New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@lavamoat/lavadome-react
Advanced tools
@lavamoat/lavadome-react - npm Package Compare versions
Comparing version 0.0.16 to 0.0.17
@@ -1,2 +0,2 @@ | ||
| (()=>{"use strict";var e={n:t=>{var o=t&&t.__esModule?()=>t.default:()=>t;return e.d(o,{a:o}),o},d:(t,o)=>{for(var n in o)e.o(o,n)&&!e.o(t,n)&&Object.defineProperty(t,n,{enumerable:!0,get:o[n]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{LavaDome:()=>se,toLavaDomeToken:()=>re});const o=require("react");var n=e.n(o);const{Object:a,Array:r,Function:s,Math:i,parseInt:l,WeakMap:u,Error:p,JSON:c,crypto:m}=globalThis,{defineProperties:d,assign:f,getOwnPropertyDescriptor:h,entries:v,create:y,hasOwn:g}=a,{from:b}=r,{random:w}=i,{stringify:S}=c,D=m?.randomUUID?.bind(m),O=(e,t,o)=>e&&s.prototype.call.bind(h(e,t)[o]),I=O(globalThis?.Element?.prototype,"attachShadow","value"),M=O(globalThis?.Document?.prototype,"createElement","value"),T=O(globalThis?.Node?.prototype,"appendChild","value"),L=O(globalThis?.Node?.prototype,"textContent","set"),_=O(globalThis?.Element?.prototype,"setAttribute","value"),x=O(globalThis?.String?.prototype,"toUpperCase","value"),k=O(globalThis?.Array?.prototype,"map","value"),E=O(globalThis?.Array?.prototype,"join","value"),N=O(globalThis?.Array?.prototype,"keys","value"),j=O(globalThis?.Array?.prototype,"at","value"),U=O(globalThis?.WeakMap?.prototype,"get","value"),P=O(globalThis?.WeakMap?.prototype,"set","value"),A=O(globalThis?.Number?.prototype,"toFixed","value"),$={isInnerInstance:Symbol("isInnerInstance"),unsafeOpenModeShadow:"unsafeOpenModeShadow"},R=e=>function(t,o,n){const a=e[t];return g(e,t)?typeof a!==o?n:a:n},q="abcdefghijklmnopqrstuvwxyz",z="0123456789",C="!@#$%^&*()?.;:\"'[]{}+=-_/",F={letters:q,digits:z,symbols:C,alphanumeric:q+z,all:q+x(q)+z+C},{letters:W,alphanumeric:G,all:J}=F,Y=(e,t)=>e[l(A(w()*t))];function B(e,t,o=""){return e=E(k(v(e),(([e,t])=>`${e}: ${t} !important`)),"; "),function(){const n=M(document,t());return _(n,"style",e),L(n,o),n}}const H=e=>()=>e(),K=H(B({"-webkit-user-modify":"unset","-webkit-user-select":"none","user-select":"none"},(()=>(7,Y(W,26)+E(k(b(N(r(7))),(()=>Y(G,36))),""))))),Q=H(B({top:"-10px",right:"-10px",position:"fixed","font-size":"1px"},(()=>"span"),J)),V=new u;function X(e,t){t=function(e={}){const{unsafeOpenModeShadow:t,isInnerInstance:o}=$,n=R(f(y(null),e)),a=y(null);return a.isInnerInstance=n(o,"boolean",!1),a.unsafeOpenModeShadow=n(t,"boolean",!1),a}(t),d(this,{text:{value:function(e){if("string"!=typeof e)throw new p(`LavaDomeCore: first argument must be a string, instead got ${S(e)}`);if(void 0===j(b(e),1))return L(o,e);k(b(e),(e=>{const n=M(document,"span");t[$.isInnerInstance]=!0,new X(n,t).text(e),T(o,n)})),T(o,Q())}}});const o=K(),n=function(e,t){const{unsafeOpenModeShadow:o,isInnerInstance:n}=t;let a=U(V,e);if(!a){const t={mode:"closed"};o&&(t.mode="open",n||console.warn("LavaDome:",`Initiated with "${$.unsafeOpenModeShadow}" set to true.`,"This leaves LavaDome fully vulnerable, ONLY USE FOR TESTING!")),a=I(e,t),P(V,e,a)}return a}(e,t);T(n,o)}const{all:Z}=F,ee=y(null),te=y(null),oe=y(null),ne=!!D,ae=()=>ne?D():(Math.random()+1).toString(36).substring(7),re=e=>{if("string"!=typeof e)throw new Error(`LavaDomeReact: first argument must be a string, instead got ${S(e)}`);if(!g(te,e)){const t=ae();te[e]=t,ee[t]=e}return te[e]},se=({text:e,unsafeOpenModeShadow:t})=>{const a=e,r=(0,o.useRef)(null);return n().createElement("span",{ref:r,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/lavadome.jsx",lineNumber:11,columnNumber:9},__self:void 0},n().createElement(ie,{host:r,token:a,unsafeOpenModeShadow:t,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/lavadome.jsx",lineNumber:12,columnNumber:13},__self:void 0}))};function ie({host:e,token:t,unsafeOpenModeShadow:a}){let r;const s=function(e,t){if(!ne){if(!t)throw new Error('LavaDomeReact: this runtime environment does not seem to support some API required for LavaDome to perform safely ("crypto.randomUUID").');console.warn("LavaDomeReact:",'It seems that some API required for LavaDome to perform safely is missing ("crypto.randomUUID").',`Since option "${$.unsafeOpenModeShadow}" is enabled,`,"this should be fine, as testing environments are likely to not have support for such features.","If this isn't a testing environment, there's something wrong with your LavaDome setup - this downgrades security!")}const o=ee[e],n="string"==typeof o&&g(te,o),a="string"==typeof e&&g(ee,e);if(!n||!a)throw new Error("LavaDomeReact: first argument must be a valid LavaDome token (replace \"text={'secret'}\" with \"text={toLavaDomeToken('secret')}\")");return o}(t,a);(0,o.useEffect)((()=>{const t={unsafeOpenModeShadow:a};return r=new X(e.current,t),()=>r=null}),[]);const i=function(e){return g(oe,e)||(oe[e]=ae()),oe[e]}(t);return(0,o.useEffect)((()=>r.text(s)),[i]),n().createElement(n().Fragment,null)}var le=exports;for(var ue in t)le[ue]=t[ue];t.__esModule&&Object.defineProperty(le,"__esModule",{value:!0})})(); | ||
| (()=>{"use strict";var e={n:t=>{var o=t&&t.__esModule?()=>t.default:()=>t;return e.d(o,{a:o}),o},d:(t,o)=>{for(var n in o)e.o(o,n)&&!e.o(t,n)&&Object.defineProperty(t,n,{enumerable:!0,get:o[n]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{LavaDome:()=>ne,toLavaDomeToken:()=>oe});const o=require("react");var n=e.n(o);const{Object:a,Array:r,Function:s,Math:l,parseInt:i,WeakMap:u,Error:c,JSON:p}=globalThis,{defineProperties:d,assign:m,getOwnPropertyDescriptor:f,entries:h,create:v,hasOwn:b}=a,{from:y}=r,{random:g}=l,{stringify:w}=p,O=(e,t,o)=>e&&s.prototype.call.bind(f(e,t)[o]),T=O(globalThis?.DocumentFragment?.prototype,"replaceChildren","value"),S=O(globalThis?.Element?.prototype,"attachShadow","value"),M=O(globalThis?.Document?.prototype,"createElement","value"),_=O(globalThis?.Node?.prototype,"appendChild","value"),x=O(globalThis?.Node?.prototype,"textContent","set"),D=O(globalThis?.Element?.prototype,"setAttribute","value"),I=O(globalThis?.String?.prototype,"toUpperCase","value"),k=O(globalThis?.Array?.prototype,"map","value"),E=O(globalThis?.Array?.prototype,"join","value"),L=O(globalThis?.Array?.prototype,"keys","value"),N=O(globalThis?.Array?.prototype,"at","value"),j=O(globalThis?.WeakMap?.prototype,"get","value"),P=O(globalThis?.WeakMap?.prototype,"set","value"),A=O(globalThis?.Number?.prototype,"toFixed","value"),$={isInnerInstance:Symbol("isInnerInstance"),unsafeOpenModeShadow:"unsafeOpenModeShadow"},C=e=>function(t,o,n){const a=e[t];return b(e,t)?typeof a!==o?n:a:n},F="abcdefghijklmnopqrstuvwxyz",z="0123456789",R="!@#$%^&*()?.;:\"'[]{}+=-_/",U={letters:F,digits:z,symbols:R,alphanumeric:F+z,all:F+I(F)+z+R},{letters:W,alphanumeric:q,all:G}=U,J=(e,t)=>e[i(A(g()*t))];function Y(e,t,o=""){return e=E(k(h(e),(([e,t])=>`${e}: ${t} !important`)),"; "),function(){const n=M(document,t());return D(n,"style",e),x(n,o),n}}const B=e=>()=>e(),H=B(Y({"-webkit-user-modify":"unset","-webkit-user-select":"none","user-select":"none"},(()=>(7,J(W,26)+E(k(y(L(r(7))),(()=>J(q,36))),""))))),K=B(Y({top:"-10px",right:"-10px",position:"fixed","font-size":"1px"},(()=>"span"),G)),Q=new u;function V(e,t){t=function(e={}){const{unsafeOpenModeShadow:t,isInnerInstance:o}=$,n=C(m(v(null),e)),a=v(null);return a.isInnerInstance=n(o,"boolean",!1),a.unsafeOpenModeShadow=n(t,"boolean",!1),a}(t),d(this,{text:{value:function(e){if("string"!=typeof e)throw new c(`LavaDomeCore: first argument must be a string, instead got ${w(e)}`);if(void 0===N(y(e),1))return x(n,e);k(y(e),(e=>{const o=M(document,"span");t[$.isInnerInstance]=!0,new V(o,t).text(e),_(n,o)})),_(n,K())}}});const o=function(e,t){const{unsafeOpenModeShadow:o,isInnerInstance:n}=t;let a=j(Q,e);if(!a){const t={mode:"closed"};o&&(t.mode="open",n||console.warn("LavaDome:",`Initiated with "${$.unsafeOpenModeShadow}" set to true.`,"This leaves LavaDome fully vulnerable, ONLY USE FOR TESTING!")),a=S(e,t),P(Q,e,a)}return a}(e,t);T(o);const n=H();_(o,n)}const{all:X}=U,Z=new u,ee=new u,te=v(null),oe=e=>{if("string"!=typeof e)throw new Error(`LavaDomeReact: first argument must be a string, instead got ${w(e)}`);if(!b(te,e)){const t=v(null);te[e]=t,P(Z,t,e)}return te[e]},ne=({text:e,unsafeOpenModeShadow:t})=>{const a=e,r=(0,o.useRef)(null);return n().createElement("span",{ref:r,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/lavadome.jsx",lineNumber:57,columnNumber:9},__self:void 0},n().createElement(ae,{host:r,token:a,unsafeOpenModeShadow:t,__source:{fileName:"/Users/weizman/Documents/lavamoat/LavaDome/packages/react/src/lavadome.jsx",lineNumber:58,columnNumber:13},__self:void 0}))};function ae({host:e,token:t,unsafeOpenModeShadow:a}){const r=function(e){const t=j(Z,e);if(!b(te,t))throw new Error("LavaDomeReact: first argument must be a valid LavaDome token (replace \"text={'secret'}\" with \"text={toLavaDomeToken('secret')}\")");return t}(t),s=function(e){let t=j(ee,e);return t||(t=v(null),P(ee,e,t)),t}(t);return(0,o.useEffect)((()=>{new V(e.current,{unsafeOpenModeShadow:a}).text(r)}),[s]),n().createElement(n().Fragment,null)}var re=exports;for(var se in t)re[se]=t[se];t.__esModule&&Object.defineProperty(re,"__esModule",{value:!0})})(); | ||
| //# sourceMappingURL=main.js.map |
| { | ||
| "name": "@lavamoat/lavadome-react", | ||
| "version": "0.0.16", | ||
| "version": "0.0.17", | ||
| "description": "", | ||
@@ -37,3 +37,3 @@ "license": "MIT", | ||
| "dependencies": { | ||
| "@lavamoat/lavadome-core": "^0.0.16", | ||
| "@lavamoat/lavadome-core": "^0.0.17", | ||
| "@lavamoat/preinstall-always-fail": "^2.0.0" | ||
@@ -40,0 +40,0 @@ }, |
| 'use strict'; | ||
| import {LavaDome} from "./lavadome"; | ||
| export {LavaDome}; | ||
| import {textToToken as toLavaDomeToken} from "./token.mjs"; | ||
| export {toLavaDomeToken}; | ||
| import {LavaDome, textToToken} from "./lavadome"; | ||
| export {LavaDome, textToToken as toLavaDomeToken}; |
| import React, { useEffect, useRef } from 'react' | ||
| import { LavaDome as LavaDomeCore } from "@lavamoat/lavadome-core" | ||
| import {tokenToDep, tokenToText} from "./token.mjs"; | ||
| import {create, hasOwn, stringify, WeakMap, get, set} from "@lavamoat/lavadome-core/src/native.mjs"; | ||
| const | ||
| tokenToTextMap = new WeakMap(), | ||
| tokenToDepMap = new WeakMap(), | ||
| textToTokenMap = create(null); | ||
| // map sensitive text of the user with a unique token representing it, so that the | ||
| // token is the one being passed around React internals rather than the sensitive text | ||
| export const textToToken = text => { | ||
| if (typeof text !== 'string') { | ||
| throw new Error(`LavaDomeReact: first argument must be a string, instead got ${stringify(text)}`); | ||
| } | ||
| if (!hasOwn(textToTokenMap, text)) { | ||
| const token = create(null); | ||
| textToTokenMap[text] = token; | ||
| set(tokenToTextMap, token, text); | ||
| } | ||
| return textToTokenMap[text]; | ||
| } | ||
| // we want to use the token as a useEffect dep, but we don't want to leak it to React | ||
| // map each token with a unique dep-id that is useless and irreversible if obtained | ||
| function tokenToDep(token) { | ||
| let dep = get(tokenToDepMap, token); | ||
| if (!dep) { | ||
| dep = create(null); | ||
| set(tokenToDepMap, token, dep); | ||
| } | ||
| return dep; | ||
| } | ||
| // map given token back to the secret text, but do so safely by making | ||
| // sure input is safe to access and use, as it comes from outside | ||
| function tokenToText(token) { | ||
| const text = get(tokenToTextMap, token); | ||
| if (!hasOwn(textToTokenMap, text)) { | ||
| throw new Error( | ||
| `LavaDomeReact: first argument must be a valid LavaDome token ` + | ||
| `(replace "text={'secret'}" with "text={toLavaDomeToken('secret')}")`); | ||
| } | ||
| return text; | ||
| } | ||
| export const LavaDome = ({ text, unsafeOpenModeShadow }) => { | ||
@@ -21,21 +67,12 @@ // variable @text is named that way only for visibility - in reality it's a lavadome token | ||
| function LavaDomeShadow({ host, token, unsafeOpenModeShadow }) { | ||
| let lavadome; | ||
| const | ||
| // exchange token for sensitive text before check | ||
| text = tokenToText(token), | ||
| // use a unique and useless representation of the token as the useEffect dep | ||
| dep = tokenToDep(token); | ||
| // exchange token for sensitive text before check | ||
| const text = tokenToText(token, unsafeOpenModeShadow); | ||
| // generate a lavadome instance reference with a teardown | ||
| useEffect(() => { | ||
| const opts = { unsafeOpenModeShadow }; | ||
| lavadome = new LavaDomeCore(host.current, opts); | ||
| return () => lavadome = null; | ||
| }, []); | ||
| // use a unique and useless representation of the token as the useEffect dep | ||
| const dep = tokenToDep(token); | ||
| // update lavadome secret text (given that the token is updated too) | ||
| useEffect(() => lavadome.text(text), [dep]); | ||
| useEffect(() => { new LavaDomeCore(host.current, {unsafeOpenModeShadow}).text(text) }, [dep]); | ||
| return <></>; | ||
| } |
Sorry, the diff of this file is not supported yet
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-15.04%
15198
- Number of package files
- decreased by-16.67%
5
- Lines of code
- decreased by-25.45%
82
Dependency changes
+ Added@lavamoat/lavadome-core@0.0.17(transitive)
- Removed@lavamoat/lavadome-core@0.0.16(transitive)