New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@lavamoat/lavadome-react
Advanced tools
@lavamoat/lavadome-react - npm Package Compare versions
Comparing version 0.0.11 to 0.0.12
@@ -1,2 +0,2 @@ | ||
| (()=>{"use strict";var e={n:t=>{var n=t&&t.__esModule?()=>t.default:()=>t;return e.d(n,{a:n}),n},d:(t,n)=>{for(var o in n)e.o(n,o)&&!e.o(t,o)&&Object.defineProperty(t,o,{enumerable:!0,get:n[o]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{LavaDome:()=>X});const n=require("react");var o=e.n(n);const{Object:a,Array:r,Function:s,Math:l,parseInt:u,WeakMap:i,Error:p,JSON:c}=globalThis,{defineProperties:d,assign:f,getOwnPropertyDescriptor:m,entries:b,create:h,hasOwn:y}=a,{from:v}=r,{random:g}=l,{stringify:w}=c,O=(e,t,n)=>e&&s.prototype.call.bind(m(e,t)[n]),S=O(globalThis?.Element?.prototype,"attachShadow","value"),M=O(globalThis?.Document?.prototype,"createElement","value"),T=O(globalThis?.Node?.prototype,"appendChild","value"),x=O(globalThis?.Node?.prototype,"textContent","set"),_=O(globalThis?.Element?.prototype,"setAttribute","value"),I=O(globalThis?.String?.prototype,"toUpperCase","value"),N=O(globalThis?.Array?.prototype,"map","value"),E=O(globalThis?.Array?.prototype,"join","value"),j=O(globalThis?.Array?.prototype,"keys","value"),D=O(globalThis?.Array?.prototype,"at","value"),k=O(globalThis?.WeakMap?.prototype,"get","value"),L=O(globalThis?.WeakMap?.prototype,"set","value"),P=O(globalThis?.Number?.prototype,"toFixed","value"),A={isInnerInstance:Symbol("isInnerInstance"),unsafeOpenModeShadow:"unsafeOpenModeShadow"},R=e=>function(t,n,o){const a=e[t];return y(e,t)?typeof a!==n?o:a:o},$="abcdefghijklmnopqrstuvwxyz",z="0123456789",F="!@#$%^&*()?.;:\"'[]{}+=-_/",U={letters:$,digits:z,symbols:F,alphanumeric:$+z,all:$+I($)+z+F},{letters:C,alphanumeric:W,all:q}=U,G=(e,t)=>e[u(P(g()*t))];function J(e,t,n=""){return e=E(N(b(e),(([e,t])=>`${e}: ${t} !important`)),"; "),function(){const o=M(document,t());return _(o,"style",e),x(o,n),o}}const Y=e=>()=>e(),B=Y(J({"-webkit-user-modify":"unset","-webkit-user-select":"none","user-select":"none"},(()=>(7,G(C,26)+E(N(v(j(r(7))),(()=>G(W,36))),""))))),H=Y(J({top:"-10px",right:"-10px",position:"fixed","font-size":"1px"},(()=>"span"),q)),K=new i;function Q(e,t){t=function(e={}){const{unsafeOpenModeShadow:t,isInnerInstance:n}=A,o=R(f(h(null),e)),a=h(null);return a.isInnerInstance=o(n,"boolean",!1),a.unsafeOpenModeShadow=o(t,"boolean",!1),a}(t),d(this,{text:{value:function(e){if("string"!=typeof e)throw new p(`LavaDome: first argument must be a string, instead got ${w(e)}`);if(void 0===D(v(e),1))return x(n,e);N(v(e),(e=>{const o=M(document,"span");t[A.isInnerInstance]=!0,new Q(o,t).text(e),T(n,o)})),T(n,H())}}});const n=B(),o=function(e,t){const{unsafeOpenModeShadow:n,isInnerInstance:o}=t;let a=k(K,e);if(!a){const t={mode:"closed"};n&&(t.mode="open",o||console.warn("LavaDome:",`Initiated with "${A.unsafeOpenModeShadow}" set to true.`,"This leaves LavaDome fully vulnerable, ONLY USE FOR TESTING!")),a=S(e,t),L(K,e,a)}return a}(e,t);T(o,n)}const{all:V}=U,X=({text:e,unsafeOpenModeShadow:t})=>{const a=(0,n.useRef)(null);return o().createElement("span",{ref:a,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/index.jsx",lineNumber:7,columnNumber:9},__self:void 0},o().createElement(Z,{text:e,hostRef:a,unsafeOpenModeShadow:t,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/index.jsx",lineNumber:8,columnNumber:13},__self:void 0}))};function Z({hostRef:e,text:t,unsafeOpenModeShadow:a}){const r=(0,n.useRef)(null);return(0,n.useEffect)((()=>(r.current=new Q(e.current,{unsafeOpenModeShadow:a}),()=>r.current=null)),[]),(0,n.useEffect)((()=>{r.current.text(t)}),[t]),o().createElement(o().Fragment,null)}var ee=exports;for(var te in t)ee[te]=t[te];t.__esModule&&Object.defineProperty(ee,"__esModule",{value:!0})})(); | ||
| (()=>{"use strict";var e={n:t=>{var o=t&&t.__esModule?()=>t.default:()=>t;return e.d(o,{a:o}),o},d:(t,o)=>{for(var a in o)e.o(o,a)&&!e.o(t,a)&&Object.defineProperty(t,a,{enumerable:!0,get:o[a]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{LavaDome:()=>Se,toLavaDomeToken:()=>Oe});const o=require("react");var a=e.n(o);const{Object:n,Array:r,Function:l,Math:s,parseInt:i,WeakMap:p,Error:u,JSON:c,Symbol:d}=globalThis,{defineProperties:y,assign:h,getOwnPropertyDescriptor:m,entries:b,create:f,hasOwn:g}=n,{from:v}=r,{random:T}=s,{stringify:w}=c,O=(e,t,o)=>e&&l.prototype.call.bind(m(e,t)[o]),S=O(globalThis?.Element?.prototype,"attachShadow","value"),M=O(globalThis?.Document?.prototype,"createElement","value"),k=O(globalThis?.Node?.prototype,"appendChild","value"),x=O(globalThis?.Node?.prototype,"textContent","set"),_=O(globalThis?.Element?.prototype,"setAttribute","value"),D=O(globalThis?.String?.prototype,"toUpperCase","value"),E=O(globalThis?.Array?.prototype,"map","value"),I=O(globalThis?.Array?.prototype,"join","value"),N=O(globalThis?.Array?.prototype,"keys","value"),j=O(globalThis?.Array?.prototype,"at","value"),A=O(globalThis?.WeakMap?.prototype,"get","value"),L=O(globalThis?.WeakMap?.prototype,"set","value"),P=(O(globalThis?.WeakMap?.prototype,"has","value"),O(globalThis?.Number?.prototype,"toFixed","value")),W={isInnerInstance:Symbol("isInnerInstance"),unsafeOpenModeShadow:"unsafeOpenModeShadow"},C=e=>function(t,o,a){const n=e[t];return g(e,t)?typeof n!==o?a:n:a},F="abcdefghijklmnopqrstuvwxyz",U="0123456789",$="!@#$%^&*()?.;:\"'[]{}+=-_/",z={letters:F,digits:U,symbols:$,alphanumeric:F+U,all:F+D(F)+U+$},{letters:R,alphanumeric:q,all:J}=z,G=(e,t)=>e[i(P(T()*t))];function Y(e,t,o=""){return e=I(E(b(e),(([e,t])=>`${e}: ${t} !important`)),"; "),function(){const a=M(document,t());return _(a,"style",e),x(a,o),a}}const B=e=>()=>e(),H=B(Y({"-webkit-user-modify":"unset","-webkit-user-select":"none","user-select":"none"},(()=>(7,G(R,26)+I(E(v(N(r(7))),(()=>G(q,36))),""))))),K=B(Y({top:"-10px",right:"-10px",position:"fixed","font-size":"1px"},(()=>"span"),J)),Q=new p;function V(e,t){t=function(e={}){const{unsafeOpenModeShadow:t,isInnerInstance:o}=W,a=C(h(f(null),e)),n=f(null);return n.isInnerInstance=a(o,"boolean",!1),n.unsafeOpenModeShadow=a(t,"boolean",!1),n}(t),y(this,{text:{value:function(e){if("string"!=typeof e)throw new u(`LavaDome: first argument must be a string, instead got ${w(e)}`);if(void 0===j(v(e),1))return x(o,e);E(v(e),(e=>{const a=M(document,"span");t[W.isInnerInstance]=!0,new V(a,t).text(e),k(o,a)})),k(o,K())}}});const o=H(),a=function(e,t){const{unsafeOpenModeShadow:o,isInnerInstance:a}=t;let n=A(Q,e);if(!n){const t={mode:"closed"};o&&(t.mode="open",a||console.warn("LavaDome:",`Initiated with "${W.unsafeOpenModeShadow}" set to true.`,"This leaves LavaDome fully vulnerable, ONLY USE FOR TESTING!")),n=S(e,t),L(Q,e,n)}return n}(e,t);k(a,o)}const{all:X}=z,{Object:Z,Array:ee,Function:te,Math:oe,parseInt:ae,WeakMap:ne,Error:re,JSON:le,Symbol:se}=globalThis,{defineProperties:ie,assign:pe,getOwnPropertyDescriptor:ue,entries:ce,create:de,hasOwn:ye}=Z,{from:he}=ee,{random:me}=oe,{stringify:be}=le,fe=(e,t,o)=>e&&te.prototype.call.bind(ue(e,t)[o]),ge=(fe(globalThis?.Element?.prototype,"attachShadow","value"),fe(globalThis?.Document?.prototype,"createElement","value"),fe(globalThis?.Node?.prototype,"appendChild","value"),fe(globalThis?.Node?.prototype,"textContent","set"),fe(globalThis?.Element?.prototype,"setAttribute","value"),fe(globalThis?.String?.prototype,"toUpperCase","value"),fe(globalThis?.Array?.prototype,"map","value"),fe(globalThis?.Array?.prototype,"join","value"),fe(globalThis?.Array?.prototype,"keys","value"),fe(globalThis?.Array?.prototype,"at","value"),fe(globalThis?.WeakMap?.prototype,"get","value")),ve=fe(globalThis?.WeakMap?.prototype,"set","value"),Te=fe(globalThis?.WeakMap?.prototype,"has","value"),we=(fe(globalThis?.Number?.prototype,"toFixed","value"),new ne),Oe=e=>{const t=se();return ve(we,t,e),t},Se=({text:e,unsafeOpenModeShadow:t})=>{const n=e;if(!Te(we,n))throw new Error("LavaDome: first argument must be a valid LavaDome token (replace \"text={'secret'}\" with \"text={toLavaDomeToken('secret')}\")");const r=(0,o.useRef)(null);return a().createElement("span",{ref:r,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/index.jsx",lineNumber:31,columnNumber:9},__self:void 0},a().createElement(Me,{host:r,token:n,unsafeOpenModeShadow:t,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/index.jsx",lineNumber:32,columnNumber:13},__self:void 0}))};function Me({host:e,token:t,unsafeOpenModeShadow:n}){const r=(0,o.useRef)(null);return(0,o.useEffect)((()=>{const t={unsafeOpenModeShadow:n};return r.current=new V(e.current,t),()=>r.current=null}),[]),(0,o.useEffect)((()=>{const e=ge(we,t);r.current.text(e)}),[t]),a().createElement(a().Fragment,null)}var ke=exports;for(var xe in t)ke[xe]=t[xe];t.__esModule&&Object.defineProperty(ke,"__esModule",{value:!0})})(); | ||
| //# sourceMappingURL=main.js.map |
| { | ||
| "name": "@lavamoat/lavadome-react", | ||
| "version": "0.0.11", | ||
| "version": "0.0.12", | ||
| "description": "", | ||
@@ -10,5 +10,2 @@ "license": "MIT", | ||
| "test": "npm run dev & (npm run test-chrome && npm run test-firefox && npm run test-safari)", | ||
| "test-chrome": "../../node_modules/.bin/wdio run chrome.wdio.conf.js", | ||
| "test-safari": "../../node_modules/.bin/wdio run safari.wdio.conf.js", | ||
| "test-firefox": "../../node_modules/.bin/wdio run firefox.wdio.conf.js", | ||
| "build": "NODE_ENV=production LD_PKG=react webpack --config ../../webpack.production.js", | ||
@@ -36,6 +33,8 @@ "dev": "NODE_ENV=development LD_PKG=react webpack serve --config webpack.development.js" | ||
| "webpack-cli": "^5.1.4", | ||
| "webpack-dev-server": "4.15.1" | ||
| "webpack-dev-server": "4.15.1", | ||
| "react": "^16.12.0", | ||
| "react-dom": "^16.12.0" | ||
| }, | ||
| "dependencies": { | ||
| "@lavamoat/lavadome-core": "^0.0.11", | ||
| "@lavamoat/lavadome-core": "^0.0.12", | ||
| "@lavamoat/preinstall-always-fail": "^2.0.0" | ||
@@ -42,0 +41,0 @@ }, |
| import React, { useEffect, useRef } from 'react' | ||
| import { LavaDome as LavaDomeCore } from "@lavamoat/lavadome-core" | ||
| import {WeakMap, get, set, has, Symbol} from "../../core/src/native.mjs" | ||
| // WeakMap{ unique-token -> sensitive-text } | ||
| // Only code with access to this map can exchange a token with a text | ||
| const tokens = new WeakMap(); | ||
| // weakly map sensitive text of the user with a unique token representing it, so that | ||
| // the token is the one being passed around React internals rather than the sensitive text | ||
| export const toLavaDomeToken = text => { | ||
| const lavadome = Symbol(); | ||
| set(tokens, lavadome, text); | ||
| return lavadome; | ||
| } | ||
| export const LavaDome = ({ text, unsafeOpenModeShadow }) => { | ||
| const hostRef = useRef(null); | ||
| // variable @text is named that way only for visibility - in reality it's a lavadome token | ||
| const token = text; | ||
| if (!has(tokens, token)) { | ||
| throw new Error( | ||
| 'LavaDome: first argument must be a valid LavaDome token ' + | ||
| '(replace "text={\'secret\'}" with "text={toLavaDomeToken(\'secret\')}")'); | ||
| } | ||
| const host = useRef(null); | ||
| return ( | ||
| <span ref={hostRef}> | ||
| // form a span to act as the LavaDome host | ||
| <span ref={host}> | ||
| <LavaDomeShadow | ||
| text={text} hostRef={hostRef} | ||
| host={host} token={token} | ||
| unsafeOpenModeShadow={unsafeOpenModeShadow} | ||
| /> | ||
| </span> | ||
| ) | ||
| ); | ||
| }; | ||
| function LavaDomeShadow({ hostRef, text, unsafeOpenModeShadow }) { | ||
| function LavaDomeShadow({ host, token, unsafeOpenModeShadow }) { | ||
| const lavadome = useRef(null); | ||
| useEffect(() => { | ||
| lavadome.current = new LavaDomeCore(hostRef.current, { | ||
| unsafeOpenModeShadow, | ||
| }); | ||
| // generate a lavadome instance reference | ||
| const opts = { unsafeOpenModeShadow }; | ||
| lavadome.current = new LavaDomeCore(host.current, opts); | ||
| return () => lavadome.current = null; | ||
| }, []) | ||
| }, []); | ||
| useEffect(() => { | ||
| // exchange token for sensitive text and update lavadome reference with it | ||
| const text = get(tokens, token); | ||
| lavadome.current.text(text); | ||
| }, [text]); | ||
| }, [token]); | ||
| return <></> | ||
| return <></>; | ||
| } |
Sorry, the diff of this file is not supported yet
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by28.09%
15715
- Lines of code
- increased by67.5%
67
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dev dependency count
- increased by13.33%
17
Dependency changes
+ Added@lavamoat/lavadome-core@0.0.12(transitive)
- Removed@lavamoat/lavadome-core@0.0.11(transitive)