opencollective-postinstall
Advanced tools
opencollective-postinstall - npm Package Compare versions
Comparing version 1.0.4 to 1.0.5
@@ -37,2 +37,4 @@ #!/usr/bin/env node | ||
| if (process.env.DEBUG) console.log("process.env", process.env); | ||
| if (!npm_package_collective_url) { | ||
@@ -39,0 +41,0 @@ setup(); |
@@ -22,5 +22,21 @@ const chalk = require('chalk'); | ||
| const loadMainPackageJSON = function(attempts) { | ||
| attempts = attempts || 1; | ||
| if (attempts > 5) { | ||
| throw new Error('Can\'t resolve main package.json file'); | ||
| } | ||
| var mainPath = attempts === 1 ? './' : Array(attempts).join("../"); | ||
| try { | ||
| if (process.env.DEBUG) console.log("Trying to load package.json from", process.cwd(), mainPath + 'package.json'); | ||
| return require.main.require(mainPath + 'package.json'); | ||
| } catch (e) { | ||
| return loadMainPackageJSON(attempts + 1); | ||
| } | ||
| } | ||
| module.exports = { | ||
| padding, | ||
| formatCurrency | ||
| formatCurrency, | ||
| loadMainPackageJSON | ||
| }; |
| { | ||
| "name": "opencollective-postinstall", | ||
| "version": "1.0.4", | ||
| "version": "1.0.5", | ||
| "description": "Prompt users to donate after they install your node module with npm install", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
| const fs = require('fs'); | ||
| const inquirer = require('inquirer'); | ||
| const packageJSONFile = `${process.cwd()}/package.json`; | ||
| const package = require(packageJSONFile); | ||
| const { loadMainPackageJSON } = require('./lib/utils'); | ||
| const { fetchLogo } = require('./lib/fetchData'); | ||
| const { printLogo } = require('./lib/print'); | ||
| const package = loadMainPackageJSON(); | ||
| var questions = [ | ||
@@ -28,4 +29,3 @@ { | ||
| { name: 'No logo', value: null } | ||
| ], | ||
| default: true | ||
| ] | ||
| }, | ||
@@ -32,0 +32,0 @@ { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.09%
14181
- Lines of code
- increased by5.91%
251
Worsened metrics
- Number of low supply chain risk alerts
- increased by33.33%
8