nomics-platform - npm Package Compare versions

Comparing version 0.3.2 to 0.4.0

lib/audit/index.js

 const url = require('url')
+const { spawn } = require('child_process')
 
@@ -15,3 +16,3 @@ module.exports = async function (options) {
 
-  return new Error(endpoint + ' not recognized as url')
+  return auditCommand(endpoint)
 }
@@ -41,1 +42,24 @@
 }
+
+async function auditCommand (command) {
+  const parts = command.split(' ')
+  const child = spawn(parts[0], parts.slice(1))
+
+  child.stdout.on('data', (data) => {
+    console.log(`server: ${data}`)
+  })
+
+  child.stderr.on('data', (data) => {
+    console.log(`server: ${data}`)
+  })
+
+  const closed = new Promise((resolve, reject) => {
+    child.on('close', resolve)
+  })
+
+  const port = process.env.PORT || '3000'
+  await auditURL(`http://localhost:${port}`)
+
+  child.kill('SIGINT')
+  await closed
+}

package.json

 {
   "name": "nomics-platform",
-  "version": "0.3.2",
+  "version": "0.4.0",
   "description": "Nomics Platform Toolkit",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14854

increased by3.62%

Lines of code

385

increased by4.9%

Worsened metrics

Number of low supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes