npm - @orangemug/oops - Versions diffs - 0.1.2 → 0.1.4 - Mend

@orangemug/oops 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -21,6 +21,7 @@ You can attach this command to a bug tracker ticket somewhere in your company/or
 >   @ctrl/tinycolor:4.1.2
 > ```
+The examples are from <https://orca.security/resources/blog/npm-malware-campaign-tinycolor/>
 ## Licence
 MIT

package/dist/npm/bin/index.js CHANGED Viewed

@@ -3,6 +3,7 @@ import chalk from 'chalk';
 import { exec as exec$1 } from 'child_process';
 import { promisify } from 'util';
 import semver from 'semver';
+import validSemver from 'semver/ranges/valid.js';
 import minimist from 'minimist';
 const exec = promisify(exec$1);
@@ -38,7 +39,7 @@ async function yarnDoesPackageExist(pkgName) {
     return out;
 }
 async function doesPackageExistInCache(pkgName, version) {
-    if (!semver.valid(version)) {
+    if (!validSemver(version)) {
         throw new Error(`Invalid version range "${version}"`);
     }
     const effectedVersions = {};
@@ -93,7 +94,7 @@ const HELP_TEXT = `
 Example: ./oops @ctrl/tinycolor:4.1.1 @ctrl/tinycolor:4.1.2
 `.trim();
 const argv = minimist(process.argv.slice(2));
-if (argv._.length < 1 && argv.help || argv.h) {
+if (argv._.length < 1 || argv.help || argv.h) {
     console.log(HELP_TEXT);
     process.exit(0);
 }

package/dist/npm/cjs/index.js CHANGED Viewed

@@ -3,6 +3,7 @@
 var child_process = require('child_process');
 var util = require('util');
 var semver = require('semver');
+var validSemver = require('semver/ranges/valid.js');
 const exec = util.promisify(child_process.exec);
 async function pnpmDoesPackageExist(pkgName) {
@@ -37,7 +38,7 @@ async function yarnDoesPackageExist(pkgName) {
     return out;
 }
 async function doesPackageExistInCache(pkgName, version) {
-    if (!semver.valid(version)) {
+    if (!validSemver(version)) {
         throw new Error(`Invalid version range "${version}"`);
     }
     const effectedVersions = {};

package/dist/npm/es/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { exec as exec$1 } from 'child_process';
 import { promisify } from 'util';
 import semver from 'semver';
+import validSemver from 'semver/ranges/valid.js';
 const exec = promisify(exec$1);
 async function pnpmDoesPackageExist(pkgName) {
@@ -35,7 +36,7 @@ async function yarnDoesPackageExist(pkgName) {
     return out;
 }
 async function doesPackageExistInCache(pkgName, version) {
-    if (!semver.valid(version)) {
+    if (!validSemver(version)) {
         throw new Error(`Invalid version range "${version}"`);
     }
     const effectedVersions = {};

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
   "name": "@orangemug/oops",
   "description": "Have I got a compromised pacakge in my cache?",
+  "version": "0.1.4",
   "repository": {
     "type": "git",
     "url": "https://github.com/orangemug/oops"
@@ -14,7 +15,7 @@
     "build": "rollup -c rollup.config.ts && chmod +x dist/npm/bin/index.js"
   },
   "bin": {
-    "@orangemug/oops": "./dist/npm/bin/index.ts"
+    "@orangemug/oops": "./dist/npm/bin/index.js"
   },
   "exports": {
     ".": {
@@ -52,6 +53,5 @@
     "chalk": "^5.6.2",
     "minimist": "^1.2.8",
     "semver": "^7.7.4"
-  },
-  "version": "0.1.2"
+  }
 }