@lingui/conf
Advanced tools
Comparing version 3.8.3 to 3.8.4
27
index.js
@@ -30,4 +30,2 @@ "use strict"; | ||
var _lodash = _interopRequireDefault(require("lodash.get")); | ||
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; } | ||
@@ -451,19 +449,20 @@ | ||
}; | ||
}; // copied from @EndemolShineGroup/cosmiconfig-typescript-loader | ||
// to support sync operations | ||
// if this PR gets merged and published, this piece of code can be thrown away | ||
// https://github.com/EndemolShineGroup/cosmiconfig-typescript-loader/pull/132 | ||
}; | ||
/** Typescript loader using just typescript API and eval(), instead of using ts-node/register which is slower */ | ||
function TypeScriptLoader(filePath) { | ||
try { | ||
require("ts-node/register"); | ||
var tsc = require("typescript"); | ||
var result = require(filePath); | ||
var fileContent = _fs.default.readFileSync(filePath, "utf-8"); | ||
return (0, _lodash.default)(result, "default", result); | ||
} catch (error) { | ||
// Replace with logger class OR throw a more specific error | ||
throw require("@endemolshinegroup/cosmiconfig-typescript-loader/dist/Errors/TypeScriptCompileError").fromError(error); | ||
} | ||
var _tsc$transpileModule = tsc.transpileModule(fileContent, { | ||
compilerOptions: { | ||
module: tsc.ModuleKind.CommonJS | ||
} | ||
}), | ||
outputText = _tsc$transpileModule.outputText; | ||
var configFileParsed = eval(outputText); | ||
return configFileParsed; | ||
} |
{ | ||
"name": "@lingui/conf", | ||
"version": "3.8.3", | ||
"version": "3.8.4", | ||
"description": "Get lingui configuration from package.json", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
2
21511
523
1