@drakensoftware/magicmock - npm Package Compare versions

Comparing version 1.3.3 to 1.4.0

dist/MagicMock.js

@@ -25,5 +25,2 @@ "use strict";
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -33,6 +30,3 @@ exports.callMocked = exports.mockClass = exports.mockFunction = exports.resetInvocations = void 0;
 const path = __importStar(require("path"));
-const serialize_javascript_1 = __importDefault(require("serialize-javascript"));
-function deserialize(serializedJavascript) {
-    return eval('(' + serializedJavascript + ')');
-}
+const flatted_1 = require("flatted");
 let invocationCountMap = new Map();
@@ -53,3 +47,3 @@ function resetInvocations() {
     const mock = async (...args) => {
-        const serializedArgs = (0, serialize_javascript_1.default)(args);
+        const serializedArgs = (0, flatted_1.stringify)(args);
         //Create magic mock directory if it does not exist
@@ -79,3 +73,3 @@ if (!fs.existsSync('__magicMock__'))
                         payloads[invocationIndex.toString()] =
-                            JSON.parse((0, serialize_javascript_1.default)(result)); //As it is async, it is important to use the previously defined invocationIndex
+                            JSON.parse((0, flatted_1.stringify)(result)); //As it is async, it is important to use the previously defined invocationIndex
                         fs.writeFileSync(mockPath, JSON.stringify(allPayloads, null, 2));
@@ -93,3 +87,3 @@ resolve(result);
             console.log(`✨ MagicMock is using an snapshot for '${identifier}'`);
-            return new Promise((resolve) => resolve(deserialize(JSON.stringify(payloads[invocationIndex.toString()]))));
+            return new Promise((resolve) => resolve((0, flatted_1.parse)(JSON.stringify(payloads[invocationIndex.toString()]))));
         } //Payload does exist
@@ -96,0 +90,0 @@ };

package.json

 {
   "name": "@drakensoftware/magicmock",
-  "version": "1.3.3",
+  "version": "1.4.0",
   "description": "Create your mocks automagically",
@@ -30,4 +30,4 @@ "main": "dist/index.js",
   "dependencies": {
-    "serialize-javascript": "^6.0.2"
+    "flatted": "^3.3.1"
   }
 }

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

19890

decreased by-1.97%

Lines of code

271

decreased by-2.17%

Dependency changes

• + Addedflatted@^3.3.1

• + Addedflatted@3.3.3(transitive)

• - Removedserialize-javascript@^6.0.2

• - Removedrandombytes@2.1.0(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• - Removedserialize-javascript@6.0.2(transitive)