youtube-video - npm Package Compare versions

Comparing version 2.1.0 to 2.2.0

index.js

 var extend = require('extend');
-var findall = require("findall");
 var newElement = require('new-element');
@@ -26,3 +25,5 @@ var sdk = require('require-sdk')('https://www.youtube.com/iframe_api', 'YT');
   sdk(function (error, youtube) {
-    var playerVars = {};
+    var videoId = pickID(input),
+      playerVars = {},
+      playlist;
 
@@ -37,2 +38,12 @@ api = youtube;
 
+    // If we don't have a video ID, check to see if `input` is a playlist.
+    if (!videoId) {
+      playlist = /(?:\?|&)list=([^&]+)/.exec(input);
+
+      if (playlist) {
+        playerVars.listType = playerVars.listType || 'playlist';
+        playerVars.list = playlist[1];
+      }
+    }
+
     // Automatically cast any boolean values as integers.
@@ -51,3 +62,3 @@ for (var i in playerVars) {
         playerVars: playerVars,
-        videoId: pickID(input),
+        videoId: videoId,
         events: {
@@ -80,8 +91,19 @@ 'onReady': onPlayerReady,
 
+/**
+ * Parse the video ID out of a string.
+ *
+ * @param {string} input - The input string, which could be a URL or a video ID.
+ * @returns {string|null} Either the parsed video ID or NULL.
+ */
 function pickID (input) {
-  if (!/\./.test(input)) return input;
+  var videoId;
 
-  var match = findall(input, /(?:\?|&)v=([^&]+)/);
+  // Return early if there's no ".", as it's clearly not a URL.
+  if (!/\./.test(input)) {
+    return input;
+  }
 
-  if (match) return match[0];
+  videoId = /(?:\?|&)v=([^&]+)/.exec(input);
+
+  return videoId ? videoId[1] : null;
 }
@@ -88,0 +110,0 @@

package.json

 {
   "name": "youtube-video",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Minimalistic API to play Youtube videos",
@@ -11,5 +11,4 @@ "main": "index.js",
     "extend": "^3.0.0",
-    "findall": "0.0.4",
-    "new-element": "0.0.1",
-    "require-sdk": "0.0.0"
+    "new-element": "azer/new-element",
+    "require-sdk": "azer/require-sdk"
   },
@@ -16,0 +15,0 @@ "devDependencies": {

New alerts

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 2 instances in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

4559

increased by14.58%

Dependency count

3

decreased by-25%

Lines of code

94

increased by25.33%

Worsened metrics

Number of high supply chain risk alerts

2

increased byInfinity%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• - Removedfindall@0.0.4

• - Removeddomify@1.0.0(transitive)

• - Removedfindall@0.0.4(transitive)

• - Removedload-script@2.0.0(transitive)

• - Removednew-element@0.0.1(transitive)

• - Removednew-format@0.0.1(transitive)

• - Removedpubsub@0.0.5(transitive)

• - Removedrequire-sdk@0.0.0(transitive)

• Updatednew-element@azer/new-element

• Updatedrequire-sdk@azer/require-sdk