node-sass - npm Package Compare versions

Comparing version 7.0.2 to 7.0.3

lib/extensions.js

@@ -8,3 +8,3 @@ /*!
   path = require('path'),
-  trueCasePathSync = require('true-case-path').trueCasePathSync,
+  trueCasePathSync = require('true-case-path'),
   pkg = require('../package.json'),
@@ -11,0 +11,0 @@ defaultBinaryDir = path.join(__dirname, '..', 'vendor');

package.json

 {
   "name": "node-sass",
-  "version": "7.0.2",
+  "version": "7.0.3",
   "libsass": "3.5.5",
@@ -19,3 +19,3 @@ "description": "Wrapper around libsass",
   "engines": {
-    "node": ">=14"
+    "node": ">=12"
   },
@@ -64,9 +64,10 @@ "main": "lib/index.js",
     "lodash": "^4.17.15",
-    "make-fetch-happen": "^10.0.4",
     "meow": "^9.0.0",
     "nan": "^2.13.2",
-    "node-gyp": "^9.0.0",
+    "node-gyp": "^8.4.1",
+    "npmlog": "^5.0.0",
+    "request": "^2.88.0",
     "sass-graph": "^4.0.1",
     "stdout-stream": "^1.4.0",
-    "true-case-path": "^2.2.1"
+    "true-case-path": "^1.0.2"
   },
@@ -73,0 +74,0 @@ "devDependencies": {

