semver
Advanced tools
Comparing version 1.0.9 to 1.0.10
{ "name" : "semver" | ||
, "version" : "1.0.9" | ||
, "version" : "1.0.10" | ||
, "description" : "The semantic version parser used by npm." | ||
@@ -4,0 +4,0 @@ , "main" : "semver.js" |
@@ -12,3 +12,5 @@ | ||
, exprComparator = "^((<|>)?=?)\s*("+semver+")$|^$" | ||
, xRangePlain = "[v=]*([0-9]+|x|X)(?:\\.([0-9]+|x|X)(?:\\.([0-9]+|x|X))?)?" | ||
, xRangePlain = "[v=]*([0-9]+|x|X|\\*)" | ||
+ "(?:\\.([0-9]+|x|X|\\*)" | ||
+ "(?:\\.([0-9]+|x|X|\\*))?)?" | ||
, xRange = "((?:<|>)?=?)?\\s*" + xRangePlain | ||
@@ -25,4 +27,7 @@ , exprSpermy = "(?:~>?)"+xRange | ||
} | ||
Object.getOwnPropertyNames(expressions).forEach(function (i) { | ||
exports[i] = function (str) { return (str || "").match(expressions[i]) } | ||
exports[i] = function (str) { | ||
return ("" + (str || "")).match(expressions[i]) | ||
} | ||
}) | ||
@@ -60,2 +65,3 @@ | ||
function valid (version) { | ||
if (typeof version !== "string") return null | ||
return exports.parse(version) && version.trim().replace(/^[v=]+/, '') | ||
@@ -65,2 +71,3 @@ } | ||
function validPackage (version) { | ||
if (typeof version !== "string") return null | ||
return version.match(expressions.parsePackage) && version.trim() | ||
@@ -103,3 +110,2 @@ } | ||
.filter(function (c) { return c.length }) | ||
//console.error("comparators", range, ret) | ||
return ret | ||
@@ -123,5 +129,5 @@ } | ||
function (v, gtlt, M, m, p) { | ||
var anyX = !M || M.toLowerCase() === "x" | ||
|| !m || m.toLowerCase() === "x" | ||
|| !p || p.toLowerCase() === "x" | ||
var anyX = !M || M.toLowerCase() === "x" || M === "*" | ||
|| !m || m.toLowerCase() === "x" || m === "*" | ||
|| !p || p.toLowerCase() === "x" || p === "*" | ||
, ret = v | ||
@@ -131,9 +137,9 @@ | ||
// just replace x'es with zeroes | ||
;(!M || M.toLowerCase() === "x") && (M = 0) | ||
;(!m || m.toLowerCase() === "x") && (m = 0) | ||
;(!p || p.toLowerCase() === "x") && (p = 0) | ||
;(!M || M === "*" || M.toLowerCase() === "x") && (M = 0) | ||
;(!m || m === "*" || m.toLowerCase() === "x") && (m = 0) | ||
;(!p || p === "*" || p.toLowerCase() === "x") && (p = 0) | ||
ret = gtlt + M+"."+m+"."+p | ||
} else if (!M || M.toLowerCase() === "x") { | ||
} else if (!M || M === "*" || M.toLowerCase() === "x") { | ||
ret = "*" // allow any | ||
} else if (!m || m.toLowerCase() === "x") { | ||
} else if (!m || m === "*" || m.toLowerCase() === "x") { | ||
// append "-" onto the version, otherwise | ||
@@ -143,3 +149,3 @@ // "1.x.x" matches "2.0.0beta", since the tag | ||
ret = ">="+M+".0.0- <"+(+M+1)+".0.0-" | ||
} else if (!p || p.toLowerCase() === "x") { | ||
} else if (!p || p === "*" || p.toLowerCase() === "x") { | ||
ret = ">="+M+"."+m+".0- <"+M+"."+(+m+1)+".0-" | ||
@@ -439,2 +445,7 @@ } | ||
, ["x", "1.2.3"] | ||
, ["2.*.*", "2.1.3"] | ||
, ["1.2.*", "1.2.3"] | ||
, ["1.2.* || 2.*", "2.1.3"] | ||
, ["1.2.* || 2.*", "1.2.3"] | ||
, ["*", "1.2.3"] | ||
, ["2", "2.1.2"] | ||
@@ -486,2 +497,7 @@ , ["2.3", "2.3.1"] | ||
, ["1.2.x || 2.x", "1.1.3"] | ||
, ["2.*.*", "1.1.3"] | ||
, ["2.*.*", "3.1.3"] | ||
, ["1.2.*", "1.3.3"] | ||
, ["1.2.* || 2.*", "3.1.3"] | ||
, ["1.2.* || 2.*", "1.1.3"] | ||
, ["2", "1.1.2"] | ||
@@ -488,0 +504,0 @@ , ["2.3", "2.4.1"] |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Non-existent author
Supply chain riskThe package was published by an npm account that no longer exists.
Found 1 instance in 1 package
24245
8
542
0
3