npm-utils - npm Package Compare versions
Comparing version
@@ -9,3 +9,4 @@ module.exports = { | ||
| publish: require('./src/publish'), | ||
| pack: require('./src/pack') | ||
| pack: require('./src/pack'), | ||
| getPackage: require('./src/get-package') | ||
| }; |
| { | ||
| "name": "npm-utils", | ||
| "description": "Async NPM shell commands", | ||
| "version": "1.3.1", | ||
| "version": "1.3.2", | ||
| "author": "Gleb Bahmutov <gleb.bahmutov@gmail.com>", | ||
@@ -31,3 +31,2 @@ "bugs": { | ||
| "cross-spawn-async": "2.1.6", | ||
| "glob-promise": "1.0.4", | ||
| "lazy-ass": "1.3.0", | ||
@@ -34,0 +33,0 @@ "q": "2.0.3", |
@@ -70,2 +70,11 @@ # npm-utils | ||
| ### getPackage | ||
| Loads `package.json` from a given folder | ||
| ```js | ||
| var pkg = npm.getPackage(folder); | ||
| console.log('%s version %s', pkg.name, pkg.version); | ||
| ``` | ||
| ### pack | ||
@@ -72,0 +81,0 @@ |
| var la = require('lazy-ass'); | ||
| var is = require('check-more-types'); | ||
| var fs = require('fs'); | ||
| var Q = require('q'); | ||
| var run = require('./npm-test'); | ||
| la(is.fn(run), 'expected run function'); | ||
| var glob = require('glob-promise'); | ||
| var getPackage = require('./get-package'); | ||
| // NPM pack generates file in the format | ||
| // <name>-<version>.tgz | ||
| function formTarballName(pkg) { | ||
| return pkg.name + '-' + pkg.version + '.tgz'; | ||
| } | ||
| function pack(options) { | ||
| options = options || {}; | ||
| var folder = options.folder ? options.folder : '.'; | ||
| var pkg = getPackage(folder); | ||
| la(is.unemptyString(pkg.name) && | ||
| is.unemptyString(pkg.version), 'invalid package in folder', folder); | ||
| var command = 'npm pack ' + folder; | ||
@@ -14,9 +26,7 @@ return run(command) | ||
| // find the generated file in the current folder | ||
| return glob('./*.tgz') | ||
| .then(function (filenames) { | ||
| if (filenames.length === 1) { | ||
| return filenames[0]; | ||
| } | ||
| console.error('found %d archives in %s', filenames.length, folder); | ||
| }); | ||
| var filename = formTarballName(pkg); | ||
| if (!fs.existsSync(filename)) { | ||
| return Q.reject(new Error('Cannot find tar file ' + filename)); | ||
| } | ||
| return filename; | ||
| }); | ||
@@ -23,0 +33,0 @@ } |
New alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
14579
5.84%- Dependency count
5
-16.67%- Number of package files
13
8.33%- Lines of code
309
6.92%- Number of lines in readme file
113
8.65%Worsened metrics
- Number of low supply chain risk alerts
3
200%Dependency changes
- Removed
glob-promise@1.0.4- Removed
@isaacs/balanced-match@4.0.1(transitive)- Removed
@isaacs/brace-expansion@5.0.0(transitive)- Removed
@isaacs/cliui@8.0.2(transitive)- Removed
ansi-regex@5.0.16.1.0(transitive)- Removed
ansi-styles@4.3.06.2.1(transitive)- Removed
color-convert@2.0.1(transitive)- Removed
color-name@1.1.4(transitive)- Removed
cross-spawn@7.0.6(transitive)- Removed
eastasianwidth@0.2.0(transitive)- Removed
emoji-regex@8.0.09.2.2(transitive)- Removed
foreground-child@3.3.1(transitive)- Removed
glob@11.0.3(transitive)- Removed
glob-promise@1.0.4(transitive)- Removed
is-fullwidth-code-point@3.0.0(transitive)- Removed
jackspeak@4.1.1(transitive)- Removed
lru-cache@11.1.0(transitive)- Removed
minimatch@10.0.3(transitive)- Removed
minipass@7.1.2(transitive)- Removed
package-json-from-dist@1.0.1(transitive)- Removed
path-key@3.1.1(transitive)- Removed
path-scurry@2.0.0(transitive)- Removed
shebang-command@2.0.0(transitive)- Removed
shebang-regex@3.0.0(transitive)- Removed
signal-exit@4.1.0(transitive)- Removed
string-width@4.2.35.1.2(transitive)- Removed
strip-ansi@6.0.17.1.0(transitive)- Removed
which@2.0.2(transitive)- Removed
wrap-ansi@7.0.08.1.0(transitive)