@agoric/lockdown
Advanced tools
@agoric/lockdown - npm Package Compare versions
Comparing version 0.1.2-dev-067ae75.0 to 0.1.2-dev-0c4d32b.0
@@ -67,2 +67,14 @@ // commit-debug.js - debug version of commit.js | ||
| // consoleTaming: 'unsafe', | ||
| // Domain taming causes lockdown to throw an error if the Node.js domain | ||
| // module has already been loaded, and causes loading the domain module | ||
| // to throw an error if it is pulled into the working set later. | ||
| // This is because domains may add domain properties to promises and other | ||
| // callbacks and that these domain objects provide a means to escape | ||
| // containment. | ||
| // However, our platform still depends on systems like standardthings/esm | ||
| // which ultimately pull in domains. | ||
| // For now, we are resigned to leave this hole open, knowing that all | ||
| // contract code will be run under XS to avoid this vulnerability. | ||
| domainTaming: 'unsafe', | ||
| }); |
| { | ||
| "name": "@agoric/lockdown", | ||
| "version": "0.1.2-dev-067ae75.0+067ae75", | ||
| "version": "0.1.2-dev-0c4d32b.0+0c4d32b", | ||
| "description": "wrappers for locking down SES the Agoric way", | ||
@@ -19,3 +19,3 @@ "type": "module", | ||
| "dependencies": { | ||
| "ses": "^0.14.3" | ||
| "ses": "^0.15.4" | ||
| }, | ||
@@ -49,10 +49,6 @@ "files": [ | ||
| ], | ||
| "prettier": { | ||
| "trailingComma": "all", | ||
| "singleQuote": true | ||
| }, | ||
| "publishConfig": { | ||
| "access": "public" | ||
| }, | ||
| "gitHead": "067ae75327a2316b32b092dc2992f7a27dd14310" | ||
| "gitHead": "0c4d32bb53e935bee28e64b53d9d74ae4c89b44a" | ||
| } |
24
pre.js
@@ -79,5 +79,13 @@ // pre.js - set up the default lockdown function | ||
| } | ||
| rawLockdown(options); | ||
| rawLockdown({ | ||
| ...options, | ||
| // See comment on domainTaming below. | ||
| domainTaming: 'unsafe', | ||
| }); | ||
| } else if (defaultOptions) { | ||
| rawLockdown(defaultOptions); | ||
| rawLockdown({ | ||
| ...defaultOptions, | ||
| // See comment on domainTaming below. | ||
| domainTaming: 'unsafe', | ||
| }); | ||
| } else { | ||
@@ -142,2 +150,14 @@ rawLockdown({ | ||
| // consoleTaming: 'unsafe', | ||
| // Domain taming causes lockdown to throw an error if the Node.js domain | ||
| // module has already been loaded, and causes loading the domain module | ||
| // to throw an error if it is pulled into the working set later. | ||
| // This is because domains may add domain properties to promises and other | ||
| // callbacks and that these domain objects provide a means to escape | ||
| // containment. | ||
| // However, our platform still depends on systems like standardthings/esm | ||
| // which ultimately pull in domains. | ||
| // For now, we are resigned to leave this hole open, knowing that all | ||
| // contract code will be run under XS to avoid this vulnerability. | ||
| domainTaming: 'unsafe', | ||
| }); | ||
@@ -144,0 +164,0 @@ } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by12.52%
13347
- Lines of code
- increased by13.89%
246
Dependency changes
+ Addedses@0.15.24(transitive)
- Removedses@0.14.5(transitive)
Updatedses@^0.15.4