snyk-try-require
Advanced tools
snyk-try-require - npm Package Compare versions
Comparing version 1.3.1 to 2.0.0
| module.exports = tryRequire; | ||
| var fs = require('then-fs'); | ||
| var path = require('path'); | ||
| var debug = require('debug')('snyk:resolve:try-require'); | ||
| var cloneDeep = require('lodash.clonedeep'); | ||
| var lru = require('lru-cache'); | ||
| var options = { max: 100, maxAge: 1000 * 60 * 60 }; | ||
| var cache = lru(options); | ||
| const fsModule = require('fs'); | ||
| const util = require('util'); | ||
| const path = require('path'); | ||
| const debug = require('debug')('snyk:resolve:try-require'); | ||
| const cloneDeep = require('lodash.clonedeep'); | ||
| const LRU = require('lru-cache'); | ||
| const options = { max: 100, maxAge: 1000 * 60 * 60 }; | ||
| const cache = new LRU(options); | ||
| const fs = { | ||
| readFile: util.promisify(fsModule.readFile), | ||
| stat: util.promisify(fsModule.stat), | ||
| }; | ||
| module.exports.cache = cache; // allows for a reset | ||
| function tryRequire(filename) { | ||
| var cached = cache.get(filename); | ||
| const cached = cache.get(filename); | ||
| if (cached) { | ||
| var res = cloneDeep(cached); | ||
| const res = cloneDeep(cached); | ||
| /* istanbul ignore else */ | ||
@@ -25,3 +31,3 @@ if (process.env.TAP) { | ||
| .then(function (pkgStr) { | ||
| var leadingBOM = ''; | ||
| let leadingBOM = ''; | ||
| if (pkgStr && pkgStr[0] === '\ufeff') { | ||
@@ -34,3 +40,3 @@ // String starts with UTF BOM. Remove it so that JSON.parse doesn't | ||
| var pkg = JSON.parse(pkgStr); | ||
| const pkg = JSON.parse(pkgStr); | ||
| pkg.leading = leadingBOM + pkgStr.match(/^(\s*){/)[1]; | ||
@@ -65,4 +71,4 @@ pkg.trailing = pkgStr.match(/}(\s*)$/)[1]; | ||
| // test for npm-shrinkwrap and find a .snyk policy file whilst we're at it | ||
| var dir = path.dirname(filename); | ||
| var promises = [ | ||
| const dir = path.dirname(filename); | ||
| const promises = [ | ||
| fs.stat(path.resolve(dir, '.snyk')).catch(pass), | ||
@@ -93,3 +99,3 @@ fs.stat(path.resolve(dir, 'npm-shrinkwrap.json')).catch(pass), | ||
| var pass = function () { | ||
| const pass = function () { | ||
| return { | ||
@@ -104,4 +110,6 @@ isFile: function () { return false; }, | ||
| .then(JSON.stringify) | ||
| // eslint-disable-next-line no-console | ||
| .then(console.log) | ||
| // eslint-disable-next-line no-console | ||
| .catch(console.log); | ||
| } |
@@ -6,3 +6,3 @@ { | ||
| "scripts": { | ||
| "lint": "jscs lib/*.js -v", | ||
| "lint": "eslint lib test", | ||
| "check-tests": "! grep 'test.only' test/*.test.js -n", | ||
@@ -12,3 +12,4 @@ "env": "node -e 'console.log(process.env, process.versions)'", | ||
| "test": "npm run check-tests && npm run lint && tap test/*.test.js --cov --timeout=60", | ||
| "semantic-release": "semantic-release pre && npm publish && semantic-release post" | ||
| "postinstall": "npm --prefix test/fixtures/shrink-test-v1 install && npm --prefix test/fixtures/with-policy install", | ||
| "semantic-release": "npx semantic-release@15" | ||
| }, | ||
@@ -27,15 +28,12 @@ "repository": { | ||
| "devDependencies": { | ||
| "jscs": "^2.10.1", | ||
| "snyk-resolve-deps-fixtures": "^1.1.5", | ||
| "tap": "^5.5.0", | ||
| "tap-only": "0.0.5", | ||
| "semantic-release": "^6.0.0" | ||
| "eslint": "^5.16.0", | ||
| "tap": "^12.7.0", | ||
| "tap-only": "0.0.5" | ||
| }, | ||
| "dependencies": { | ||
| "debug": "^3.1.0", | ||
| "debug": "^4.1.1", | ||
| "lodash.clonedeep": "^4.3.0", | ||
| "lru-cache": "^4.0.0", | ||
| "then-fs": "^2.0.0" | ||
| "lru-cache": "^5.1.1" | ||
| }, | ||
| "version": "1.3.1" | ||
| } | ||
| "version": "2.0.0" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-25%
3
- Dev dependency count
- decreased by-40%
3
- Number of package files
- increased by18.18%
13
- Lines of code
- increased by30.68%
115
Worsened metrics
- Total package byte prevSize
- decreased by-5.57%
26919
- Number of high supply chain risk alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased by100%
2
Dependency changes
+ Addeddebug@4.3.7(transitive)
+ Addedlru-cache@5.1.1(transitive)
+ Addedyallist@3.1.1(transitive)
- Removedthen-fs@^2.0.0
- Removedasap@2.0.6(transitive)
- Removeddebug@3.2.7(transitive)
- Removedlru-cache@4.1.5(transitive)
- Removedpromise@7.3.1(transitive)
- Removedpseudomap@1.0.2(transitive)
- Removedthen-fs@2.0.0(transitive)
- Removedyallist@2.1.2(transitive)
Updateddebug@^4.1.1
Updatedlru-cache@^5.1.1