es-check 9.4.6 → 9.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/cli/parser.js +35 -8
  2. package/package.json +42 -16
package/lib/cli/parser.js CHANGED
@@ -1,3 +1,22 @@
1
+ const BOOLEAN_FLAGS = new Set([
2
+ "module",
3
+ "allowHashBang",
4
+ "allow-hash-bang",
5
+ "noColor",
6
+ "no-color",
7
+ "verbose",
8
+ "quiet",
9
+ "silent",
10
+ "looseGlobMatching",
11
+ "checkFeatures",
12
+ "checkForPolyfills",
13
+ "checkBrowser",
14
+ "noCache",
15
+ "light",
16
+ "help",
17
+ "version",
18
+ ]);
19
+
1
20
  function parseArgs(argv) {
2
21
  const args = argv.slice(2);
3
22
  const options = {};
@@ -19,15 +38,21 @@ function parseArgs(argv) {
19
38
  options[key] = valueParts.join("=");
20
39
  } else {
21
40
  const key = arg.slice(2);
22
- const nextArg = args[i + 1];
23
- const hasNextArg = nextArg !== undefined;
24
- const nextIsValue = hasNextArg && !nextArg.startsWith("-");
41
+ const isBooleanFlag = BOOLEAN_FLAGS.has(key);
25
42
 
26
- if (nextIsValue) {
27
- options[key] = nextArg;
28
- i++;
29
- } else {
43
+ if (isBooleanFlag) {
30
44
  options[key] = true;
45
+ } else {
46
+ const nextArg = args[i + 1];
47
+ const hasNextArg = nextArg !== undefined;
48
+ const nextIsValue = hasNextArg && !nextArg.startsWith("-");
49
+
50
+ if (nextIsValue) {
51
+ options[key] = nextArg;
52
+ i++;
53
+ } else {
54
+ options[key] = true;
55
+ }
31
56
  }
32
57
  }
33
58
  } else if (isShortOption) {
@@ -41,7 +66,9 @@ function parseArgs(argv) {
41
66
 
42
67
  const nextArg = args[i + 1];
43
68
  const hasNextArg = nextArg !== undefined;
44
- const nextIsValue = hasNextArg && !nextArg.startsWith("-");
69
+ const isBooleanFlag = BOOLEAN_FLAGS.has(lastFlag);
70
+ const nextIsValue =
71
+ hasNextArg && !nextArg.startsWith("-") && !isBooleanFlag;
45
72
 
46
73
  if (nextIsValue) {
47
74
  options[lastFlag] = nextArg;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "es-check",
3
- "version": "9.4.6",
3
+ "version": "9.4.7",
4
4
  "description": "Checks the ECMAScript version of .js glob against a specified version of ECMAScript with a shell command",
5
5
  "main": "lib/index.js",
6
6
  "license": "MIT",
@@ -57,15 +57,15 @@
57
57
  "@commitlint/config-conventional": "^20.0.0",
58
58
  "codependence": "^0.3.1",
59
59
  "commitizen": "4.3.1",
60
- "oxlint": "^1.24.0",
61
- "pastoralist": "1.8.2-5",
60
+ "oxlint": "^1.29.0",
61
+ "pastoralist": "1.8.2",
62
62
  "prettier": "3.6.2",
63
63
  "release-it": "19.0.6"
64
64
  },
65
65
  "dependencies": {
66
66
  "acorn": "8.15.0",
67
- "browserslist": "^4.23.3",
68
- "fast-brake": "^0.1.4",
67
+ "browserslist": "^4.28.0",
68
+ "fast-brake": "^0.1.6",
69
69
  "fast-glob": "^3.3.3"
70
70
  },
71
71
  "engines": {
@@ -129,15 +129,15 @@
129
129
  "packageManager": "pnpm@10.12.1",
130
130
  "pastoralist": {
131
131
  "appendix": {
132
- "vite@6.3.6": {
132
+ "vite@6.4.1": {
133
133
  "dependents": {
134
134
  "es-check": "vite (transitive dependency)"
135
135
  },
136
136
  "ledger": {
137
- "addedDate": "2025-11-11T09:03:17.559Z",
137
+ "addedDate": "2025-11-21T20:27:19.148Z",
138
138
  "reason": "Security fix: vite allows server.fs.deny bypass via backslash on Windows (medium)",
139
139
  "securityChecked": true,
140
- "securityCheckDate": "2025-11-11T09:03:17.559Z",
140
+ "securityCheckDate": "2025-11-21T20:27:19.148Z",
141
141
  "securityProvider": "github",
142
142
  "cve": "CVE-2025-62522",
143
143
  "severity": "medium",
@@ -149,14 +149,38 @@
149
149
  "es-check": "tmp (transitive dependency)"
150
150
  },
151
151
  "ledger": {
152
- "addedDate": "2025-11-11T09:03:17.559Z",
153
- "reason": "Security fix: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter (low)",
152
+ "addedDate": "2025-11-21T20:27:19.148Z"
153
+ }
154
+ },
155
+ "astro@5.15.9": {
156
+ "dependents": {
157
+ "es-check": "astro (transitive dependency)",
158
+ "es-check-docs": "astro@^5.15.9"
159
+ },
160
+ "ledger": {
161
+ "addedDate": "2025-11-21T20:27:19.148Z",
162
+ "reason": "Security fix: Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint (medium)",
163
+ "securityChecked": true,
164
+ "securityCheckDate": "2025-11-21T20:27:19.148Z",
165
+ "securityProvider": "github",
166
+ "cve": "CVE-2025-65019",
167
+ "severity": "medium",
168
+ "url": "https://github.com/yowainwright/es-check/security/dependabot/51"
169
+ }
170
+ },
171
+ "js-yaml@4.1.1": {
172
+ "dependents": {
173
+ "es-check": "js-yaml (transitive dependency)"
174
+ },
175
+ "ledger": {
176
+ "addedDate": "2025-11-21T20:27:19.148Z",
177
+ "reason": "Security fix: js-yaml has prototype pollution in merge (<<) (medium)",
154
178
  "securityChecked": true,
155
- "securityCheckDate": "2025-11-11T09:03:17.559Z",
179
+ "securityCheckDate": "2025-11-21T20:27:19.148Z",
156
180
  "securityProvider": "github",
157
- "cve": "CVE-2025-54798",
158
- "severity": "low",
159
- "url": "https://github.com/yowainwright/es-check/security/dependabot/24"
181
+ "cve": "CVE-2025-64718",
182
+ "severity": "medium",
183
+ "url": "https://github.com/yowainwright/es-check/security/dependabot/46"
160
184
  }
161
185
  }
162
186
  },
@@ -175,8 +199,10 @@
175
199
  },
176
200
  "pnpm": {
177
201
  "overrides": {
178
- "vite": "6.3.6",
179
- "tmp": "0.2.4"
202
+ "vite": "6.4.1",
203
+ "tmp": "0.2.4",
204
+ "astro": "5.15.9",
205
+ "js-yaml": "4.1.1"
180
206
  }
181
207
  }
182
208
  }