@cdxoo/flat - npm Package Compare versions

Comparing version 0.0.10 to 0.0.11

package.json

 {
   "name": "@cdxoo/flat",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "description": "does not flatten cats",
   "main": "src/index.js",
   "scripts": {
-    "test": "npx mocha --bail test/*.spec.js"
+    "test": "npx mocha --bail test/*.spec.js",
+    "prepublishOnly": "npm test",
+    "release:dry": "npx release-it --dry-run --no-npm",
+    "release:beta": "release-it --preRelease=beta",
+    "release": "release-it"
   },
@@ -21,4 +25,5 @@ "author": "Jan Schwalbe",
   "devDependencies": {
-    "chai": "^4.3.6",
-    "mocha": "^9.2.2"
+    "chai": "^4.3.7",
+    "mocha": "^10.2.0",
+    "release-it": "^17.0.1"
   },
@@ -32,3 +37,6 @@ "repository": {
   },
-  "homepage": "https://github.com/cdxOo/flat#readme"
+  "homepage": "https://github.com/cdxOo/flat#readme",
+  "publishConfig": {
+    "access": "public"
+  }
 }

src/index.js

@@ -105,2 +105,10 @@ 'use strict';
                 else {
+                    if (containerValue[token] === containerValue.__proto__) {
+                        throw new Error(inlineErrorMsg(`
+                            Cannot create property '${token}'
+                            on ${typeof containerValue} '${containerValue}'
+                            (path: '${path.join('.')}'
+                            in ${JSON.stringify(out)})
+                        `))
+                    }
                     containerValue[token] = value;
@@ -107,0 +115,0 @@ }

test/index.spec.js

@@ -224,1 +224,37 @@ 'use strict';
 })
+
+describe('unflatten array keys', () => {
+    it('can unflatten to array via custom extra handling', () => {
+        var out = unflatten({
+            'foo': [],
+            'foo.0': 'a',
+            'foo.1': 'b',
+            'foo.2.x': 'c',
+        });
+        expect(out).to.eql({
+            foo: [ 'a', 'b', { x: 'c' }]
+        });
+    })
+})
+
+describe('nodeBoB', () => {
+    it('unflatten throws when trying to pollute', () => {
+        var malicious = [
+            { '__proto__.polluted': 'nodeBoB!' },
+            { 'constructor.prototype.polluted': 'nodeBoB!' },
+        ];
+
+        for (var obj of malicious) {
+            var err = undefined;
+            try {
+                var out = unflatten(obj);
+            }
+            catch (e) {
+                err = e;
+            }
+
+            expect(err).to.exists;
+            expect(err.message).to.match(/Cannot create.*polluted/)
+        }
+    })
+})

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13375

increased by10.35%

Number of downloads

10

increased by42.86%

Lines of code

355

increased by12.7%

Worsened metrics

Dev dependency count

3

increased by50%

No dependency changes