nodesecurity-npm-utils
Advanced tools
Comparing version 3.2.0 to 4.0.0
29
index.js
| 'use strict'; | ||
| var RegClient = require('silent-npm-registry-client'); | ||
| var os = require('os'); | ||
| var semver = require('semver'); | ||
| var Os = require('os'); | ||
| var Semver = require('semver'); | ||
| var options = { | ||
| registry: 'https://registry.npmjs.org/', | ||
| cache: os.tmpDir() + '/nodesecurity' | ||
| cache: Os.tmpDir() + '/nodesecurity' | ||
| }; | ||
@@ -17,8 +17,5 @@ | ||
| console.error('The getPackageJson method is deprecated'); | ||
| client.get(options.registry + module.name, {}, function (err, pkg) { | ||
| var doc; | ||
| var error; | ||
| var version; | ||
| if (err) { | ||
@@ -29,3 +26,3 @@ return cb(err); | ||
| if (pkg.time && pkg.time.unpublished) { | ||
| error = new Error('404 - Unpublished module'); | ||
| var error = new Error('404 - Unpublished module'); | ||
| error.code = 'E404'; | ||
@@ -38,3 +35,3 @@ error.pkgid = module.name; | ||
| // try to get a version | ||
| version = semver.maxSatisfying(Object.keys(pkg.versions), module.version); | ||
| var version = Semver.maxSatisfying(Object.keys(pkg.versions), module.version); | ||
@@ -46,2 +43,3 @@ // check dist tags if none found | ||
| var doc; | ||
| if (pkg.versions) { | ||
@@ -67,9 +65,7 @@ doc = pkg.versions[version]; | ||
| var _parseModule = function (module, parents, name) { | ||
| var _parseModule = function (module, path, name) { | ||
| var moduleName = (name || module.name) + '@' + module.version; | ||
| var children = Object.keys(module.dependencies || {}).concat(Object.keys(module.devDependencies || {})); | ||
| if (results[moduleName]) { | ||
| results[moduleName].parents = results[moduleName].parents.concat(parents); | ||
| results[moduleName].paths.push(path); | ||
| } | ||
@@ -80,11 +76,10 @@ else { | ||
| version: module.version, | ||
| parents: parents, | ||
| children: children, | ||
| source: 'npm' | ||
| paths: [path] | ||
| }; | ||
| } | ||
| var children = Object.keys(module.dependencies || {}); | ||
| for (var i = 0, il = children.length; i < il; ++i) { | ||
| var child = children[i]; | ||
| _parseModule(module.dependencies[child], [moduleName], child); | ||
| _parseModule(module.dependencies[child], path.concat([moduleName]), child); | ||
| } | ||
@@ -91,0 +86,0 @@ }; |
| { | ||
| "name": "nodesecurity-npm-utils", | ||
| "version": "3.2.0", | ||
| "version": "4.0.0", | ||
| "author": "^lift security", | ||
@@ -5,0 +5,0 @@ "dependencies": { |
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-1.9%
5000
- Lines of code
- decreased by-4.29%
67
No dependency changes