win-fork - npm Package Compare versions

Comparing version 1.0.0 to 1.0.1

index.js

@@ -6,7 +6,44 @@ var cSpawn = require('child_process').spawn;
 function spawn(command, args, options) {
-    if (os === 'Windows_NT') {
-        args = [command].concat(args);
-        command = process.execPath;
+  if (os === 'Windows_NT') {    
+    args = args || [];
+    options = options || {};
+    var match, matchA;
+    if (matchA = /((?:[A-Z_]+\=[^ \=]+ )+)?([^\r\n]+)/.exec(command)) {
+      try {
+        var file = require('fs').readFileSync(matchA[2], 'utf8');
+        if (match = /\#\!\/usr\/bin\/env ([^\r\n]+)/.exec(file)) {
+          args.unshift(matchA[2]);
+          command = matchA[1] + match[1];
+        }
+      } catch (ex) { }
     }
-    return cSpawn(command, args, options);
+
+    if (match = /((?:[A-Z_]+\=[^ \=]+ )+)([^\r\n]+)/.exec(command)) {
+      command = match[2];
+
+      options.env = options.env || shallowClone(process.env);
+
+      var env = match[1].split(' ');
+      env.forEach(function (v) {
+        v = v.split('=');
+        if (v.length === 2) {
+          options.env[v[0]] = v[1];
+        }
+      });
+    }
+
+    args.unshift(command);
+    args.unshift('/c');
+    command = 'cmd';
+  }
+  return cSpawn(command, args, options);
+}
+
+function shallowClone(obj) {
+  var out = {};
+  Object.keys(obj)
+    .forEach(function (key) {
+      out[key] = obj[key];
+    });
+  return out;
 }

package.json

 {
   "name": "win-fork",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Spawn for node.js but in a way that works regardless of which OS you're using",
   "main": "index.js",
-  "scripts": {
-    "test": "mocha"
-  },
   "repository": {
@@ -13,4 +10,8 @@ "type": "git",
   },
-  "author": "",
+  "bin": {
+    "win-spawn": "./bin/win-spawn",
+    "win-fork": "./bin/win-spawn"
+  },
+  "author": "ForbesLindesay",
   "license": "BSD"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2423

increased by148.77%

Number of package files

6

increased by50%

Lines of code

41

increased by355.56%

Number of low maintenance alerts

2

decreased by-33.33%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Number of low supply chain risk alerts

2

increased byInfinity%

No dependency changes