README.md

@@ -22,6 +22,6 @@ # node-sass
 Node 16 | 6.0+                        | 93
-Node 15 | 5.0+, <7.0                  | 88
+Node 15 | 5.0+, <7.0                 | 88
 Node 14 | 4.14+                       | 83
 Node 13 | 4.13+, <5.0                 | 79
-Node 12 | 4.12+, <8.0                 | 72
+Node 12 | 4.12+                       | 72
 Node 11 | 4.10+, <5.0                 | 67
@@ -82,3 +82,3 @@ Node 10 | 4.9+, <6.0                  | 64
 ```shell
-npm install -g mirror-config-china --registry=https://registry.npmmirror.com
+npm install -g mirror-config-china --registry=http://registry.npm.taobao.org
 npm install node-sass
@@ -496,3 +496,3 @@ ```
 
-[@10xLaCroixDrinker](https://github.com/10xLaCroixDrinker) wrote a [DocPad](http://docpad.org/) plugin that compiles `.scss` files using node-sass: <https://github.com/docpad/docpad-plugin-nodesass>
+[@10xLaCroixDrinker](https://github.com/10xLaCroixDrinker) wrote a [DocPad](http://docpad.org/) plugin that compiles `.scss` files using node-sass: <https://github.com/10xLaCroixDrinker/docpad-plugin-nodesass>
 
@@ -499,0 +499,0 @@ ### Duo.js extension

scripts/install.js

@@ -8,3 +8,4 @@ /*!
   path = require('path'),
-  fetch = require('make-fetch-happen'),
+  request = require('request'),
+  log = require('npmlog'),
   sass = require('../lib/extensions'),
@@ -24,4 +25,17 @@ downloadOptions = require('./util/downloadoptions');
   var reportError = function(err) {
+    var timeoutMessge;
+
+    if (err.code === 'ETIMEDOUT') {
+      if (err.connect === true) {
+        // timeout is hit while your client is attempting to establish a connection to a remote machine
+        timeoutMessge = 'Timed out attemping to establish a remote connection';
+      } else {
+        timeoutMessge = 'Timed out whilst downloading the prebuilt binary';
+        // occurs any time the server is too slow to send back a part of the response
+      }
+
+    }
     cb(['Cannot download "', url, '": ', eol, eol,
       typeof err.message === 'string' ? err.message : err, eol, eol,
+      timeoutMessge ? timeoutMessge + eol + eol : timeoutMessge,
       'Hint: If github.com is not accessible in your location', eol,
@@ -35,3 +49,3 @@ '      try setting a proxy via HTTP_PROXY, e.g. ', eol, eol,
   var successful = function(response) {
-    return response.status >= 200 && response.status < 300;
+    return response.statusCode >= 200 && response.statusCode < 300;
   };
@@ -42,12 +56,35 @@
   try {
-    fetch(url, downloadOptions()).then(function (response) {
-      fs.createWriteStream(dest).on('error', cb).end(response.data, cb);
-      console.log('Download complete');
-    }).catch(function(err) {
-      if(!successful(err)) {
-        reportError(['HTTP error', err.code, err.message].join(' '));
+    request(url, downloadOptions(), function(err, response, buffer) {
+      if (err) {
+        reportError(err);
+      } else if (!successful(response)) {
+        reportError(['HTTP error', response.statusCode, response.statusMessage].join(' '));
       } else {
-        reportError(err);
+        console.log('Download complete');
+
+        if (successful(response)) {
+          fs.createWriteStream(dest)
+            .on('error', cb)
+            .end(buffer, cb);
+        } else {
+          cb();
+        }
       }
-    });
+    })
+      .on('response', function(response) {
+        var length = parseInt(response.headers['content-length'], 10);
+        var progress = log.newItem('', length);
+
+        // The `progress` is true by default. However if it has not
+        // been explicitly set it's `undefined` which is considered
+        // as far as npm is concerned.
+        if (process.env.npm_config_progress === 'true') {
+          log.enableProgress();
+
+          response.on('data', function(chunk) {
+            progress.completeWork(chunk.length);
+          })
+            .on('end', progress.finish);
+        }
+      });
   } catch (err) {
@@ -54,0 +91,0 @@ cb(err);

scripts/util/downloadoptions.js

@@ -6,5 +6,10 @@ var proxy = require('./proxy'),
 /**
- * The options passed to make-fetch-happen when downloading the binary
+ * The options passed to request when downloading the bibary
  *
- * @return {Object} an options object for make-fetch-happen
+ * There some nuance to how request handles options. Specifically
+ * we've been caught by their usage of `hasOwnProperty` rather than
+ * falsey checks. By moving the options generation into a util helper
+ * we can test for regressions.
+ *
+ * @return {Object} an options object for request
  * @api private
@@ -14,3 +19,3 @@ */
   var options = {
-    strictSSL: rejectUnauthorized(),
+    rejectUnauthorized: rejectUnauthorized(),
     timeout: 60000,
@@ -20,2 +25,3 @@ headers: {
     },
+    encoding: null,
   };
@@ -22,0 +28,0 @@

test/downloadoptions.js

@@ -11,3 +11,3 @@ var assert = require('assert').strict,
         var expected = {
-          strictSSL: true,
+          rejectUnauthorized: true,
           timeout: 60000,
@@ -17,2 +17,3 @@ headers: {
