prebuild-install - npm Package Compare versions

Comparing version 7.1.0 to 7.1.1

CHANGELOG.md

 # Changelog
 
+## [7.1.1] - 2022-06-07
+
+### Changed
+
+- Replace use of npmlog dependency with console.error ([#182](https://github.com/prebuild/prebuild-install/issues/182)) ([`4e2284c`](https://github.com/prebuild/prebuild-install/commit/4e2284c)) (Lovell Fuller).
+
+- Ensure script output can be captured by tests ([#181](https://github.com/prebuild/prebuild-install/issues/181)) ([`d1853cb`](https://github.com/prebuild/prebuild-install/commit/d1853cb)) (Lovell Fuller).
+
 ## [7.1.0] - 2022-04-20
@@ -86,2 +94,4 @@
 
+[7.1.1]: https://github.com/prebuild/prebuild-install/releases/tag/v7.1.1
+
 [7.1.0]: https://github.com/prebuild/prebuild-install/releases/tag/v7.1.0
@@ -88,0 +98,0 @@

log.js

@@ -1,25 +0,33 @@
-const log = require('npmlog')
-const fs = require('fs')
-const path = require('path')
+const levels = {
+  silent: 0,
+  error: 1,
+  warn: 2,
+  notice: 3,
+  http: 4,
+  timing: 5,
+  info: 6,
+  verbose: 7,
+  silly: 8
+}
 
 module.exports = function (rc, env) {
-  log.heading = 'prebuild-install'
+  const level = rc.verbose
+    ? 'verbose'
+    : env.npm_config_loglevel || 'notice'
 
-  if (rc.verbose) {
-    log.level = 'verbose'
-  } else {
-    log.level = env.npm_config_loglevel || 'notice'
+  const logAtLevel = function (messageLevel) {
+    return function (...args) {
+      if (levels[messageLevel] <= levels[level]) {
+        console.error(`prebuild-install ${messageLevel} ${args.join(' ')}`)
+      }
+    }
   }
 
-  // Temporary workaround for npm 7 which swallows our output
-  if (process.env.npm_config_prebuild_install_logfile) {
-    const fp = path.resolve(process.env.npm_config_prebuild_install_logfile)
-
-    log.on('log', function (msg) {
-      // Only for tests, don't care about performance
-      fs.appendFileSync(fp, [log.heading, msg.level, msg.prefix, msg.message].join(' ') + '\n')
-    })
+  return {
+    error: logAtLevel('error'),
+    warn: logAtLevel('warn'),
+    http: logAtLevel('http'),
+    info: logAtLevel('info'),
+    level
   }
-
-  return log
 }

package.json

 {
   "name": "prebuild-install",
-  "version": "7.1.0",
+  "version": "7.1.1",
   "description": "A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform",
@@ -29,3 +29,2 @@ "scripts": {
     "node-abi": "^3.3.0",
-    "npmlog": "^4.0.1",
     "pump": "^3.0.0",
@@ -32,0 +31,0 @@ "rc": "^1.2.7",

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33564

increased by1.37%

Dependency count

12

decreased by-7.69%

Lines of code

470

increased by2.17%

Number of low supply chain risk alerts

12

decreased by-20%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Addedsafe-buffer@5.2.1(transitive)

• + Addedstring_decoder@1.3.0(transitive)

• - Removednpmlog@^4.0.1

• - Removedansi-regex@2.1.1(transitive)

• - Removedaproba@1.2.0(transitive)

• - Removedare-we-there-yet@1.1.7(transitive)

• - Removedcode-point-at@1.1.0(transitive)

• - Removedconsole-control-strings@1.1.0(transitive)

• - Removedcore-util-is@1.0.3(transitive)

• - Removeddelegates@1.0.0(transitive)

• - Removedgauge@2.7.4(transitive)

• - Removedhas-unicode@2.0.1(transitive)

• - Removedis-fullwidth-code-point@1.0.0(transitive)

• - Removedisarray@1.0.0(transitive)

• - Removednpmlog@4.1.2(transitive)

• - Removednumber-is-nan@1.0.1(transitive)

• - Removedobject-assign@4.1.1(transitive)

• - Removedprocess-nextick-args@2.0.1(transitive)

• - Removedreadable-stream@2.3.8(transitive)

• - Removedsafe-buffer@5.1.2(transitive)

• - Removedset-blocking@2.0.0(transitive)

• - Removedsignal-exit@3.0.7(transitive)

• - Removedstring-width@1.0.2(transitive)

• - Removedstring_decoder@1.1.1(transitive)

• - Removedstrip-ansi@3.0.1(transitive)

• - Removedwide-align@1.1.5(transitive)