require-at - npm Package Compare versions
Comparing version 1.0.4 to 1.0.5
| { | ||
| "name": "require-at", | ||
| "version": "1.0.4", | ||
| "version": "1.0.5", | ||
| "main": "require-at.js", | ||
@@ -5,0 +5,0 @@ "description": "Call require pretending your are at another directory", |
| "use strict"; | ||
| const Path = require("path"); | ||
| const Module = require("module"); | ||
| const Fs = require("fs"); | ||
| // use eval to avoid tripping bundlers | ||
| const xrequire = eval("require"); | ||
| const createRequireFromPath = | ||
| Module.createRequireFromPath || | ||
| ((filename, dir) => { | ||
| // https://github.com/nodejs/node/blob/1ae0511b942c01c6e0adff98643d350a395bf101/lib/internal/modules/cjs/loader.js#L748 | ||
| // https://github.com/nodejs/node/blob/1ae0511b942c01c6e0adff98643d350a395bf101/lib/internal/modules/cjs/helpers.js#L16 | ||
| const m = new Module(filename); | ||
| const createRequireFromPath = require("./create-require"); | ||
| m.filename = filename; | ||
| m.paths = Module._nodeModulePaths(dir); | ||
| // don't name this require to avoid tripping bundlers | ||
| function _require(request) { | ||
| // can't use m.require because there's an internal requireDepth thing | ||
| // in the native Module implementation | ||
| return xrequire(resolve(request)); | ||
| } | ||
| function resolve(request, options) { | ||
| return Module._resolveFilename(request, m, false, options); | ||
| } | ||
| _require.resolve = resolve; | ||
| function paths(request) { | ||
| return Module._resolveLookupPaths(request, m, true); | ||
| } | ||
| resolve.paths = paths; | ||
| _require.main = process.mainModule; | ||
| _require.extensions = Module._extensions; | ||
| _require.cache = Module._cache; | ||
| return _require; | ||
| }); | ||
| const cache = new Map(); | ||
@@ -45,0 +9,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-50%
1
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-20.52%
4542
- Lines of code
- decreased by-50.88%
28