sheetify - npm Package Compare versions

Comparing version 6.1.1 to 6.2.0

package.json

 {
   "name": "sheetify",
-  "version": "6.1.1",
+  "version": "6.2.0",
   "description": "Modular CSS bundler",
@@ -5,0 +5,0 @@ "repository": "stackcss/sheetify",

transform.js

@@ -138,7 +138,14 @@ const cssResolve = require('style-resolve').sync
     if (val.css) return handleCss(val)
-    fs.readFile(val.filename, 'utf8', function (err, css) {
-      if (err) return done(err)
-      val.css = css
+
+    if (/\.js$/.test(val.filename)) {
+      delete require.cache[require.resolve(val.filename)]
+      val.css = require(val.filename)
       handleCss(val)
-    })
+    } else {
+      fs.readFile(val.filename, 'utf8', function (err, css) {
+        if (err) return done(err)
+        val.css = css
+        handleCss(val)
+      })
+    }
 
@@ -145,0 +152,0 @@ function handleCss (val) {

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

6

decreased by-25%

Worsened metrics

Total package byte prevSize

17873

decreased by-31.17%

Number of package files

10

decreased by-64.29%

Lines of code

269

decreased by-48.57%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes