@drakensoftware/magicmock - npm Package Compare versions

Comparing version 1.0.1 to 1.1.0

dist/MagicMock.js

@@ -32,3 +32,6 @@ "use strict";
 const path = __importStar(require("path"));
-const serialize_anything_1 = __importDefault(require("serialize-anything"));
+const serialize_javascript_1 = __importDefault(require("serialize-javascript"));
+function deserialize(serializedJavascript) {
+    return eval('(' + serializedJavascript + ')');
+}
 let invocationCountMap = new Map();
@@ -49,3 +52,3 @@ function resetInvocations() {
     const mock = async (...args) => {
-        const serializedArgs = serialize_anything_1.default.serialize(args);
+        const serializedArgs = (0, serialize_javascript_1.default)(args);
         //Create magic mock directory if it does not exist
@@ -75,3 +78,3 @@ if (!fs.existsSync('__magicMock__'))
                         payloads[invocationIndex.toString()] =
-                            JSON.parse(serialize_anything_1.default.serialize(result)); //As it is async, it is important to use the previously defined invocationIndex
+                            JSON.parse((0, serialize_javascript_1.default)(result)); //As it is async, it is important to use the previously defined invocationIndex
                         fs.writeFileSync(mockPath, JSON.stringify(allPayloads, null, 2));
@@ -89,3 +92,3 @@ resolve(result);
             console.log(`✨ MagicMock is using an snapshot for '${identifier}'`);
-            return new Promise((resolve) => resolve(serialize_anything_1.default.deserialize(JSON.stringify(payloads[invocationIndex.toString()]))));
+            return new Promise((resolve) => resolve(deserialize(JSON.stringify(payloads[invocationIndex.toString()]))));
         } //Payload does exist
@@ -92,0 +95,0 @@ };

package.json

 {
   "name": "@drakensoftware/magicmock",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Create your mocks automagically",
@@ -21,2 +21,3 @@ "main": "dist/index.js",
     "@types/jest": "^29.5.12",
+    "@types/serialize-javascript": "^5.0.4",
     "@typescript-eslint/eslint-plugin": "^7.3.1",
@@ -30,4 +31,4 @@ "@typescript-eslint/parser": "^7.3.1",
   "dependencies": {
-    "serialize-anything": "^1.2.3"
+    "serialize-javascript": "^6.0.2"
   }
 }

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14966

increased by1.28%

Lines of code

206

increased by1.48%

Worsened metrics

Dev dependency count

8

increased by14.29%

Dependency changes

• + Addedserialize-javascript@^6.0.2

• + Addedrandombytes@2.1.0(transitive)

• + Addedsafe-buffer@5.2.1(transitive)

• + Addedserialize-javascript@6.0.2(transitive)

• - Removedserialize-anything@^1.2.3

• - Removeddeep-copy-all@1.3.4(transitive)

• - Removedserialize-anything@1.2.3(transitive)