clarinet - npm Package Compare versions

Comparing version 0.11.0 to 0.12.0

clarinet.js

@@ -30,3 +30,6 @@ ;(function (clarinet) {
 
-  var buffers     = [ "textNode", "numberNode" ]
+  var buffers     = {
+        textNode: undefined,
+        numberNode: ""
+    }
     , streamWraps = clarinet.EVENTS.filter(function (ev) {
@@ -97,6 +100,6 @@ return ev !== "error" && ev !== "end";
       ;
-    for (var i = 0, l = buffers.length; i < l; i ++) {
-      var len = parser[buffers[i]].length;
+    for (var buffer in buffers) {
+      var len = parser[buffer] === undefined ? 0 : parser[buffer].length;
       if (len > maxAllowed) {
-        switch (buffers[i]) {
+        switch (buffer) {
           case "text":
@@ -107,3 +110,3 @@ closeText(parser);
           default:
-            error(parser, "Max buffer length exceeded: "+ buffers[i]);
+            error(parser, "Max buffer length exceeded: "+ buffer);
         }
@@ -118,4 +121,4 @@ }
   function clearBuffers (parser) {
-    for (var i = 0, l = buffers.length; i < l; i ++) {
-      parser[buffers[i]] = "";
+    for (var buffer in buffers) {
+      parser[buffer] = buffers[buffer];
     }
@@ -299,6 +302,6 @@ }
     parser.textNode = textopts(parser.opt, parser.textNode);
-    if (parser.textNode) {
+    if (parser.textNode !== undefined) {
       emit(parser, (event ? event : "onvalue"), parser.textNode);
     }
-    parser.textNode = "";
+    parser.textNode = undefined;
   }
@@ -313,2 +316,5 @@
   function textopts (opt, text) {
+    if (text === undefined) {
+      return text;
+    }
     if (opt.trim) text = text.trim();
@@ -466,2 +472,6 @@ if (opt.normalize) text = text.replace(/\s+/g, " ");
         case S.STRING:
+          if (parser.textNode === undefined) {
+            parser.textNode = "";
+          }
+
           // thanks thejh, this is an about 50% performance improvement.
@@ -496,5 +506,2 @@ var starti              = i-1
               parser.position += i - 1 - starti;
-              if(!parser.textNode) {
-                 emit(parser, "onvalue", "");
-              }
               break;
@@ -501,0 +508,0 @@ }

package.json

@@ -11,3 +11,3 @@ {
   ],
-  "version": "0.11.0",
+  "version": "0.12.0",
   "main": "./clarinet.js",
@@ -41,3 +41,3 @@ "homepage": "https://github.com/dscape/clarinet",
   "scripts": {
-    "test": "./node_modules/mocha/bin/mocha -r should -t 10000 -s 2000  test/clarinet.js test/npm.js test/utf8-chunks.js test/position.js"
+    "test": "mocha -r should -t 10000 -s 2000  test/clarinet.js test/npm.js test/utf8-chunks.js test/position.js"
   },
@@ -52,3 +52,3 @@ "engines": {
   },
-  "license": "BSD"
+  "license": "BSD-2-Clause"
 }

README.md

 # clarinet
 
-![NPM Downloads](http://img.shields.io/npm/dm/clarinet.svg?style=flat) ![NPM Version](http://img.shields.io/npm/v/clarinet.svg?style=flat)
+![NPM Downloads](http://img.shields.io/npm/dm/clarinet.svg?style=flat) ![NPM Version](http://img.shields.io/npm/v/clarinet.svg?style=flat) [![CDNJS](https://img.shields.io/cdnjs/v/clarinet.svg)](https://cdnjs.com/libraries/clarinet)
 
@@ -58,3 +58,3 @@ `clarinet` is a sax-like streaming parser for JSON. works in the browser and node.js. `clarinet` is inspired (and forked) from [sax-js][saxjs]. just like you shouldn't use `sax` when you need `dom` you shouldn't use `clarinet` when you need `JSON.parse`. for a more detailed introduction and a performance study please refer to this [article][blog].
 parser.onkey = function (key) {
-  // got a key in an object.
+  // got a subsequent key in an object.
 };
@@ -157,3 +157,3 @@ parser.oncloseobject = function () {
 
-`key` - an object key: argument: key, a string with the current key
+`key` - an object key: argument: key, a string with the current key. Not called for first key (use `openobject` for that).
 
@@ -160,0 +160,0 @@ `closeobject` - indication that an object was closed

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 2 instances in 1 package

Misc. License Issues

License

(Experimental) A package's licensing information has fine-grained problems.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of medium license alerts

0

decreased by-100%

Number of low supply chain risk alerts

2

decreased by-88.24%

Worsened metrics

Total package byte prevSize

32374

decreased by-99.92%

Number of package files

7

decreased by-86.27%

Lines of code

583

decreased by-92.59%

No dependency changes