nodesecurity-npm-utils
Advanced tools
Comparing version 3.2.0 to 4.0.0
29
index.js
'use strict'; | ||
var RegClient = require('silent-npm-registry-client'); | ||
var os = require('os'); | ||
var semver = require('semver'); | ||
var Os = require('os'); | ||
var Semver = require('semver'); | ||
var options = { | ||
registry: 'https://registry.npmjs.org/', | ||
cache: os.tmpDir() + '/nodesecurity' | ||
cache: Os.tmpDir() + '/nodesecurity' | ||
}; | ||
@@ -17,8 +17,5 @@ | ||
console.error('The getPackageJson method is deprecated'); | ||
client.get(options.registry + module.name, {}, function (err, pkg) { | ||
var doc; | ||
var error; | ||
var version; | ||
if (err) { | ||
@@ -29,3 +26,3 @@ return cb(err); | ||
if (pkg.time && pkg.time.unpublished) { | ||
error = new Error('404 - Unpublished module'); | ||
var error = new Error('404 - Unpublished module'); | ||
error.code = 'E404'; | ||
@@ -38,3 +35,3 @@ error.pkgid = module.name; | ||
// try to get a version | ||
version = semver.maxSatisfying(Object.keys(pkg.versions), module.version); | ||
var version = Semver.maxSatisfying(Object.keys(pkg.versions), module.version); | ||
@@ -46,2 +43,3 @@ // check dist tags if none found | ||
var doc; | ||
if (pkg.versions) { | ||
@@ -67,9 +65,7 @@ doc = pkg.versions[version]; | ||
var _parseModule = function (module, parents, name) { | ||
var _parseModule = function (module, path, name) { | ||
var moduleName = (name || module.name) + '@' + module.version; | ||
var children = Object.keys(module.dependencies || {}).concat(Object.keys(module.devDependencies || {})); | ||
if (results[moduleName]) { | ||
results[moduleName].parents = results[moduleName].parents.concat(parents); | ||
results[moduleName].paths.push(path); | ||
} | ||
@@ -80,11 +76,10 @@ else { | ||
version: module.version, | ||
parents: parents, | ||
children: children, | ||
source: 'npm' | ||
paths: [path] | ||
}; | ||
} | ||
var children = Object.keys(module.dependencies || {}); | ||
for (var i = 0, il = children.length; i < il; ++i) { | ||
var child = children[i]; | ||
_parseModule(module.dependencies[child], [moduleName], child); | ||
_parseModule(module.dependencies[child], path.concat([moduleName]), child); | ||
} | ||
@@ -91,0 +86,0 @@ }; |
{ | ||
"name": "nodesecurity-npm-utils", | ||
"version": "3.2.0", | ||
"version": "4.0.0", | ||
"author": "^lift security", | ||
@@ -5,0 +5,0 @@ "dependencies": { |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
0
5000
67