@contrail/types - npm Package Compare versions

Comparing version 2.0.22 to 2.0.23

lib/formulas/formula-processor.d.ts

 import { TypeProperty } from "../type-properties";
 export declare class FormulaProcessor {
-    static processFormula(formula: string | undefined, data: any): number;
+    static processFormula(formula: string | undefined, data: any): number | null;
     static substituteValues(formula: string, data: any): string;
@@ -5,0 +5,0 @@ static processFormulasForEntities(entities: Array<any>, properties: Array<TypeProperty>): void;

lib/formulas/formula-processor.js

@@ -8,3 +8,6 @@ "use strict";
         const converted = this.substituteValues(formula, data);
-        const value = parseFloat(eval(converted));
+        let value = parseFloat(eval(converted));
+        if (isNaN(value)) {
+            return null;
+        }
         return value;
@@ -11,0 +14,0 @@ }

package.json

 {
   "name": "@contrail/types",
-  "version": "2.0.22",
+  "version": "2.0.23",
   "description": "Types Utility module",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

21640

0.33%

Lines of code

499

0.6%

No dependency changes