snyk - npm Package Compare versions
Comparing version 1.4.0 to 1.5.0-alpha1
| var abbrev = require('abbrev'); | ||
| var snyk = require('../../lib'); | ||
| var hotload = require('../../lib/hotload')(__dirname); | ||
| require('../../lib/spinner').isRequired = false; | ||
| snyk.isRequired = false; | ||
| // the aim of this module is to load as little as possible to keep cli boot | ||
| // time as low as possible | ||
| // this will speed up the module load time, only loading the CLI commands | ||
| // as needed by the user, and totally avoiding if the module is being required | ||
| // into a user project | ||
| function hotload(name) { | ||
| var module = null; | ||
| return function () { | ||
| if (module === null) { | ||
| module = require(name); | ||
| } | ||
| return module.apply(null, arguments); | ||
| }; | ||
| } | ||
| var commands = { | ||
@@ -27,2 +15,3 @@ help: hotload('./help'), | ||
| test: hotload('./test'), | ||
| policy: hotload('./policy'), | ||
| protect: hotload('./protect'), | ||
@@ -29,0 +18,0 @@ support: hotload('./support'), |
@@ -288,3 +288,4 @@ module.exports = wizard; | ||
| '\nYour .snyk policy file has been successfully updated.') + | ||
| '\n\nYou can see a snapshot of your dependencies here:\n' + | ||
| '\nTo review your policy, run `snyk policy`.\n\n' + | ||
| 'You can see a snapshot of your dependencies here:\n' + | ||
| url.format(endpoint) + | ||
@@ -291,0 +292,0 @@ '\n\nWe\'ll notify you when relevant new vulnerabilities are ' + |
| var path = require('path'); | ||
| var debug = require('debug')('snyk'); | ||
| var exec = require('child_process').exec; | ||
@@ -4,0 +3,0 @@ var Promise = require('es6-promise').Promise; // jshint ignore:line |
@@ -20,2 +20,3 @@ | ||
| vulnerabilities on snyk.io. | ||
| policy ............. display the Snyk policy for a package. | ||
| support ............ file an issue or request support. | ||
@@ -22,0 +23,0 @@ |
@@ -199,3 +199,3 @@ var protect = module.exports = { | ||
| // first check if the path is a match on the rule | ||
| var pathMatch = snyk.policy.match(vuln, rule); | ||
| var pathMatch = snyk.policy.matchToRule(vuln, rule); | ||
@@ -239,3 +239,3 @@ if (pathMatch && expires < now) { | ||
| // first check if the path is a match on the rule | ||
| var pathMatch = snyk.policy.match(vuln, rule); | ||
| var pathMatch = snyk.policy.matchToRule(vuln, rule); | ||
@@ -462,9 +462,10 @@ if (pathMatch) { | ||
| function generatePolicy(policy, tasks, live) { | ||
| var promises = [ | ||
| protect.ignore(tasks.ignore, live), | ||
| protect.update(tasks.update, live), | ||
| protect.patch(tasks.patch, live), | ||
| log(tasks, live), | ||
| ]; | ||
| var promises = ['ignore', 'update', 'patch'].filter(function (task) { | ||
| return tasks[task].length; | ||
| }).map(function (task) { | ||
| return protect[task](tasks[task], live); | ||
| }); | ||
| promises.push(log(tasks, live)); | ||
| return Promise.all(promises).then(function (res) { | ||
@@ -471,0 +472,0 @@ // we're squashing the arrays of arrays into a flat structure |
| module.exports = createSpinner; | ||
| var isRequired = module.exports.isRequired = true; | ||
| var debug = require('debug')('snyk:spinner'); | ||
| var Promise = require('es6-promise').Promise; // jshint ignore:line | ||
| // var isRequired = require('./').isRequired; | ||
| var spinners = {}; | ||
@@ -56,5 +56,5 @@ var sticky = false; | ||
| function spinner(opt) { | ||
| // if (isRequired) { | ||
| // return false; | ||
| // } | ||
| if (isRequired) { | ||
| return false; | ||
| } | ||
| debug('creating spinner'); | ||
@@ -61,0 +61,0 @@ if (!opt) {opt = {};} |
@@ -5,2 +5,3 @@ { | ||
| "main": "lib/index.js", | ||
| "version": "1.5.0-alpha1", | ||
| "directories": { | ||
@@ -61,4 +62,3 @@ "test": "test" | ||
| "url": "https://github.com/Snyk/snyk.git" | ||
| }, | ||
| "version": "1.4.0" | ||
| } | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by15.88%
2158321
- Number of package files
- increased by10.61%
73
- Lines of code
- increased by3.48%
2614
- Number of low supply chain risk alerts
- decreased by-8.33%
11
Worsened metrics
- Number of low quality alerts
- increased by100%
2