthorized: false,
+          rejectUnauthorized: true,
           proxy: proxy,
@@ -64,2 +64,21 @@ timeout: 60000,
         var expected = {
+          rejectUnauthorized: true,
+          timeout: 60000,
+          headers: {
+            'User-Agent': ua(),
+          },
+          encoding: null,
+        };
+
+        assert.deepStrictEqual(opts(), expected);
+      });
+    });
+
+    describe('with SASS_REJECT_UNAUTHORIZED set to false', function() {
+      beforeEach(function() {
+        process.env.SASS_REJECT_UNAUTHORIZED = '0';
+      });
+
+      it('should look as we expect', function() {
+        var expected = {
           rejectUnauthorized: false,
@@ -76,3 +95,45 @@ timeout: 60000,
     });
+
+    describe('with SASS_REJECT_UNAUTHORIZED set to true', function() {
+      beforeEach(function() {
+        process.env.SASS_REJECT_UNAUTHORIZED = '1';
+      });
+
+      it('should look as we expect', function() {
+        var expected = {
+          rejectUnauthorized: true,
+          timeout: 60000,
+          headers: {
+            'User-Agent': ua(),
+          },
+          encoding: null,
+        };
+
+        assert.deepStrictEqual(opts(), expected);
+      });
+    });
+
+    describe('with npm_config_sass_reject_unauthorized set to true', function() {
+      beforeEach(function() {
+        process.env.npm_config_sass_reject_unauthorized = true;
+      });
+
+      it('should look as we expect', function() {
+        var expected = {
+          rejectUnauthorized: true,
+          timeout: 60000,
+          headers: {
+            'User-Agent': ua(),
+          },
+          encoding: null,
+        };
+
+        assert.deepStrictEqual(opts(), expected);
+      });
+
+      afterEach(function() {
+        process.env.npm_config_sass_reject_unauthorized = undefined;
+      });
+    });
   });
 });

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

4651949

increased by152.18%

Number of package files

340

increased by0.89%

Lines of code

5725

increased by1.65%

Number of lines in readme file

651

increased by0.62%

Worsened metrics

Number of low supply chain risk alerts

108

increased by6.93%

Dependency changes

• + Addedansi-regex@5.0.1(transitive)

• + Addedansi-styles@4.3.0(transitive)

• + Addedare-we-there-yet@2.0.0(transitive)

• + Addedchalk@4.1.2(transitive)

• + Addedcolor-convert@2.0.1(transitive)

• + Addedcolor-name@1.1.4(transitive)

• + Addedcolor-support@1.1.3(transitive)

• + Addedemoji-regex@8.0.0(transitive)

• + Addedgauge@3.0.2(transitive)

• + Addedhas-flag@4.0.0(transitive)

• + Addedis-fullwidth-code-point@3.0.0(transitive)

• + Addednpmlog@5.0.1(transitive)

• + Addedreadable-stream@3.6.2(transitive)

• + Addedsafe-buffer@5.2.1(transitive)

• + Addedstring-width@4.2.3(transitive)

• + Addedstring_decoder@1.3.0(transitive)

• + Addedstrip-ansi@6.0.1(transitive)

• + Addedsupports-color@7.2.0(transitive)

• - Removedansi-styles@2.2.1(transitive)

• - Removedchalk@1.1.3(transitive)

• - Removedhas-ansi@2.0.0(transitive)

• - Removedsupports-color@2.0.0(transitive)

• Updatedchalk@^4.1.2

• Updatednpmlog@^5.0.0