beezlib - npm Package Compare versions

Comparing version 0.9.17 to 0.9.18

lib/fsys/index.js

@@ -11,2 +11,3 @@ /**
 var util = require('util');
+var vm = require('vm');
 
@@ -240,15 +241,38 @@ var _  =  require('lodash');
      * @method
-     * @param {String} path load file path
+     * @param {String} filePath load file path
      * @param {String} encode file encode
      * @return {Object} load json data
      */
-    readFileFnJSONSync: function (path, encode) {
+    readFileFnJSONSync: function (filePath, encode) {
         encode = encode || 'utf-8';
 
-        if (this.isFileSync(path)) {
-            var raw = fs.readFileSync(path, encode);
+        if (this.isFileSync(filePath)) {
+            var raw = fs.readFileSync(filePath, encode);
+            var exports = {};
+            var context = {
+                process: process,
+                require: function(name) {
+                    var module;
+                    try {
+                        module = require((function (_module) {
+                            if (_module.charAt(0) !== '.') {
+                                return _module;
+                            }
+                            return path.resolve(path.dirname(filePath), _module);
+                        }(name)));
+                    } catch (e) {
+                        throw e;
+                    }
+                    return module;
+                },
+                __filename: __filename,
+                __dilename: __dirname,
+                module: {
+                    exports: exports
+                },
+                exports: exports
+            };
 
             try {
-                var fn = new Function ('process', 'require', '__filename', '__dirname', 'module', 'exports', "return " + raw);
-                return fn(process, require, __filename, __dirname, module, exports);
+                return vm.runInNewContext(raw, context);
             } catch (e) {
@@ -255,0 +279,0 @@ throw e;

package.json

 {
     "name": "beezlib",
-    "version": "0.9.17",
+    "version": "0.9.18",
     "description": "The utility library for Node.js using beez projects.",
@@ -5,0 +5,0 @@ "keywords": [

test/test-fsys.js

@@ -36,2 +36,8 @@ var path = require('path');
         json.hoge.should.equal('foo').be.ok;
+
+        var user = beezlib.fsys.readFileFnJSONSync('test/json/user.js');
+        user.name.should.equal('nickname').be.ok;
+        var user_body = beezlib.fsys.readFileFnJSONSync('test/json/user.body.js');
+        user_body.head.should.equal('head1').be.ok;
+        user.body.should.eql(user_body).be.ok;
     });
@@ -38,0 +44,0 @@ it('readFileMultiConfigureSync', function () {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

426126

increased by0.32%

Number of package files

93

increased by2.2%

Lines of code

3504

increased by1.42%

Number of medium supply chain risk alerts

2

decreased by-33.33%

Worsened metrics

Number of low supply chain risk alerts

12

increased by20%

No dependency changes