Merge pull request #73 from grawk/remove.jsonic

remove load-jsonic-sync feature due to uglify security vuln
krakenjs · Dec 14, 2017 · b848efa · b848efa
2 parents fae3e07 + 144738e
commit b848efa
Show file tree

Hide file tree

Showing 6 changed files with 2,509 additions and 20 deletions.
diff --git a/lib/factory.js b/lib/factory.js
@@ -14,7 +14,7 @@
  │  limitations under the License.                                            │
  \*───────────────────────────────────────────────────────────────────────────*/
 import Path from 'path';
-import loadJsonicSync from 'load-jsonic-sync';
+import shush from 'shush';
 import debuglog from 'debuglog';
 import Thing from 'core-util-is';
 import Config from './config';
@@ -35,13 +35,13 @@ export default class Factory {
             .then(store => Common.merge(Provider.convenience(), store))
             .then(Factory.conditional(store => {
                 let file = Path.join(this.basedir, defaults);
-                return Handlers.resolveImport(loadJsonicSync(file), this.basedir)
+                return Handlers.resolveImport(shush(file), this.basedir)
                     .then(data => Common.merge(data, store));
             }))
             .then(Factory.conditional(store => {
                 let file = Path.join(this.basedir, `${store.env.env}.json`);
-                return Handlers.resolveImport(loadJsonicSync(file), this.basedir)
-                    .then(data => Common.merge(loadJsonicSync(file), store));
+                return Handlers.resolveImport(shush(file), this.basedir)
+                    .then(data => Common.merge(shush(file), store));
             }))
             .then(store => Common.merge(Provider.env(envignore), store))
             .then(store => Common.merge(Provider.argv(), store));
@@ -74,7 +74,7 @@ export default class Factory {
     _resolveFile(path) {
         if (Thing.isString(path)) {
             let file = Common.isAbsolute(path) ? path : Path.join(this.basedir, path);
-            return loadJsonicSync(file);
+            return shush(file);
         }
         return path;
     }
@@ -84,7 +84,7 @@ export default class Factory {
             try {
                 return fn(store);
             } catch (err) {
-                if (err.cause() && err.cause().code === 'ENOENT') {
+                if (err.code && err.code === 'MODULE_NOT_FOUND') {
                     debug(`WARNING: ${err.message}`);
                     return store;
                 }

diff --git a/lib/handlers.js b/lib/handlers.js
@@ -13,7 +13,7 @@
  │  See the License for the specific language governing permissions and       │
  │  limitations under the License.                                            │
  \*───────────────────────────────────────────────────────────────────────────*/
-import loadJsonicSync from 'load-jsonic-sync';
+import shush from 'shush';
 import async from 'async';
 import Shortstop from 'shortstop'
 import { path as createPath } from 'shortstop-handlers';
@@ -77,11 +77,9 @@ export default class Handlers {
             let shorty = Shortstop.create();
 
             shorty.use('import', function (file, cb) {
-                //check for json extension
-                file = (/\.json$/.test(file)) ? file : `${file}.json`;
                 try {
                     file = path(file);
-                    return shorty.resolve(loadJsonicSync(file), cb);
+                    return shorty.resolve(shush(file), cb);
                 } catch (err) {
                     cb(err);
                 }