v3.0.0

Fixed

• Prevent command injection through arguments passed to getPath - the parameters of the getPath were not properly sanitized due to usage of execSync command, which allowed threat actor to pass undesired commands. Replaced the usage of execSync with spawnSync
• Move CI to GitHub Actions and add some integration tests
• Resolve dependabot detected vulnerabilities

NOTE: There's no breaking change in the API, but as the package now uses spawnSync instead of execSync, there might be a difference in the results of calling getPath method. So I've decided to bump the major version

v2.3.1

Fixed

• Unable to find path to modules installed globally with yarn on Linux and macOS

v2.3.0

Implemented

• Add support for locally installed packages with symlink in the NPM global node_modules folder that links to them

v2.2.0

Implemented

• Add support for locally installed packages, added to PATH with path to .bin folder

v2.1.0

Implemented

• Add support for packages installed with Yarn on Windows.
• Add verification that the returned path contains a package.json and the name inside it is exactly the same as the packageName passed to the getPath method.

v2.0.0

Behavior changes

• The executable is searched from PATH first and in case we are not able to find the package from it, we try to find it from globally installed npm modules.

v1.0.0

Initial release