purgecss-whitelister - npm Package Compare versions

Comparing version 2.3.1 to 2.4.0

index.js

@@ -1,7 +0,2 @@
-/*
-  Forked from - https://github.com/salesforce-ux/scss-parser
-  Forked because there's no active maintenance and npm audit errors were killing me.
-*/
 const { parse } = require('scss-parser')
-
 const parse2 = require('gonzales-pe').parse
@@ -38,3 +33,2 @@ const { readFileSync } = require('fs')
     try {
-      // throw 'nope'
       const parsedData = parse(fileContents).value
@@ -70,4 +64,3 @@ const selectors = parseStyleAST(parsedData)
 function sanitizeArgs(arr) {
-  if (!Array.isArray(arr)) arr = [arr]
-  arr = arr.filter(Boolean)
+  arr = (Array.isArray(arr) ? arr : [arr]).filter(Boolean)
 
@@ -97,3 +90,2 @@ // Avoids errors if an empty array, no arguments, or falsey things are passed.
   return arr.reduce((acc, { type, value }) => {
-
     // Trigger recursion for types that need it.
@@ -105,6 +97,5 @@ if (shouldParse.includes(type)) {
     } else if (shouldKeep.includes(type)) {
-      return value
-        .reduce((acc, { type, value }) => {
-          return (type === 'identifier' && !!value) ?  acc.concat(value) : acc
-        }, acc)
+      return value.reduce((acc, { type, value }) => (
+        (type === 'identifier' && !!value) ?  acc.concat(value) : acc
+      ), acc)
 
@@ -111,0 +102,0 @@ // Concatenate a type's value if no iteration is needed.

package.json

 {
   "name": "purgecss-whitelister",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "description": "A utility for creating whitelists of CSS selectors for use with Purgecss.",
@@ -17,5 +17,5 @@ "main": "index.js",
     "glob-all": "^3.1.0",
-    "gonzales-pe": "^4.2.3",
-    "scss-parser": "qodesmith/scss-parser"
+    "gonzales-pe": "^4.2.4",
+    "scss-parser": "1.0.3"
   }
 }

Fixed alerts

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Number of high supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

8035

decreased by-2.67%

Lines of code

94

decreased by-6.93%

Dependency changes

• + Addedinvariant@2.2.2(transitive)

• + Addedjs-tokens@4.0.0(transitive)

• + Addedlodash@4.17.21(transitive)

• + Addedloose-envify@1.4.0(transitive)

• + Addedscss-parser@1.0.3(transitive)

• Updatedgonzales-pe@^4.2.4

• Updatedscss-parser@1.0.3