From 54c649e380c88271a8c7ef868dc0aed3ce77e1cf Mon Sep 17 00:00:00 2001
From: John-David Dalton <john.david.dalton@gmail.com>
Date: Thu, 7 Jul 2016 08:53:33 -0700
Subject: [PATCH] Use require.resolve instead of require to avoid executing
 code.

---
 index.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index aebe214..122a21d 100644
--- a/index.js
+++ b/index.js
@@ -17,10 +17,10 @@ module.exports = function (packages, _options, cb) {
   }, _options)
 
   async.eachLimit(packages, 1, function (arg, next) {
-    var pkg = arg.substr(0, arg.indexOf('@')) || arg
+    var pkg = arg.split('@')[0]
     try {
       // TODO: Either skip this part if a version has been provided or check the package json version
-      require(pkg)
+      require.resolve(pkg)
       return next()
     } catch (err) {
       var child = spawn('npm', ['install', arg], {stdio: options.stdio})