🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
skip-local-postinstall
Advanced tools
skip-local-postinstall - npm Package Compare versions
Comparing version 2.0.3 to 2.0.4
@@ -7,6 +7,4 @@ #!/usr/bin/env node | ||
| const command = ['node', ...process.argv.slice(2, process.argv.length)].join( | ||
| ' ' | ||
| ) | ||
| const command = ['node', ...process.argv.slice(2, process.argv.length)].join(' ') | ||
| execSync(command, { stdio: 'inherit' }) |
| { | ||
| "name": "skip-local-postinstall", | ||
| "description": "Skip postinstall on local npm installs.", | ||
| "version": "2.0.3", | ||
| "version": "2.0.4", | ||
| "repository": "github:tobua/skip-local-postinstall", | ||
@@ -31,4 +31,4 @@ "license": "MIT", | ||
| "devDependencies": { | ||
| "jest-fixture": "^3.0.0", | ||
| "padua": "^0.5.6" | ||
| "jest-fixture": "^3.0.1", | ||
| "padua": "^0.6.1" | ||
| }, | ||
@@ -35,0 +35,0 @@ "prettier": "padua/configuration/.prettierrc.json", |
@@ -34,1 +34,18 @@ # skip-local-postinstall | ||
| ``` | ||
| ## Alternative | ||
| It's also possible to encapsulate som of the desired functionality in a one-line script. However, this only works when the script is the result of a build process and the build is removed before installation. | ||
| ```js | ||
| // package.json | ||
| "scripts": { | ||
| "postinstall": "node -e \"try{import('./dist/postinstall.js')}catch(e){}\"" | ||
| } | ||
| ``` | ||
| When using a CommonJS package without `{ type: "module" }` in package.json a require call can be used. | ||
| ```js | ||
| "node -e \"try{require('./dist/postinstall.js')}catch(e){}\"" | ||
| ``` |
@@ -6,24 +6,28 @@ import { execSync } from 'child_process' | ||
| test('No file is created as postinstall is skipped.', async () => { | ||
| prepare([ | ||
| file('fail.js', `import { writeFileSync } from 'fs' | ||
| test('No file is created as postinstall is skipped.', () => { | ||
| prepare([ | ||
| file( | ||
| 'fail.js', | ||
| `import { writeFileSync } from 'fs' | ||
| import { join } from 'path' | ||
| writeFileSync(join(process.cwd(), 'failed.png'), '')`), | ||
| packageJson('build', { | ||
| name: 'skip-test', type: 'module', | ||
| scripts: { | ||
| postinstall: 'skip-local-postinstall fail.js' | ||
| }, | ||
| dependencies: { | ||
| 'skip-local-postinstall': 'file:../../..' | ||
| } | ||
| }), | ||
| ]) | ||
| writeFileSync(join(process.cwd(), 'failed.png'), '')` | ||
| ), | ||
| packageJson('build', { | ||
| name: 'skip-test', | ||
| type: 'module', | ||
| scripts: { | ||
| postinstall: 'skip-local-postinstall fail.js', | ||
| }, | ||
| dependencies: { | ||
| 'skip-local-postinstall': 'file:../../..', | ||
| }, | ||
| }), | ||
| ]) | ||
| execSync('npm install', { cwd: fixturePath, stdio: 'inherit' }) | ||
| execSync('npm install', { cwd: fixturePath, stdio: 'inherit' }) | ||
| const files = listFilesMatching('*.png', fixturePath) | ||
| const files = listFilesMatching('*.png', fixturePath) | ||
| expect(files.length).toEqual(0) | ||
| expect(files.length).toEqual(0) | ||
| }) |
@@ -0,40 +1,50 @@ | ||
| import { existsSync } from 'fs' | ||
| import { join } from 'path' | ||
| import { execSync } from 'child_process' | ||
| import { environment, prepare, file, packageJson, listFilesMatching } from 'jest-fixture' | ||
| import { environment, prepare, file, packageJson } from 'jest-fixture' | ||
| const [fixturePath] = environment('remote') | ||
| test('File gets created as installed from remote.', async () => { | ||
| prepare([ | ||
| file('skip-remote/package.json', { | ||
| name: 'skip-remote', | ||
| version: '1.0.0', | ||
| type: 'module', | ||
| scripts: { | ||
| postinstall: 'skip-local-postinstall fail.js' | ||
| }, | ||
| dependencies: { | ||
| 'skip-local-postinstall': 'file:../../../..' | ||
| }, | ||
| files: [ | ||
| "fail.js" | ||
| ] | ||
| }), | ||
| file('skip-remote/fail.js', `import { writeFileSync } from 'fs' | ||
| test('File gets created as installed from remote.', () => { | ||
| prepare([ | ||
| file('skip-remote/package.json', { | ||
| name: 'skip-remote', | ||
| version: '1.0.0', | ||
| type: 'module', | ||
| scripts: { | ||
| postinstall: 'skip-local-postinstall fail.js', | ||
| }, | ||
| dependencies: { | ||
| 'skip-local-postinstall': 'file:../../../..', | ||
| }, | ||
| files: ['fail.js'], | ||
| }), | ||
| file( | ||
| 'skip-remote/fail.js', | ||
| `import { writeFileSync } from 'fs' | ||
| import { join } from 'path' | ||
| writeFileSync(join(process.cwd(), 'failed.png'), '')`), | ||
| packageJson('remote', { | ||
| version: '1.0.0', | ||
| type: 'module', | ||
| dependencies: { | ||
| 'skip-remote': 'file:./skip-remote' | ||
| } | ||
| }), | ||
| ]) | ||
| writeFileSync(join(process.cwd(), 'failed.png'), '')` | ||
| ), | ||
| packageJson('remote', { | ||
| version: '1.0.0', | ||
| type: 'module', | ||
| }), | ||
| ]) | ||
| execSync('npm install', { cwd: fixturePath, stdio: 'inherit' }) | ||
| execSync('npm install', { cwd: fixturePath, stdio: 'inherit' }) | ||
| const files = listFilesMatching('*.png', fixturePath) | ||
| const result = execSync('npm pack ./skip-remote | tail -1', { | ||
| cwd: fixturePath, | ||
| stdio: 'pipe', | ||
| }) | ||
| expect(files.length).toEqual(0) | ||
| execSync(`npm i --no-save ${result.toString()}`, { | ||
| cwd: fixturePath, | ||
| stdio: 'inherit', | ||
| }) | ||
| const generatedPngPath = join(fixturePath, 'node_modules/skip-remote/failed.png') | ||
| expect(existsSync(generatedPngPath)).toBe(true) | ||
| }) |
New alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
5688
10.83%- Lines of code
83
13.7%- Number of lines in readme file
51
50%Worsened metrics
- Number of low supply chain risk alerts
2
100%No dependency changes