           },
+          encoding: null,
         };
@@ -37,3 +38,3 @@
         var expected = {
-          strictSSL: true,
+          rejectUnauthorized: true,
           proxy: proxy,
@@ -44,2 +45,3 @@ timeout: 60000,
           },
+          encoding: null,
         };
@@ -64,3 +66,3 @@
         var expected = {
-          strictSSL: true,
+          rejectUnauthorized: true,
           timeout: 60000,
@@ -70,2 +72,3 @@ headers: {
           },
+          encoding: null,
         };
@@ -84,3 +87,3 @@
         var expected = {
-          strictSSL: false,
+          rejectUnauthorized: false,
           timeout: 60000,
@@ -90,2 +93,3 @@ headers: {
           },
+          encoding: null,
         };
@@ -104,3 +108,3 @@
         var expected = {
-          strictSSL: true,
+          rejectUnauthorized: true,
           timeout: 60000,
@@ -110,2 +114,3 @@ headers: {
           },
+          encoding: null,
         };
@@ -124,3 +129,3 @@
         var expected = {
-          strictSSL: true,
+          rejectUnauthorized: true,
           timeout: 60000,
@@ -130,2 +135,3 @@ headers: {
           },
+          encoding: null,
         };
@@ -132,0 +138,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Improved metrics

Lines of code

5725

increased by0.77%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Total package byte prevSize

4640242

decreased by-0.21%

Dependency count

15

increased by7.14%

Number of package files

337

decreased by-0.88%

Number of low supply chain risk alerts

108

increased by0.93%

Dependency changes

• + Addednpmlog@^5.0.0

• + Addedrequest@^2.88.0

• + Added@npmcli/fs@1.1.1(transitive)

• + Added@npmcli/move-file@1.1.2(transitive)

• + Added@tootallnate/once@1.1.2(transitive)

• + Addedajv@6.12.6(transitive)

• + Addedare-we-there-yet@2.0.0(transitive)

• + Addedasn1@0.2.6(transitive)

• + Addedassert-plus@1.0.0(transitive)

• + Addedasynckit@0.4.0(transitive)

• + Addedaws-sign2@0.7.0(transitive)

• + Addedaws4@1.12.0(transitive)

• + Addedbcrypt-pbkdf@1.0.2(transitive)

• + Addedcacache@15.3.0(transitive)

• + Addedcaseless@0.12.0(transitive)

• + Addedcombined-stream@1.0.8(transitive)

• + Addedcore-util-is@1.0.2(transitive)

• + Addeddashdash@1.14.1(transitive)

• + Addeddelayed-stream@1.0.0(transitive)

• + Addedecc-jsbn@0.1.2(transitive)

• + Addedextend@3.0.2(transitive)

• + Addedextsprintf@1.3.0(transitive)

• + Addedfast-deep-equal@3.1.3(transitive)

• + Addedfast-json-stable-stringify@2.1.0(transitive)

• + Addedforever-agent@0.6.1(transitive)

• + Addedform-data@2.3.3(transitive)

• + Addedgauge@3.0.2(transitive)

• + Addedgetpass@0.1.7(transitive)

• + Addedhar-schema@2.0.0(transitive)

• + Addedhar-validator@5.1.5(transitive)

• + Addedhttp-proxy-agent@4.0.1(transitive)

• + Addedhttp-signature@1.2.0(transitive)

• + Addedis-typedarray@1.0.0(transitive)

• + Addedisstream@0.1.2(transitive)

• + Addedjsbn@0.1.1(transitive)

• + Addedjson-schema@0.4.0(transitive)

• + Addedjson-schema-traverse@0.4.1(transitive)

• + Addedjson-stringify-safe@5.0.1(transitive)

• + Addedjsprim@1.4.2(transitive)

• + Addedmake-fetch-happen@9.1.0(transitive)

• + Addedmime-db@1.52.0(transitive)

• + Addedmime-types@2.1.35(transitive)

• + Addedminipass-fetch@1.4.1(transitive)

• + Addednode-gyp@8.4.1(transitive)

• + Addednopt@5.0.0(transitive)

• + Addednpmlog@5.0.1(transitive)

• + Addedoauth-sign@0.9.0(transitive)

• + Addedobject-assign@4.1.1(transitive)

• + Addedperformance-now@2.1.0(transitive)

• + Addedpsl@1.9.0(transitive)

• + Addedpunycode@2.3.1(transitive)

• + Addedqs@6.5.3(transitive)

• + Addedrequest@2.88.2(transitive)

• + Addedsocks-proxy-agent@6.2.1(transitive)

• + Addedsshpk@1.18.0(transitive)

• + Addedssri@8.0.1(transitive)

• + Addedtough-cookie@2.5.0(transitive)

• + Addedtrue-case-path@1.0.3(transitive)

• + Addedtunnel-agent@0.6.0(transitive)

• + Addedtweetnacl@0.14.5(transitive)

• + Addedunique-filename@1.1.1(transitive)

• + Addedunique-slug@2.0.2(transitive)

• + Addeduri-js@4.4.1(transitive)

• + Addeduuid@3.4.0(transitive)

• + Addedverror@1.10.0(transitive)

• - Removedmake-fetch-happen@^10.0.4

• - Removed@npmcli/fs@2.1.2(transitive)

• - Removed@npmcli/move-file@2.0.1(transitive)

• - Removed@tootallnate/once@2.0.0(transitive)

• - Removedbrace-expansion@2.0.1(transitive)

• - Removedcacache@16.1.3(transitive)

• - Removedexponential-backoff@3.1.1(transitive)

• - Removedglob@8.1.0(transitive)

• - Removedhttp-proxy-agent@5.0.0(transitive)

• - Removedlru-cache@7.18.3(transitive)

• - Removedmake-fetch-happen@10.2.1(transitive)

• - Removedminimatch@5.1.6(transitive)

• - Removedminipass-fetch@2.1.2(transitive)

• - Removednode-gyp@9.4.1(transitive)

• - Removednopt@6.0.0(transitive)

• - Removedsocks-proxy-agent@7.0.0(transitive)

• - Removedssri@9.0.1(transitive)

• - Removedtrue-case-path@2.2.1(transitive)

• - Removedunique-filename@2.0.1(transitive)

• - Removedunique-slug@3.0.0(transitive)

• Updatednode-gyp@^8.4.1

• Updatedtrue-case-path@^1.0.2