snyk - npm Package Compare versions

Comparing version 1.11.0 to 1.11.1-alpha1

cli/index.js

@@ -9,3 +9,3 @@ #!/usr/bin/env node
 
-args.method.apply(null, args.options._).then(function (result) {
+var cli = args.method.apply(null, args.options._).then(function (result) {
   var analytics = require('../lib/analytics');
@@ -28,4 +28,5 @@ var res = analytics({
   analytics.add('error', error.stack);
+  analytics.add('command', args.command);
   var res = analytics({
-    command: args.command,
+    command: 'cli-bad-command',
     args: args.options._,
@@ -53,18 +54,23 @@ });
   console.log('super fail', e.stack);
-}).then(function () {
-  if (exitcode) {
-    process.exit(1);
+}).then(function (res) {
+  if (!process.env.TAP && exitcode) {
+    return process.exit(1);
   }
+  return res;
 });
 
-debug('checking for cli updates');
-// finally, check for available update and returns an instance
-var defaults = require('lodash').defaults;
-var pkg = require('../package.json');
+if (module.parent) {
+  module.exports = cli;
+} else {
+  debug('checking for cli updates');
+  // finally, check for available update and returns an instance
+  var defaults = require('lodash').defaults;
+  var pkg = require('../package.json');
 
-// only run if we're not inside an npm.script
-if (!process.env['npm_config_node_version']) { // jshint ignore:line
-  require('update-notifier')({
-    pkg: defaults(pkg, { version: '0.0.0' }),
-  }).notify();
+  // only run if we're not inside an npm.script
+  if (!process.env['npm_config_node_version']) { // jshint ignore:line
+    require('update-notifier')({
+      pkg: defaults(pkg, { version: '0.0.0' }),
+    }).notify();
+  }
 }

lib/analytics.js

@@ -38,3 +38,4 @@ module.exports = analytics;
   // ths applies to all sending to protect user's privacy
-  if (snyk.config.get('disable-analytics')) {
+  if (snyk.config.get('disable-analytics') || config.DISABLE_ANALYTICS) {
+    debug('analytics disabled');
     return Promise.resolve();
@@ -41,0 +42,0 @@ }

lib/protect.js

@@ -580,9 +580,10 @@ var protect = module.exports = {
 function generatePolicy(policy, tasks, live) {
-  var promises = [
-    protect.ignore(tasks.ignore, live),
-    protect.update(tasks.update, live),
-    protect.patch(tasks.patch, live),
-    log(tasks, live),
-  ];
+  var promises = ['ignore', 'update', 'patch'].filter(function (task) {
+    return tasks[task].length;
+  }).map(function (task) {
+    return protect[task](tasks[task], live);
+  });
 
+  promises.push(log(tasks, live));
+
   return Promise.all(promises).then(function (res) {
@@ -589,0 +590,0 @@ // we're squashing the arrays of arrays into a flat structure

package.json

 {
   "name": "snyk",
   "description": "snyk library and cli utility",
+"version": "1.11.1-alpha1",
   "main": "lib/index.js",
@@ -57,3 +58,3 @@ "directories": {
     "nodemon": "^1.3.7",
-    "proxyquire": "^1.7.3",
+    "proxyquire": "^1.7.4",
     "restify": "^4.0.4",
@@ -70,4 +71,3 @@ "semantic-release": "^4.3.5",
   },
-  "snyk": true,
-  "version": "1.11.0"
-}
+  "snyk": true
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6118284

increased by4095.58%

Number of package files

105

increased by90.91%

Lines of code

4615

increased by21.32%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of low supply chain risk alerts

11

increased by10%

No dependency changes