opencollective-postinstall - npm Package Compare versions

Comparing version 2.0.1 to 2.0.2

index.js

 #!/usr/bin/env node
-var envDisable = Boolean(process.env.DISABLE_OPENCOLLECTIVE);
+
+function isTrue(value) {
+  return !!value && value !== "0" && value !== "false"
+}
+
+var envDisable = isTrue(process.env.DISABLE_OPENCOLLECTIVE) || isTrue(process.env.CI);
 var logLevel = process.env.npm_config_loglevel;
@@ -4,0 +9,0 @@ var logLevelDisplay = ['silent', 'error', 'warn'].indexOf(logLevel) > -1;

package.json

 {
   "name": "opencollective-postinstall",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "Lightweight npm postinstall message to invite people to donate to your collective",
@@ -11,3 +11,3 @@ "main": "index.js",
     "type": "git",
-    "url": "git+https://github.com/opencollective/npm-postinstall.git"
+    "url": "git+https://github.com/opencollective/opencollective-postinstall.git"
   },
@@ -24,8 +24,8 @@ "bin": "index.js",
   "bugs": {
-    "url": "https://github.com/opencollective/npm-postinstall/issues"
+    "url": "https://github.com/opencollective/opencollective-postinstall/issues"
   },
-  "homepage": "https://github.com/opencollective/npm-postinstall#readme",
+  "homepage": "https://github.com/opencollective/opencollective-postinstall#readme",
   "devDependencies": {
-    "jest": "^23.6.0"
+    "jest": "^24.0.0"
   }
 }

README.md

@@ -1,2 +0,3 @@
-# npm-postinstall
+# Open Collective postinstall
+
 Lightweight npm postinstall message to invite people to donate to your collective
@@ -10,3 +11,3 @@
 
-And in your `package.json` add: 
+And in your `package.json` add:
 
@@ -27,2 +28,3 @@ ```json
 ## Disabling this message
+
 In some places (e.g. CI) you may want to disable this output. You can do this by setting the environment variable `DISABLE_OPENCOLLECTIVE=true`.
@@ -33,2 +35,1 @@
 Note: This is a lightweight alternative to the [opencollective-cli](https://github.com/opencollective/opencollective-cli) that offers a more complete postinstall message with the current balance and ASCII logo of the collective.
-

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

5768

increased by2.74%

Lines of code

77

increased by4.05%

Number of lines in readme file

33

increased by3.13%

Worsened metrics

Number of low supply chain risk alerts

4

increased by33.33%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes