Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@thi.ng/paths

Package Overview
Dependencies
Maintainers
1
Versions
199
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@thi.ng/paths - npm Package Compare versions

Comparing version 4.1.13 to 4.2.0

19

CHANGELOG.md

@@ -6,26 +6,13 @@ # Change Log

## [4.1.13](https://github.com/thi-ng/umbrella/compare/@thi.ng/paths@4.1.12...@thi.ng/paths@4.1.13) (2021-01-10)
# [4.2.0](https://github.com/thi-ng/umbrella/compare/@thi.ng/paths@4.1.13...@thi.ng/paths@4.2.0) (2021-02-20)
**Note:** Version bump only for package @thi.ng/paths
### Features
* **paths:** use updated/more safe isProtoPath() ([456fac1](https://github.com/thi-ng/umbrella/commit/456fac19a0178de589f31cdd7e7ec2d8a6406c6c))
## [4.1.12](https://github.com/thi-ng/umbrella/compare/@thi.ng/paths@4.1.11...@thi.ng/paths@4.1.12) (2021-01-02)
**Note:** Version bump only for package @thi.ng/paths
## [4.1.11](https://github.com/thi-ng/umbrella/compare/@thi.ng/paths@4.1.10...@thi.ng/paths@4.1.11) (2020-12-22)
**Note:** Version bump only for package @thi.ng/paths
# [4.1.0](https://github.com/thi-ng/umbrella/compare/@thi.ng/paths@4.0.11...@thi.ng/paths@4.1.0) (2020-07-08)

@@ -32,0 +19,0 @@

9

lib/index.js

@@ -35,8 +35,3 @@ 'use strict';

};
const isProtoPath = (path) => checks.isArray(path)
? path.some((x) => x === "__proto__")
: checks.isString(path)
? path.indexOf("__proto__") >= 0
: false;
const disallowProtoPath = (path) => (api.assert(!isProtoPath(path), `unsafe path: '${path}'`), path);
const disallowProtoPath = (path) => (api.assert(!checks.isProtoPath(path), `unsafe path: '${path}'`), path);

@@ -155,2 +150,3 @@ const defGetterUnsafe = (path) => defGetter(path);

const ks = toPath(path);
disallowProtoPath(ks);
let [a, b, c, d] = ks;

@@ -260,3 +256,2 @@ switch (ks.length) {

exports.getInUnsafe = getInUnsafe;
exports.isProtoPath = isProtoPath;
exports.mutIn = mutIn;

@@ -263,0 +258,0 @@ exports.mutInManyUnsafe = mutInManyUnsafe;

@@ -1,1 +0,1 @@

!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@thi.ng/api"),require("@thi.ng/checks"),require("@thi.ng/errors")):"function"==typeof define&&define.amd?define(["exports","@thi.ng/api","@thi.ng/checks","@thi.ng/errors"],t):t(((e="undefined"!=typeof globalThis?globalThis:e||self).thi=e.thi||{},e.thi.ng=e.thi.ng||{},e.thi.ng.paths={}),e.thi.ng.api,e.thi.ng.checks,e.thi.ng.errors)}(this,(function(e,t,n,r){"use strict";const u=e=>n.isArray(e)?e:n.isString(e)?e.length>0?e.split("."):[]:null!=e?[e]:[],s=e=>n.isArray(e)?e.some((e=>"__proto__"===e)):!!n.isString(e)&&e.indexOf("__proto__")>=0;function l(e){const t=u(e),[n,r,s,l]=t;switch(t.length){case 0:return e=>e;case 1:return e=>null!=e?e[n]:void 0;case 2:return e=>null!=e&&null!=(e=e[n])?e[r]:void 0;case 3:return e=>null!=e&&null!=(e=e[n])&&null!=(e=e[r])?e[s]:void 0;case 4:return e=>null!=e&&null!=(e=e[n])&&null!=(e=e[r])&&null!=(e=e[s])?e[l]:void 0;default:return e=>{const n=t.length-1;let r=e;for(let e=0;null!=r&&e<=n;e++)r=r[t[e]];return r}}}function i(e){const t=u(e),[n,r,s,l]=t;switch(t.length){case 0:return(e,t)=>t;case 1:return(e,t)=>((e=o(e))[n]=t,e);case 2:return(e,t)=>{let u;return(e=o(e))[n]=u=o(e[n]),u[r]=t,e};case 3:return(e,t)=>{let u,l;return(e=o(e))[n]=u=o(e[n]),u[r]=l=o(u[r]),l[s]=t,e};case 4:return(e,t)=>{let u,i,a;return(e=o(e))[n]=u=o(e[n]),u[r]=i=o(u[r]),i[s]=a=o(i[s]),a[l]=t,e};default:let e;for(let n=t.length;--n>=0;)e=a(t[n],e);return e}}const o=e=>n.isArray(e)||n.isTypedArray(e)?e.slice():Object.assign({},e),a=(e,t)=>(n,r)=>((n=o(n))[e]=t?t(n[e],r):r,n);function f(e,t,n,...r){return i(t)(e,n.apply(null,(r.unshift(l(t)(e)),r)))}function c(e,t){const n=u(t).slice();if(n.length){const t=n.pop();return f(e,n,(e=>(delete(e=Object.assign({},e))[t],e)))}}function h(e){const t=u(e);let[n,r,s,l]=t;switch(t.length){case 0:return(e,t)=>t;case 1:return(e,t)=>e?(e[n]=t,e):void 0;case 2:return(e,t)=>{let u;return e&&(u=e[n])?(u[r]=t,e):void 0};case 3:return(e,t)=>{let u;return e&&(u=e[n])&&(u=u[r])?(u[s]=t,e):void 0};case 4:return(e,t)=>{let u;return e&&(u=e[n])&&(u=u[r])&&(u=u[s])?(u[l]=t,e):void 0};default:return(e,n)=>{let r=e;const u=t.length-1;for(let e=0;e<u;e++)if(!(r=r[t[e]]))return;return r[t[u]]=n,e}}}function g(e,t,n){return h(t)(e,n)}function d(e,t,n){return i(t)(e,n)}function p(e,t){const n=l(e),r=i(e);return(e,...u)=>r(e,t.apply(null,(u.unshift(n(e)),u)))}e.copy=o,e.defGetter=l,e.defGetterUnsafe=e=>l(e),e.defMutator=h,e.defMutatorUnsafe=e=>h(e),e.defSetter=i,e.defSetterUnsafe=e=>i(e),e.defUpdater=p,e.defUpdaterUnsafe=(e,t)=>p(e,t),e.deleteIn=c,e.deleteInUnsafe=(e,t)=>c(e,t),e.disallowProtoPath=e=>(t.assert(!s(e),`unsafe path: '${e}'`),e),e.exists=(e,t)=>{if(null==e)return!1;for(let n=(t=u(t)).length-1,r=0;r<=n;r++){const u=t[r];if(!e.hasOwnProperty(u))return!1;if(null==(e=e[u])&&r<n)return!1}return!0},e.getIn=function(e,t){return l(t)(e)},e.getInUnsafe=(e,t)=>l(t)(e),e.isProtoPath=s,e.mutIn=g,e.mutInManyUnsafe=function(e,...t){const n=t.length;1&n&&r.illegalArgs(`require even number of args (got ${t.length})`);for(let r=0;r<n&&e;r+=2)e=g(e,t[r],t[r+1]);return e},e.mutInUnsafe=(e,t,n)=>h(t)(e,n),e.setIn=d,e.setInManyUnsafe=function(e,...t){const n=t.length;1&n&&r.illegalArgs(`require even number of KV args (got ${t.length})`);for(let r=0;r<n;r+=2)e=d(e,t[r],t[r+1]);return e},e.setInUnsafe=(e,t,n)=>i(t)(e,n),e.toPath=u,e.updateIn=f,e.updateInUnsafe=(e,t,n,...r)=>f(e,t,n,...r),Object.defineProperty(e,"__esModule",{value:!0})}));
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@thi.ng/api"),require("@thi.ng/checks"),require("@thi.ng/errors")):"function"==typeof define&&define.amd?define(["exports","@thi.ng/api","@thi.ng/checks","@thi.ng/errors"],t):t(((e="undefined"!=typeof globalThis?globalThis:e||self).thi=e.thi||{},e.thi.ng=e.thi.ng||{},e.thi.ng.paths={}),e.thi.ng.api,e.thi.ng.checks,e.thi.ng.errors)}(this,(function(e,t,n,r){"use strict";const u=e=>n.isArray(e)?e:n.isString(e)?e.length>0?e.split("."):[]:null!=e?[e]:[],l=e=>(t.assert(!n.isProtoPath(e),`unsafe path: '${e}'`),e);function s(e){const t=u(e),[n,r,l,s]=t;switch(t.length){case 0:return e=>e;case 1:return e=>null!=e?e[n]:void 0;case 2:return e=>null!=e&&null!=(e=e[n])?e[r]:void 0;case 3:return e=>null!=e&&null!=(e=e[n])&&null!=(e=e[r])?e[l]:void 0;case 4:return e=>null!=e&&null!=(e=e[n])&&null!=(e=e[r])&&null!=(e=e[l])?e[s]:void 0;default:return e=>{const n=t.length-1;let r=e;for(let e=0;null!=r&&e<=n;e++)r=r[t[e]];return r}}}function i(e){const t=u(e),[n,r,l,s]=t;switch(t.length){case 0:return(e,t)=>t;case 1:return(e,t)=>((e=o(e))[n]=t,e);case 2:return(e,t)=>{let u;return(e=o(e))[n]=u=o(e[n]),u[r]=t,e};case 3:return(e,t)=>{let u,s;return(e=o(e))[n]=u=o(e[n]),u[r]=s=o(u[r]),s[l]=t,e};case 4:return(e,t)=>{let u,i,a;return(e=o(e))[n]=u=o(e[n]),u[r]=i=o(u[r]),i[l]=a=o(i[l]),a[s]=t,e};default:let e;for(let n=t.length;--n>=0;)e=a(t[n],e);return e}}const o=e=>n.isArray(e)||n.isTypedArray(e)?e.slice():Object.assign({},e),a=(e,t)=>(n,r)=>((n=o(n))[e]=t?t(n[e],r):r,n);function f(e,t,n,...r){return i(t)(e,n.apply(null,(r.unshift(s(t)(e)),r)))}function c(e,t){const n=u(t).slice();if(n.length){const t=n.pop();return f(e,n,(e=>(delete(e=Object.assign({},e))[t],e)))}}function h(e){const t=u(e);l(t);let[n,r,s,i]=t;switch(t.length){case 0:return(e,t)=>t;case 1:return(e,t)=>e?(e[n]=t,e):void 0;case 2:return(e,t)=>{let u;return e&&(u=e[n])?(u[r]=t,e):void 0};case 3:return(e,t)=>{let u;return e&&(u=e[n])&&(u=u[r])?(u[s]=t,e):void 0};case 4:return(e,t)=>{let u;return e&&(u=e[n])&&(u=u[r])&&(u=u[s])?(u[i]=t,e):void 0};default:return(e,n)=>{let r=e;const u=t.length-1;for(let e=0;e<u;e++)if(!(r=r[t[e]]))return;return r[t[u]]=n,e}}}function g(e,t,n){return h(t)(e,n)}function d(e,t,n){return i(t)(e,n)}function p(e,t){const n=s(e),r=i(e);return(e,...u)=>r(e,t.apply(null,(u.unshift(n(e)),u)))}e.copy=o,e.defGetter=s,e.defGetterUnsafe=e=>s(e),e.defMutator=h,e.defMutatorUnsafe=e=>h(e),e.defSetter=i,e.defSetterUnsafe=e=>i(e),e.defUpdater=p,e.defUpdaterUnsafe=(e,t)=>p(e,t),e.deleteIn=c,e.deleteInUnsafe=(e,t)=>c(e,t),e.disallowProtoPath=l,e.exists=(e,t)=>{if(null==e)return!1;for(let n=(t=u(t)).length-1,r=0;r<=n;r++){const u=t[r];if(!e.hasOwnProperty(u))return!1;if(null==(e=e[u])&&r<n)return!1}return!0},e.getIn=function(e,t){return s(t)(e)},e.getInUnsafe=(e,t)=>s(t)(e),e.mutIn=g,e.mutInManyUnsafe=function(e,...t){const n=t.length;1&n&&r.illegalArgs(`require even number of args (got ${t.length})`);for(let r=0;r<n&&e;r+=2)e=g(e,t[r],t[r+1]);return e},e.mutInUnsafe=(e,t,n)=>h(t)(e,n),e.setIn=d,e.setInManyUnsafe=function(e,...t){const n=t.length;1&n&&r.illegalArgs(`require even number of KV args (got ${t.length})`);for(let r=0;r<n;r+=2)e=d(e,t[r],t[r+1]);return e},e.setInUnsafe=(e,t,n)=>i(t)(e,n),e.toPath=u,e.updateIn=f,e.updateInUnsafe=(e,t,n,...r)=>f(e,t,n,...r),Object.defineProperty(e,"__esModule",{value:!0})}));

@@ -1,2 +0,2 @@

import { toPath } from "./path";
import { disallowProtoPath, toPath } from "./path";
/**

@@ -14,2 +14,3 @@ * Unchecked version of {@link defMutator}.

const ks = toPath(path);
disallowProtoPath(ks);
let [a, b, c, d] = ks;

@@ -16,0 +17,0 @@ switch (ks.length) {

{
"name": "@thi.ng/paths",
"version": "4.1.13",
"version": "4.2.0",
"description": "Immutable, optimized and optionally typed path-based object property / array accessors with structural sharing",

@@ -45,12 +45,12 @@ "module": "./index.js",

"@types/node": "^14.14.14",
"mocha": "^8.2.1",
"mocha": "^8.3.0",
"nyc": "^15.1.0",
"ts-node": "^9.1.1",
"typedoc": "^0.20.4",
"typescript": "^4.1.3"
"typedoc": "^0.20.26",
"typescript": "^4.1.5"
},
"dependencies": {
"@thi.ng/api": "^6.13.6",
"@thi.ng/checks": "^2.8.0",
"@thi.ng/errors": "^1.2.26"
"@thi.ng/api": "^7.0.0",
"@thi.ng/checks": "^2.9.0",
"@thi.ng/errors": "^1.2.27"
},

@@ -84,3 +84,3 @@ "files": [

"sideEffects": false,
"gitHead": "ec0b1d686c9d5f8f73e2c170b9915c2dd875903f"
"gitHead": "2cb9a54255d6a5d7f21c9875002b86c42dd038de"
}

@@ -30,14 +30,12 @@ import { NumOrString, Path } from "@thi.ng/api";

/**
* Helper function to analyze given lookup path for presence of
* `__proto__`. Returns true if the case.
* Helper function to analyze given `path` using
* {@link @thi.ng/checks#isProtoPath}. Throws an error if path contains any
* property which might lead to prototype poisoning.
*
* @remarks
* Also see {@link disallowProtoPath}
* The following properties are considered illegal.
*
* @param path
*/
export declare const isProtoPath: (path: Path) => boolean;
/**
* Helper function to analyze given path using {@link isProtoPath}.
* Throws error if path contains `__proto__`.
* - `__proto__`
* - `prototype`
* - `constructor`
*

@@ -44,0 +42,0 @@ * @param path

import { assert } from "@thi.ng/api";
import { isArray, isString } from "@thi.ng/checks";
import { isArray, isProtoPath, isString } from "@thi.ng/checks";
/**

@@ -55,18 +55,12 @@ * Converts the given key path to canonical form (array).

/**
* Helper function to analyze given lookup path for presence of
* `__proto__`. Returns true if the case.
* Helper function to analyze given `path` using
* {@link @thi.ng/checks#isProtoPath}. Throws an error if path contains any
* property which might lead to prototype poisoning.
*
* @remarks
* Also see {@link disallowProtoPath}
* The following properties are considered illegal.
*
* @param path
*/
export const isProtoPath = (path) => isArray(path)
? path.some((x) => x === "__proto__")
: isString(path)
? path.indexOf("__proto__") >= 0
: false;
/**
* Helper function to analyze given path using {@link isProtoPath}.
* Throws error if path contains `__proto__`.
* - `__proto__`
* - `prototype`
* - `constructor`
*

@@ -73,0 +67,0 @@ * @param path

@@ -81,3 +81,3 @@ <!-- This file is generated - DO NOT EDIT! -->

Package sizes (gzipped, pre-treeshake): ESM: 1.18 KB / CJS: 1.29 KB / UMD: 1.25 KB
Package sizes (gzipped, pre-treeshake): ESM: 1.15 KB / CJS: 1.25 KB / UMD: 1.21 KB

@@ -84,0 +84,0 @@ ## Dependencies

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc