🚀. Socket Launch Week Day 2:Introducing Manifest Alerts.Learn more →
@enclave-vm/ast
Advanced tools
@enclave-vm/ast - npm Package Compare versions
| /** | ||
| * Shared utilities for detecting JavaScript coercion patterns in AST nodes. | ||
| * | ||
| * These detect cases where array/object literals used as computed property keys | ||
| * would coerce to known strings at runtime (e.g. `obj[['constructor']]` or | ||
| * `obj[{toString: () => 'constructor'}]`). | ||
| */ | ||
| /** | ||
| * Extract a string literal from a ReturnStatement inside a BlockStatement. | ||
| * Returns `null` if the body doesn't contain exactly one ReturnStatement | ||
| * returning a string literal. | ||
| */ | ||
| export declare function extractReturnLiteralString(block: any): string | null; | ||
| /** | ||
| * Try to statically determine the coerced string value of an ObjectExpression | ||
| * that defines a `toString` or `valueOf` method returning a string literal. | ||
| * | ||
| * Respects ECMAScript ToPrimitive string-hint precedence: toString is resolved | ||
| * first; valueOf is used only as a fallback. | ||
| * | ||
| * Covers: | ||
| * - `{ toString: () => 'x' }` (ArrowFunctionExpression, expression body) | ||
| * - `{ toString: () => { return 'x' } }` (ArrowFunctionExpression, block body) | ||
| * - `{ toString() { return 'x' } }` (method shorthand / FunctionExpression) | ||
| * - `{ toString: function() { return 'x' } }` (FunctionExpression) | ||
| * - `{ get toString() { return () => 'x' } }` (Getter returning function) | ||
| * - Same patterns with `valueOf` (lower priority) | ||
| * | ||
| * Returns the resolved string or `null` if it cannot be determined. | ||
| */ | ||
| export declare function tryGetObjectCoercedString(node: any): string | null; | ||
| /** | ||
| * Recursively check if an ArrayExpression would coerce to a disallowed string. | ||
| * e.g. `[['__proto__']]` coerces to `'__proto__'` at runtime. | ||
| * | ||
| * Also recurses into ObjectExpression elements inside arrays: | ||
| * e.g. `[{toString: () => 'constructor'}]` coerces to `'constructor'`. | ||
| */ | ||
| export declare function tryGetArrayCoercedString(node: any): string | null; | ||
| /** | ||
| * Try to statically resolve a computed property key expression to possible strings. | ||
| * | ||
| * This is the unified entry point for all computed-key coercion detection. | ||
| * Handles: | ||
| * - `Literal` (string) — `obj['constructor']` | ||
| * - `TemplateLiteral` (no expressions) — `` obj[`constructor`] `` | ||
| * - `ConditionalExpression` — `obj[true ? 'constructor' : 'x']` | ||
| * - `SequenceExpression` — `obj[(0, 'constructor')]` | ||
| * - `AssignmentExpression` — `obj[x = 'constructor']` | ||
| * - `LogicalExpression` — `obj['' || 'constructor']` | ||
| * - `ArrayExpression` — `obj[['constructor']]` | ||
| * - `ObjectExpression` — `obj[{toString: () => 'constructor'}]` | ||
| * | ||
| * Returns an array of all possible resolved strings. For branching expressions | ||
| * (Conditional, Logical), both branches are returned so the caller can check | ||
| * each against the disallowed set. | ||
| */ | ||
| export declare function tryGetStaticComputedKeys(node: any): string[]; |
+1
-1
| { | ||
| "name": "@enclave-vm/ast", | ||
| "version": "2.11.0", | ||
| "version": "2.11.1", | ||
| "description": "A production-ready AST security guard for JavaScript - validate, protect, and enforce code safety with extensible rules", | ||
@@ -5,0 +5,0 @@ "author": "AgentFront <info@agentfront.dev>", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
No alert changes
Improved metrics
- Total package byte prevSize
634223
2.1%- Number of package files
60
1.69%- Lines of code
17351
2.17%No dependency changes