New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
react-native-repackager
Advanced tools
react-native-repackager - npm Package Compare versions
Comparing version 0.1.3 to 0.1.4
| { | ||
| "name": "react-native-repackager", | ||
| "version": "0.1.3", | ||
| "version": "0.1.4", | ||
| "description": "Custom extension for react-native packager", | ||
| "license": "MIT", | ||
| "publishConfig": { | ||
| "registry": "https://registry.npmjs.org/" | ||
| }, | ||
| "bin": { | ||
| "repackager": "./repackager.js", | ||
| "repackager-sourcemap": "./repackagerSourcemap.js", | ||
| "repackager-e2e": "./repackagerE2E.js" | ||
| }, | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": ":" | ||
| }, | ||
| "repository": { | ||
@@ -25,7 +17,15 @@ "type": "git", | ||
| ], | ||
| "license": "MIT", | ||
| "bugs": { | ||
| "url": "https://github.com/wix/react-native-repackager/issues" | ||
| }, | ||
| "homepage": "https://github.com/wix/react-native-repackager#readme" | ||
| "homepage": "https://github.com/wix/react-native-repackager#readme", | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": ":", | ||
| "postinstall": "node ./repackager.js" | ||
| }, | ||
| "dependencies": { | ||
| "shell-utils": "1.x.x", | ||
| "lodash": "4.x.x" | ||
| } | ||
| } |
@@ -1,4 +0,8 @@ | ||
| #!/usr/bin/env node | ||
| const exec = require('shell-utils').exec; | ||
| const fs = require('fs'); | ||
| const _ = require('lodash'); | ||
| const cp = require('child_process'); | ||
| const rootDir = process.cwd(); | ||
| const scriptDir = __dirname; | ||
| const reactNativeDir = `${rootDir}/node_modules/react-native`; | ||
@@ -8,6 +12,12 @@ run(); | ||
| function run() { | ||
| console.log(`applying repackager patch to react-native 0.44`); | ||
| console.log(`support for --customExtensions`); | ||
| console.log(`${process.cwd()}`); | ||
| cp.execSync(`git apply --verbose --no-index --directory ../../node_modules/react-native rn44PackagerCustomExtensions.patch`); | ||
| assertRN44(); | ||
| console.log(`injecting support for --customExtensions`); | ||
| exec.execSync(`git apply --verbose --no-index --directory ${reactNativeDir} ${scriptDir}/rn44PackagerCustomExtensions.patch`); | ||
| } | ||
| function assertRN44() { | ||
| const rnPackageJson = JSON.parse(fs.readFileSync(`${reactNativeDir}/package.json`)); | ||
| if (!_.startsWith(rnPackageJson, '0.44')) { | ||
| throw new Error(`Only react-native 0.44.x is supported currently`); | ||
| } | ||
| } |
New alerts
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.27%
20154
- Lines of code
- increased by58.33%
19
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dependency count
- increased byInfinity%
2
- Number of package files
- decreased by-22.22%
7
- Number of high supply chain risk alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedlodash@4.x.x
+ Addedshell-utils@1.x.x
+ Addedlodash@4.17.21(transitive)
+ Addedshell-utils@1.0.10(transitive)