JSONPath - npm Package Compare versions
Comparing version 0.8.5 to 0.9.0
@@ -7,3 +7,4 @@ /* JSONPath 0.8.0 - XPath for JSON | ||
| var _ = require('underscore'); | ||
| var vm = require('vm'), | ||
| _ = require('underscore'); | ||
| exports.eval = jsonPath; | ||
@@ -16,2 +17,3 @@ var cache = {}; | ||
| wrap: (arg && arg.hasOwnProperty('wrap')) ? arg.wrap : true, | ||
| sandbox: (arg && arg.sandbox) ? arg.sandbox : {}, | ||
| normalize: function(expr) { | ||
@@ -115,4 +117,10 @@ if(cache[expr]) { | ||
| eval: function(x, _v, _vname) { | ||
| try { return $ && _v && eval(x.replace(/@/g, "_v")); } | ||
| catch(e) { throw new SyntaxError("jsonPath: " + e.message + ": " + x.replace(/@/g, "_v").replace(/\^/g, "_a")); } | ||
| P.sandbox["_v"] = _v; | ||
| try { | ||
| return $ && _v && vm.runInNewContext(x.replace(/@/g, "_v"), P.sandbox); | ||
| } | ||
| catch(e) { | ||
| console.log(e); | ||
| throw new SyntaxError("jsonPath: " + e.message + ": " + x.replace(/@/g, "_v").replace(/\^/g, "_a")); | ||
| } | ||
| } | ||
@@ -119,0 +127,0 @@ }; |
@@ -19,3 +19,3 @@ { | ||
| ], | ||
| "version": "0.8.5", | ||
| "version": "0.9.0", | ||
| "repository": { | ||
@@ -27,7 +27,7 @@ "type": "git", | ||
| "dependencies": { | ||
| "underscore": "latest" | ||
| "underscore": "1.3.x" | ||
| }, | ||
| "devDependencies": { | ||
| "nodeunit": "latest" | ||
| "nodeunit": "0.6.x" | ||
| } | ||
| } |
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-53.75%
8842
- Number of package files
- decreased by-36.36%
7
- Lines of code
- decreased by-66.67%
130
- Number of low supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedunderscore@1.3.3(transitive)
- Removedunderscore@1.13.7(transitive)
Updatedunderscore@1.3.x