Global-modules-path is a lightweight npm package designed to reliably retrieve the installation path of globally installed npm modules. Versions 2.3.0 and 2.3.1 share the same core functionality and target audience, providing developers with a simple way to locate where npm stores globally installed packages on their system. This is particularly useful for tools and scripts that need to interact with these modules directly, bypassing the standard require() mechanism. Both versions are licensed under Apache-2.0, offer identical development dependencies (including testing frameworks like Mocha and Chai, linting with ESLint, and code coverage with Istanbul), and have the same author information (Telerik's support email) and repository details.
The key difference lies in the release date and the slightly reduced unpacked size in the newer version, 2.3.1. Version 2.3.0 was released in July 2018, while version 2.3.1 was released in November 2018. The unpacked size of version 2.3.1 is also marginally smaller than version 2.3.0 (21029 vs 21513). This suggests that while the core feature set remained unchanged, there were likely minor bug fixes, performance improvements, or optimizations that contributed to this smaller size. For developers, upgrading to version 2.3.1 is recommended to benefit from these potential enhancements and ensure they are using the most up-to-date and refined release. The library remains a valuable asset for developers needing programmatic access to global module directories.
All the vulnerabilities related to the version 2.3.1 of the package
global-modules-path Command Injection vulnerability
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
