Comparing version 1.0.0 to 1.0.1
@@ -5,3 +5,3 @@ { | ||
"description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", | ||
"version": "1.0.0", | ||
"version": "1.0.1", | ||
"repository": { | ||
@@ -8,0 +8,0 @@ "type": "git", |
36
which.js
@@ -18,5 +18,8 @@ module.exports = which | ||
function isExe (mod, uid, gid) { | ||
return (mod & 0001) | ||
|| (mod & 0010) && gid === process.getgid() | ||
|| (mod & 0100) && uid === process.getuid() | ||
//console.error("isExe?", (mod & 0111).toString(8)) | ||
var ret = (mod & 0001) | ||
|| (mod & 0010) && process.getgid && gid === process.getgid() | ||
|| (mod & 0100) && process.getuid && uid === process.getuid() | ||
//console.error("isExe?", ret) | ||
return ret | ||
} | ||
@@ -26,12 +29,23 @@ function which (cmd, cb) { | ||
var pathEnv = (process.env.PATH || "").split(COLON) | ||
, pathExt = [""] | ||
if (process.platform === "win32") { | ||
pathEnv.push(process.cwd()) | ||
pathExt = (process.env.PATHEXT || ".EXE").split(COLON) | ||
} | ||
//console.error("pathEnv", pathEnv) | ||
;(function F (i, l) { | ||
if (i === l) return cb(new Error("not found: "+cmd)) | ||
var p = path.join(pathEnv[i], cmd) | ||
if (p === process.execPath) return cb(null, p) | ||
fs.stat(p, function (er, stat) { | ||
if (!er && stat && isExe(stat.mode, stat.uid, stat.gid)) { | ||
return cb(null, p) | ||
} | ||
return F(i+1, l) | ||
}) | ||
var p = path.resolve(pathEnv[i], cmd) | ||
;(function E (ii, ll) { | ||
if (ii === ll) return F(i + 1, l) | ||
var ext = pathExt[ii] | ||
//console.error(p + ext) | ||
fs.stat(p + ext, function (er, stat) { | ||
if (!er && stat && isExe(stat.mode, stat.uid, stat.gid)) { | ||
//console.error("yes, exe!", p + ext) | ||
return cb(null, p + ext) | ||
} | ||
return E(ii + 1, ll) | ||
}) | ||
})(0, pathExt.length) | ||
})(0, pathEnv.length) | ||
@@ -38,0 +52,0 @@ } |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
2783
58
4