snyk-policy
Advanced tools
Comparing version 1.0.2 to 1.1.0
@@ -9,4 +9,6 @@ var yaml = require('js-yaml'); | ||
var tryRequire = require('snyk-try-require'); | ||
var filter = require('./filter'); | ||
module.exports = { | ||
filter: filter, | ||
demunge: parse.demunge, | ||
@@ -25,2 +27,12 @@ load: load, | ||
function attachMethods(policy) { | ||
var root = path.dirname(policy.__filename); | ||
policy.filter = function (vulns) { | ||
return filter(vulns, policy, root); | ||
}; | ||
policy.save = save.bind(null, policy); | ||
policy.demunge = parse.demunge.bind(null, policy); | ||
return policy; | ||
} | ||
function loadFromText(text) { | ||
@@ -36,3 +48,3 @@ return new Promise(function (resolve) { | ||
resolve(policy); | ||
}); | ||
}).then(attachMethods); | ||
} | ||
@@ -77,3 +89,3 @@ | ||
return policy; | ||
}).catch(function (error) { | ||
}).then(attachMethods).catch(function (error) { | ||
if (options.loose && error.code === 'ENOENT') { | ||
@@ -163,2 +175,7 @@ return parse({}); | ||
} | ||
// strip helper functions | ||
if (typeof object[key] === 'function') { | ||
delete object[key]; | ||
} | ||
}); | ||
@@ -165,0 +182,0 @@ return yaml.safeDump(object); |
@@ -90,8 +90,17 @@ module.exports = { | ||
if (target.name === fromPkg.name && semver.valid(fromPkg.version) && | ||
semver.satisfies(fromPkg.version, pkgVersion)) { | ||
debugPolicy('semver match'); | ||
return true; | ||
// shortcut version match, if it's exact, then skip the semver check | ||
if (target.name === fromPkg.name) { | ||
if (fromPkg.version === pkgVersion) { | ||
debugPolicy('exact version match'); | ||
return true; | ||
} | ||
if (semver.valid(fromPkg.version) && | ||
semver.satisfies(fromPkg.version, pkgVersion)) { | ||
debugPolicy('semver match'); | ||
return true; | ||
} | ||
} | ||
debugPolicy('failed match'); | ||
@@ -98,0 +107,0 @@ |
@@ -33,2 +33,3 @@ { | ||
"snyk-module": "^1.6.0", | ||
"snyk-resolve": "^1.0.0", | ||
"snyk-try-require": "^1.1.1", | ||
@@ -41,3 +42,3 @@ "then-fs": "^2.0.0" | ||
}, | ||
"version": "1.0.2" | ||
"version": "1.1.0" | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
467282
28
557
8
2
+ Addedsnyk-resolve@^1.0.0
+ Added@octetstream/promisify@2.0.2(transitive)
+ Addeddebug@4.3.7(transitive)
+ Addedpromise-fs@2.1.1(transitive)
+ Addedsnyk-resolve@1.1.0(transitive)