@sinonjs/commons - npm Package Compare versions

Comparing version 1.7.1 to 1.7.2

CHANGES.md

 # Changes
 
+## 1.7.2
+
+- [`76ad9c1`](https://github.com/sinonjs/commons/commit/76ad9c16bad29f72420ed55bdf45b65d076108c8)
+  Fix generators causing exceptions in function-name (Sebastian Mayr)
+
+_Released on 2020-04-08._
+
 ## 1.7.1
@@ -4,0 +11,0 @@

lib/function-name.js

@@ -14,11 +14,17 @@ "use strict";
 
-    return (
-        func.displayName ||
-        func.name ||
-        // Use function decomposition as a last resort to get function
-        // name. Does not rely on function decomposition to work - if it
-        // doesn't debugging will be slightly less informative
-        // (i.e. toString will say 'spy' rather than 'myFunc').
-        (String(func).match(/function ([^\s(]+)/) || [])[1]
-    );
+    try {
+        return (
+            func.displayName ||
+            func.name ||
+            // Use function decomposition as a last resort to get function
+            // name. Does not rely on function decomposition to work - if it
+            // doesn't debugging will be slightly less informative
+            // (i.e. toString will say 'spy' rather than 'myFunc').
+            (String(func).match(/function ([^\s(]+)/) || [])[1]
+        );
+    } catch (e) {
+        // Stringify may fail and we might get an exception, as a last-last
+        // resort fall back to empty string.
+        return "";
+    }
 };

lib/function-name.test.js

@@ -55,2 +55,23 @@ "use strict";
     });
+
+    it("should not fail when toString is undefined", function() {
+        refute.exception(function() {
+            functionName(Object.create(null));
+        });
+    });
+
+    it("should not fail when toString throws", function() {
+        refute.exception(function() {
+            var fn;
+            try {
+                // eslint-disable-next-line no-eval
+                fn = eval("(function*() {})")().constructor;
+            } catch (e) {
+                // env doesn't support generators
+                return;
+            }
+
+            functionName(fn);
+        });
+    });
 });

package.json

 {
   "name": "@sinonjs/commons",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "description": "Simple functions shared among the sinon end user libraries",
@@ -32,3 +32,3 @@ "main": "lib/index.js",
   "devDependencies": {
-    "@sinonjs/referee-sinon": "6.0.1",
+    "@sinonjs/referee-sinon": "7.0.2",
     "@studio/changes": "^2.0.0",
@@ -39,11 +39,11 @@ "eslint": "^6.1.0",
     "eslint-plugin-ie11": "^1.0.0",
-    "eslint-plugin-jsdoc": "^21.0.0",
+    "eslint-plugin-jsdoc": "^22.1.0",
     "eslint-plugin-local-rules": "^0.1.0",
     "eslint-plugin-mocha": "^6.1.1",
     "eslint-plugin-prettier": "^3.0.0",
-    "husky": "4.2.1",
+    "husky": "4.2.3",
     "jsverify": "0.8.4",
     "knuth-shuffle": "^1.0.8",
-    "lint-staged": "9.5.0",
-    "mocha": "7.0.1",
+    "lint-staged": "10.1.1",
+    "mocha": "7.1.0",
     "nyc": "15.0.0",
@@ -50,0 +50,0 @@ "prettier": "^1.14.3"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

43645

increased by2.35%

Lines of code

871

increased by2.83%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes