New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
pkg-fence - npm Package Compare versions
Comparing version 0.3.1 to 0.4.0
@@ -64,2 +64,11 @@ // src/cli/main.ts | ||
| } | ||
| function make_predicate({ extra, ignore, presets }) { | ||
| const not_ignored = not(ignore ?? always_false); | ||
| const with_extra = extra ?? always_false; | ||
| const arr = Array.from(presets ?? []); | ||
| return and( | ||
| not_ignored, | ||
| any(arr, with_extra) | ||
| ); | ||
| } | ||
@@ -180,11 +189,2 @@ // src/presets/nolyfill.ts | ||
| } | ||
| function make_predicate({ extra, ignore, ...rest }) { | ||
| const not_ignored = not(ignore ?? always_false); | ||
| const with_extra = extra ?? always_false; | ||
| const presets = Array.from(gen_presets(rest)); | ||
| return and( | ||
| not_ignored, | ||
| any(presets, with_extra) | ||
| ); | ||
| } | ||
@@ -197,3 +197,3 @@ // src/collect.ts | ||
| ignore: lookup(ignore.flatMap(split_by_comma)), | ||
| ...rest | ||
| presets: gen_presets(rest) | ||
| }); | ||
@@ -200,0 +200,0 @@ const result = filter(pred)( |
| { | ||
| "name": "pkg-fence", | ||
| "version": "0.3.1", | ||
| "description": "tbd", | ||
| "version": "0.4.0", | ||
| "description": "A command line tool that glance over package lockfile.", | ||
| "license": "AGPL-3.0-only", | ||
@@ -6,0 +6,0 @@ "repository": { |
@@ -1,2 +0,3 @@ | ||
| TBD | ||
| pkg-fence | ||
| ========= | ||
@@ -6,2 +7,3 @@ [](https://jsr.io/@imcotton/pkg-fence) | ||
| > A command line tool that glance over package lockfile. | ||
@@ -11,5 +13,90 @@ | ||
| ## License | ||
| Usage | ||
| ----- | ||
| ### Input & Output | ||
| The lockfile is reading from `stdin` only. i.e. | ||
| cat package-lock.json | npx pkg-fence <...> | ||
| Currently only support `package-lock.json` or `npm-shrinkwrap.json` | ||
| (could use `npm shrinkwrap` to generate it on-the-fly). | ||
| Exit code: `0` for empty results, `1` for anything matched. | ||
| ### Built-in Presets | ||
| - `--lodash`: pkg naming starts by `lodash.` or equals to `lodash` | ||
| - `--nolyfill`: list of names from https://github.com/SukkaW/nolyfill | ||
| ### Extra & Ignore | ||
| to specify addition names: | ||
| --extra abc --extra def --extra=foo,bar | ||
| to ignore some names: | ||
| --ignore abc --ignore def --ignore=foo,bar | ||
| Available | ||
| --------- | ||
| ### NPM | ||
| > executable only | ||
| ``` | ||
| npx pkg-fence | ||
| bun x pkg-fence | ||
| pnpm dlx pkg-fence | ||
| yarn dlx pkg-fence | ||
| deno run npm:pkg-fence | ||
| ``` | ||
| ### JSR | ||
| > executable, multi ESM exports, Typing | ||
| ``` | ||
| deno run jsr:@imcotton/pkg-fence | ||
| ``` | ||
| Caveat | ||
| ------ | ||
| Does not differentiate between dev or non-dev dependencies. | ||
| - use `npm ls ...` or `npm why ...` to make further inspection | ||
| Results are unordered, possible in duplications. | ||
| - use `sort`, `uniq`, or `grep` etc... | ||
| License | ||
| ------- | ||
| **AGPLv3** | ||
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.12%
42791
- Number of lines in readme file
- increased by621.43%
101
No dependency changes