prebuild-install
Advanced tools
Comparing version 2.0.0 to 2.1.0
@@ -102,22 +102,33 @@ var path = require('path') | ||
log.info('unpacking @', cachedPrebuild) | ||
pump(fs.createReadStream(cachedPrebuild), zlib.createGunzip(), tfs.extract(opts.path, {readable: true, writable: true}).on('entry', updateName), function (err) { | ||
var options = { | ||
readable: true, | ||
writable: true, | ||
hardlinkAsFilesFallback: true | ||
} | ||
var extract = tfs.extract(opts.path, options).on('entry', updateName) | ||
pump(fs.createReadStream(cachedPrebuild), zlib.createGunzip(), extract, | ||
function (err) { | ||
if (err) return cb(err) | ||
if (!binaryName) return cb(error.invalidArchive()) | ||
var resolved | ||
try { | ||
resolved = path.resolve(opts.path || '.', binaryName) | ||
} catch (err) { | ||
return cb(err) | ||
} | ||
log.info('unpack', 'resolved to ' + resolved) | ||
if (opts.abi === process.versions.modules) { | ||
if (binaryName) { | ||
try { | ||
require(resolved) | ||
resolved = path.resolve(opts.path || '.', binaryName) | ||
} catch (err) { | ||
return cb(err) | ||
} | ||
log.info('unpack', 'required ' + resolved + ' successfully') | ||
log.info('unpack', 'resolved to ' + resolved) | ||
if (opts.abi === process.versions.modules) { | ||
try { | ||
require(resolved) | ||
} catch (err) { | ||
return cb(err) | ||
} | ||
log.info('unpack', 'required ' + resolved + ' successfully') | ||
} | ||
} | ||
cb(null, resolved) | ||
@@ -124,0 +135,0 @@ }) |
{ | ||
"name": "prebuild-install", | ||
"version": "2.0.0", | ||
"version": "2.1.0", | ||
"description": "A command line tool for easily install prebuilds for multiple version of node/iojs on a specific platform", | ||
@@ -5,0 +5,0 @@ "scripts": { |
33
rc.js
var minimist = require('minimist') | ||
var getAbi = require('node-abi').getAbi | ||
if (process.env.npm_config_argv) { | ||
var env = process.env | ||
// Get `prebuild-install` arguments that were passed to the `npm` command | ||
if (env.npm_config_argv) { | ||
var npmargs = ['prebuild', 'compile', 'build-from-source', 'debug'] | ||
try { | ||
var npmArgv = JSON.parse(process.env.npm_config_argv).cooked | ||
var npmArgv = JSON.parse(env.npm_config_argv).cooked | ||
for (var i = 0; i < npmargs.length; ++i) { | ||
@@ -19,19 +22,11 @@ if (npmArgv.indexOf('--' + npmargs[i]) !== -1) { | ||
var npmconfigs = ['proxy', 'https-proxy', 'local-address', 'target', 'runtime', 'platform'] | ||
for (var j = 0; j < npmconfigs.length; ++j) { | ||
var envname = 'npm_config_' + npmconfigs[j].replace('-', '_') | ||
if (process.env[envname]) { | ||
process.argv.push('--' + npmconfigs[j]) | ||
process.argv.push(process.env[envname]) | ||
} | ||
} | ||
// Get the configuration | ||
module.exports = function (pkg) { | ||
var pkgConf = pkg.config || {} | ||
var rc = require('rc')('prebuild-install', { | ||
target: pkgConf.target || process.versions.node, | ||
runtime: pkgConf.runtime || 'node', | ||
arch: pkgConf.arch || process.arch, | ||
libc: process.env.LIBC, | ||
platform: process.platform, | ||
target: pkgConf.target || env.npm_config_target || process.versions.node, | ||
runtime: pkgConf.runtime || env.npm_config_runtime || 'node', | ||
arch: pkgConf.arch || env.npm_config_arch || process.arch, | ||
libc: env.LIBC, | ||
platform: env.npm_config_platform || process.platform, | ||
debug: false, | ||
@@ -42,4 +37,5 @@ verbose: false, | ||
path: '.', | ||
proxy: process.env['HTTP_PROXY'], | ||
'https-proxy': process.env['HTTPS_PROXY'] | ||
proxy: env.npm_config_proxy || env['HTTP_PROXY'], | ||
'https-proxy': env.npm_config_https_proxy || env['HTTPS_PROXY'], | ||
'local-address': env.npm_config_local_address | ||
}, minimist(process.argv, { | ||
@@ -68,4 +64,5 @@ alias: { | ||
// Print the configuration values when executed standalone for testing purposses | ||
if (!module.parent) { | ||
console.log(JSON.stringify(module.exports({}), null, 2)) | ||
} |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
16062
327
10