spawn-wrap
Advanced tools
Comparing version 1.2.3 to 1.2.4
@@ -122,3 +122,5 @@ module.exports = wrap | ||
if (cmdi !== -1) { | ||
options.args[cmdi + 1] = winRebase(options.args[cmdi + 1], workingDir + '/node.cmd') | ||
options.args[cmdi + 1] = winRebase(options.args[cmdi + 1], | ||
workingDir + '/node.cmd', | ||
whichOrUndefined) | ||
} | ||
@@ -125,0 +127,0 @@ } else if (file === 'node' || file === 'iojs' || cmdname === file) { |
var re = /^\s*("*)([^"]*?\b(?:node|iojs)(?:\.exe)?)("*)( |$)/ | ||
var npmre = /^\s*("*)([^"]*?\b(?:npm))("*)( |$)/ | ||
var path_ = require('path') | ||
if (path_.win32) path_ = path_.win32 | ||
module.exports = function (path, rebase) { | ||
module.exports = function (path, rebase, whichOrUndefined) { | ||
var m = path.match(re) | ||
if (!m) return path | ||
if (!m) { | ||
m = path.match(npmre) | ||
if (!m) return path | ||
var npmPath = whichOrUndefined('npm') || 'npm' | ||
npmPath = path_.dirname(npmPath) + '\\node_modules\\npm\\bin\\npm-cli.js' | ||
return path.replace(npmre, m[1] + rebase + ' "' + npmPath + '"' + m[3] + m[4]) | ||
} | ||
// preserve the quotes | ||
@@ -7,0 +16,0 @@ var replace = m[1] + rebase + m[3] + m[4] |
{ | ||
"name": "spawn-wrap", | ||
"version": "1.2.3", | ||
"version": "1.2.4", | ||
"description": "Wrap all spawned Node.js child processes by adding environs and arguments ahead of the main JavaScript file argument.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -33,1 +33,9 @@ var t = require('tap') | ||
}) | ||
t.test('handles npm invocations', function (t) { | ||
var result = winRebase('""npm" "install""', | ||
'C:\\foo', | ||
function() { return 'C:\\path-to-npm\\npm' }) | ||
t.equal(result, '""C:\\foo "C:\\path-to-npm\\node_modules\\npm\\bin\\npm-cli.js"" "install""') | ||
t.end() | ||
}) |
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
35150
20
952
26