Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

nsp-preprocessor-yarn

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nsp-preprocessor-yarn - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

.editorconfig

51

index.js

@@ -6,28 +6,31 @@ const Fs = require('fs');

module.exports = {
check: function (args) {
let pkg;
try {
let pkgfile = 'package.json';
if (args.packagejsonfile) {
pkgfile = args.packagejsonfile;
}
pkg = args.pkg || JSON.parse(Fs.readFileSync(Path.join(args.path, pkgfile)));
} catch (err) {
return Promise.reject(new Error(`Unable to load package.json for project: ${Path.basename(args.path)}`));
}
check: function (args) {
let pkg;
try {
let pkgfile = 'package.json';
if (args.packagejsonfile) {
pkgfile = args.packagejsonfile;
}
pkg = args.pkg || JSON.parse(Fs.readFileSync(Path.join(args.path, pkgfile)));
} catch (err) {
return Promise.reject(new Error(`Unable to load package.json for project: ${Path.basename(args.path)}`));
}
let lock;
try {
let lockfile = 'yarn.lock';
if (args.lockfile) {
lockfile = args.lockfile;
}
const lockContents = Fs.readFileSync(Path.join(args.path, lockfile), { encoding: "utf-8" });
lock = Lib.parse(lockContents, pkg);
} catch (err) {
return Promise.reject(new Error(`Unable to load yarn.lock for project "${Path.basename(args.path)}". ${err}`));
}
let lock;
try {
let lockfile = 'yarn.lock';
if (args.lockfile) {
lockfile = args.lockfile;
}
const lockContents = Fs.readFileSync(Path.join(args.path, lockfile), { encoding: "utf-8" });
if (!args.preprocessSilently) {
console.log(`Preprocessing the lock file '${lockfile}'.`);
}
lock = Lib.parse(lockContents, pkg);
} catch (err) {
return Promise.reject(new Error(`Unable to load yarn.lock for project "${Path.basename(args.path)}". ${err}`));
}
return Object.assign(args, { pkg: pkg, shrinkwrap: lock });
}
return Object.assign(args, { pkg: pkg, shrinkwrap: lock });
}
};

2

package.json
{
"name": "nsp-preprocessor-yarn",
"version": "1.1.0",
"version": "1.1.1",
"description": "",

@@ -5,0 +5,0 @@ "main": "index.js",

16

README.md

@@ -28,2 +28,18 @@ # Yarn.lock preprocessor for NSP

If it logs `Preprocessing the lock file 'yarn.lock'.` this means you're covered.
## Why
**TLDR**: if you use Yarn and NSP you need a preprocessor like nsp-preprocessor-yarn, to ensure all your dependencies are checked.
NSP works by uploading (parts of) your package.json and npm-shrinkwrap/package-lock to it's vulnerabillity-checking servers.
If you don't have a npm-shrinkwrap/package-lock (hello there, Yarn users!) this means NSP only uploads a package.json.
Therefore NSP reconstructs your dependency tree on their servers, in the NPM fashion: *undeterministically*.
There will eventually be inconsistencies between what Yarn installed and what NSP thinks you have installed.
As the yarn.lock precisely states what is installed, the nsp-preprocessor-yarn transforms that into a format NSP understands.
## Silent
This preprocessor logs a short message, to indicate the processor has run, to let you know you're safe.
If you're parsing the output of the nsp run, and this message is annoying, you can disable the message by setting `--preprocess--silently`.
## Workspaces

@@ -30,0 +46,0 @@ This preprocessor supports workspaces too: specify the `--lockfile` flag:

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc