@nuxt/utils - npm Package Compare versions

Comparing version 2.6.2 to 2.6.3

dist/utils.js

 /*!
- * @nuxt/utils v2.6.2 (c) 2016-2019
+ * @nuxt/utils v2.6.3 (c) 2016-2019
 
@@ -1738,4 +1738,34 @@ * - All the amazing contributors
 
+function normalizeFunctions(obj) {
+  if (typeof obj !== 'object' || Array.isArray(obj) || obj === null) {
+    return obj
+  }
+  for (const key in obj) {
+    if (key === '__proto__' || key === 'constructor') {
+      continue
+    }
+    const val = obj[key];
+    if (val !== null && typeof val === 'object' && !Array.isArray(obj)) {
+      obj[key] = normalizeFunctions(val);
+    }
+    if (typeof obj[key] === 'function') {
+      const asString = obj[key].toString();
+      const match = asString.match(/^([^{(]+)=>\s*(.*)/s);
+      if (match) {
+        const fullFunctionBody = match[2].match(/^{?(\s*return\s+)?(.*?)}?$/s);
+        let functionBody = fullFunctionBody[2].trim();
+        if (fullFunctionBody[1] || !match[2].trim().match(/^\s*{/s)) {
+          functionBody = `return ${functionBody}`;
+        }
+        // eslint-disable-next-line no-new-func
+        obj[key] = new Function(...match[1].split(',').map(arg => arg.trim()), functionBody);
+      }
+    }
+  }
+  return obj
+}
+
 function serializeFunction(func) {
   let open = false;
+  func = normalizeFunctions(func);
   return serialize(func)
@@ -1869,6 +1899,3 @@ .replace(serializeFunction.assignmentRE, (_, spaces) => {
   if (entry.parent) {
-    const i = entry.parent.children.findIndex(e => e.id === id);
-    if (i > -1) {
-      entry.parent.children.splice(i, 1);
-    }
+    entry.parent.children = entry.parent.children.filter(e => e.id !== id);
   }
@@ -1921,2 +1948,3 @@
 exports.lockPaths = lockPaths;
+exports.normalizeFunctions = normalizeFunctions;
 exports.parallel = parallel;
@@ -1923,0 +1951,0 @@ exports.promisifyRoute = promisifyRoute;

package.json

 {
   "name": "@nuxt/utils",
-  "version": "2.6.2",
+  "version": "2.6.3",
   "repository": "nuxt/nuxt.js",
@@ -5,0 +5,0 @@ "license": "MIT",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

50262

increased by2.06%

Lines of code

1700

increased by1.61%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes