coffee-script - npm Package Compare versions

Comparing version 1.12.5 to 1.12.6

lib/coffee-script/browser.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var CoffeeScript, compile, runScripts,

lib/coffee-script/cake.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var CoffeeScript, cakefileDirectory, fatalError, fs, helpers, missingTask, oparse, options, optparse, path, printTasks, switches, tasks;

lib/coffee-script/coffee-script.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var Lexer, SourceMap, base64encode, compile, ext, fn1, formatSourcePosition, fs, getSourceMap, helpers, i, len, lexer, packageJson, parser, path, ref, sourceMaps, sources, vm, withPrettyErrors,

lib/coffee-script/command.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var BANNER, CoffeeScript, EventEmitter, SWITCHES, compileJoin, compileOptions, compilePath, compileScript, compileStdio, exec, findDirectoryIndex, forkNode, fs, helpers, hidden, joinTimeout, makePrelude, mkdirp, notSources, optionParser, optparse, opts, outputPath, parseOptions, path, printLine, printTokens, printWarn, ref, removeSource, removeSourceDir, silentUnlink, sourceCode, sources, spawn, timeLog, usage, useWinPathSep, version, wait, watch, watchDir, watchedDirs, writeJs,

lib/coffee-script/grammar.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var Parser, alt, alternatives, grammar, name, o, operators, token, tokens, unwrap;

lib/coffee-script/helpers.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var buildLocationData, extend, flatten, ref, repeat, syntaxErrorToString;

lib/coffee-script/index.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var key, ref, val;

lib/coffee-script/lexer.js

@@ -1,4 +0,4 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
-  var BOM, BOOL, CALLABLE, CODE, COFFEE_ALIASES, COFFEE_ALIAS_MAP, COFFEE_KEYWORDS, COMMENT, COMPARE, COMPOUND_ASSIGN, HERECOMMENT_ILLEGAL, HEREDOC_DOUBLE, HEREDOC_INDENT, HEREDOC_SINGLE, HEREGEX, HEREGEX_OMIT, HERE_JSTOKEN, IDENTIFIER, INDENTABLE_CLOSERS, INDEXABLE, INVERSES, JSTOKEN, JS_KEYWORDS, LEADING_BLANK_LINE, LINE_BREAK, LINE_CONTINUER, Lexer, MATH, MULTI_DENT, NOT_REGEX, NUMBER, OPERATOR, POSSIBLY_DIVISION, REGEX, REGEX_FLAGS, REGEX_ILLEGAL, REGEX_INVALID_ESCAPE, RELATION, RESERVED, Rewriter, SHIFT, SIMPLE_STRING_OMIT, STRICT_PROSCRIBED, STRING_DOUBLE, STRING_INVALID_ESCAPE, STRING_OMIT, STRING_SINGLE, STRING_START, TRAILING_BLANK_LINE, TRAILING_SPACES, UNARY, UNARY_MATH, VALID_FLAGS, WHITESPACE, compact, count, invertLiterate, isForFrom, isUnassignable, key, locationDataToString, ref, ref1, repeat, starts, throwSyntaxError,
+  var BOM, BOOL, CALLABLE, CODE, COFFEE_ALIASES, COFFEE_ALIAS_MAP, COFFEE_KEYWORDS, COMMENT, COMPARE, COMPOUND_ASSIGN, HERECOMMENT_ILLEGAL, HEREDOC_DOUBLE, HEREDOC_INDENT, HEREDOC_SINGLE, HEREGEX, HEREGEX_OMIT, HERE_JSTOKEN, IDENTIFIER, INDENTABLE_CLOSERS, INDEXABLE, INVERSES, JSTOKEN, JS_KEYWORDS, LEADING_BLANK_LINE, LINE_BREAK, LINE_CONTINUER, Lexer, MATH, MULTI_DENT, NOT_REGEX, NUMBER, OPERATOR, POSSIBLY_DIVISION, REGEX, REGEX_FLAGS, REGEX_ILLEGAL, REGEX_INVALID_ESCAPE, RELATION, RESERVED, Rewriter, SHIFT, SIMPLE_STRING_OMIT, STRICT_PROSCRIBED, STRING_DOUBLE, STRING_INVALID_ESCAPE, STRING_OMIT, STRING_SINGLE, STRING_START, TRAILING_BLANK_LINE, TRAILING_SPACES, UNARY, UNARY_MATH, UNICODE_CODE_POINT_ESCAPE, VALID_FLAGS, WHITESPACE, compact, count, invertLiterate, isForFrom, isUnassignable, key, locationDataToString, ref, ref1, repeat, starts, throwSyntaxError,
     indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; },
@@ -285,3 +285,5 @@ slice = [].slice;
           return function(value, i) {
-            value = _this.formatString(value);
+            value = _this.formatString(value, {
+              delimiter: quote
+            });
             if (indentRegex) {
@@ -304,3 +306,5 @@ value = value.replace(indentRegex, '\n');
           return function(value, i) {
-            value = _this.formatString(value);
+            value = _this.formatString(value, {
+              delimiter: quote
+            });
             value = value.replace(SIMPLE_STRING_OMIT, function(match, offset) {
@@ -370,2 +374,5 @@ if ((i === 0 && offset === 0) || (i === $ && offset + match.length === value.length)) {
           });
+          body = this.formatRegex(body, {
+            delimiter: '/'
+          });
           index = regex.length;
@@ -449,3 +456,3 @@ ref2 = this.tokens, prev = ref2[ref2.length - 1];
       if (size > this.indent) {
-        if (noNewlines) {
+        if (noNewlines || this.tag() === 'RETURN') {
           this.indebt = size - this.indent;
@@ -752,3 +759,3 @@ this.suppressNewlines();
           case 'NEOSTRING':
-            converted = fn(token[1], i);
+            converted = fn.call(this, token[1], i);
             if (converted.length === 0) {
@@ -875,15 +882,55 @@ if (i === 0) {
       var ref2;
-      return LINE_CONTINUER.test(this.chunk) || ((ref2 = this.tag()) === '\\' || ref2 === '.' || ref2 === '?.' || ref2 === '?::' || ref2 === 'UNARY' || ref2 === 'MATH' || ref2 === 'UNARY_MATH' || ref2 === '+' || ref2 === '-' || ref2 === '**' || ref2 === 'SHIFT' || ref2 === 'RELATION' || ref2 === 'COMPARE' || ref2 === '&' || ref2 === '^' || ref2 === '|' || ref2 === '&&' || ref2 === '||' || ref2 === 'BIN?' || ref2 === 'THROW' || ref2 === 'EXTENDS');
+      return LINE_CONTINUER.test(this.chunk) || ((ref2 = this.tag()) === '\\' || ref2 === '.' || ref2 === '?.' || ref2 === '?::' || ref2 === 'UNARY' || ref2 === 'MATH' || ref2 === 'UNARY_MATH' || ref2 === '+' || ref2 === '-' || ref2 === '**' || ref2 === 'SHIFT' || ref2 === 'RELATION' || ref2 === 'COMPARE' || ref2 === '&' || ref2 === '^' || ref2 === '|' || ref2 === '&&' || ref2 === '||' || ref2 === 'BIN?' || ref2 === 'THROW' || ref2 === 'EXTENDS' || ref2 === 'DEFAULT');
     };
 
-    Lexer.prototype.formatString = function(str) {
-      return str.replace(STRING_OMIT, '$1');
+    Lexer.prototype.formatString = function(str, options) {
+      return this.replaceUnicodeCodePointEscapes(str.replace(STRING_OMIT, '$1'), options);
     };
 
     Lexer.prototype.formatHeregex = function(str) {
-      return str.replace(HEREGEX_OMIT, '$1$2');
+      return this.formatRegex(str.replace(HEREGEX_OMIT, '$1$2'), {
+        delimiter: '///'
+      });
     };
 
+    Lexer.prototype.formatRegex = function(str, options) {
+      return this.replaceUnicodeCodePointEscapes(str, options);
+    };
+
+    Lexer.prototype.unicodeCodePointToUnicodeEscapes = function(codePoint) {
+      var high, low, toUnicodeEscape;
+      toUnicodeEscape = function(val) {
+        var str;
+        str = val.toString(16);
+        return "\\u" + (repeat('0', 4 - str.length)) + str;
+      };
+      if (codePoint < 0x10000) {
+        return toUnicodeEscape(codePoint);
+      }
+      high = Math.floor((codePoint - 0x10000) / 0x400) + 0xD800;
+      low = (codePoint - 0x10000) % 0x400 + 0xDC00;
+      return "" + (toUnicodeEscape(high)) + (toUnicodeEscape(low));
+    };
+
+    Lexer.prototype.replaceUnicodeCodePointEscapes = function(str, options) {
+      return str.replace(UNICODE_CODE_POINT_ESCAPE, (function(_this) {
+        return function(match, escapedBackslash, codePointHex, offset) {
+          var codePointDecimal;
+          if (escapedBackslash) {
+            return escapedBackslash;
+          }
+          codePointDecimal = parseInt(codePointHex, 16);
+          if (codePointDecimal > 0x10ffff) {
+            _this.error("unicode code point escapes greater than \\u{10ffff} are not allowed", {
+              offset: offset + options.delimiter.length,
+              length: codePointHex.length + 4
+            });
+          }
+          return _this.unicodeCodePointToUnicodeEscapes(codePointDecimal);
+        };
+      })(this));
+    };
+
     Lexer.prototype.validateEscapes = function(str, options) {
-      var before, hex, invalidEscape, invalidEscapeRegex, match, message, octal, ref2, unicode;
+      var before, hex, invalidEscape, invalidEscapeRegex, match, message, octal, ref2, unicode, unicodeCodePoint;
       if (options == null) {
@@ -897,5 +944,5 @@ options = {};
       }
-      match[0], before = match[1], octal = match[2], hex = match[3], unicode = match[4];
+      match[0], before = match[1], octal = match[2], hex = match[3], unicodeCodePoint = match[4], unicode = match[5];
       message = octal ? "octal escape sequences are not allowed" : "invalid escape sequence";
-      invalidEscape = "\\" + (octal || hex || unicode);
+      invalidEscape = "\\" + (octal || hex || unicodeCodePoint || unicode);
       return this.error(message + " " + invalidEscape, {
@@ -1072,3 +1119,3 @@ offset: ((ref2 = options.offsetInChunk) != null ? ref2 : 0) + match.index + before.length,
 
-  VALID_FLAGS = /^(?!.*(.).*\1)[imgy]*$/;
+  VALID_FLAGS = /^(?!.*(.).*\1)[imguy]*$/;
 
@@ -1087,6 +1134,8 @@ HEREGEX = /^(?:[^\\\/#]|\\[\s\S]|\/(?!\/\/)|\#(?!\{))*/;
 
-  STRING_INVALID_ESCAPE = /((?:^|[^\\])(?:\\\\)*)\\(?:(0[0-7]|[1-7])|(x(?![\da-fA-F]{2}).{0,2})|(u(?![\da-fA-F]{4}).{0,4}))/;
+  STRING_INVALID_ESCAPE = /((?:^|[^\\])(?:\\\\)*)\\(?:(0[0-7]|[1-7])|(x(?![\da-fA-F]{2}).{0,2})|(u\{(?![\da-fA-F]{1,}\})[^}]*\}?)|(u(?!\{|[\da-fA-F]{4}).{0,4}))/;
 
-  REGEX_INVALID_ESCAPE = /((?:^|[^\\])(?:\\\\)*)\\(?:(0[0-7])|(x(?![\da-fA-F]{2}).{0,2})|(u(?![\da-fA-F]{4}).{0,4}))/;
+  REGEX_INVALID_ESCAPE = /((?:^|[^\\])(?:\\\\)*)\\(?:(0[0-7])|(x(?![\da-fA-F]{2}).{0,2})|(u\{(?![\da-fA-F]{1,}\})[^}]*\}?)|(u(?!\{|[\da-fA-F]{4}).{0,4}))/;
 
+  UNICODE_CODE_POINT_ESCAPE = /(\\\\)|\\u\{([\da-fA-F]+)\}/g;
+
   LEADING_BLANK_LINE = /^[^\n\S]*\n/;
@@ -1093,0 +1142,0 @@

lib/coffee-script/optparse.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var LONG_FLAG, MULTI_FLAG, OPTIONAL, OptionParser, SHORT_FLAG, buildRule, buildRules, normalizeArguments, repeat;

lib/coffee-script/register.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var CoffeeScript, Module, binary, child_process, ext, findExtension, fork, helpers, i, len, loadFile, path, ref;

lib/coffee-script/repl.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -176,3 +176,3 @@ var CoffeeScript, addHistory, addMultilineHandler, fs, getCommandId, merge, nodeREPL, path, ref, replDefaults, runInContext, updateSyntaxError, vm;
       ref1 = process.versions.node.split('.').map(function(n) {
-        return parseInt(n);
+        return parseInt(n, 10);
       }), major = ref1[0], minor = ref1[1], build = ref1[2];
@@ -179,0 +179,0 @@ if (major === 0 && minor < 8) {

lib/coffee-script/rewriter.js

@@ -1,4 +0,4 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
-  var BALANCED_PAIRS, CALL_CLOSERS, EXPRESSION_CLOSE, EXPRESSION_END, EXPRESSION_START, IMPLICIT_CALL, IMPLICIT_END, IMPLICIT_FUNC, IMPLICIT_UNSPACED_CALL, INVERSES, LINEBREAKS, SINGLE_CLOSERS, SINGLE_LINERS, generate, k, left, len, ref, rite,
+  var BALANCED_PAIRS, CALL_CLOSERS, EXPRESSION_CLOSE, EXPRESSION_END, EXPRESSION_START, IMPLICIT_CALL, IMPLICIT_END, IMPLICIT_FUNC, IMPLICIT_UNSPACED_CALL, INVERSES, LINEBREAKS, Rewriter, SINGLE_CLOSERS, SINGLE_LINERS, generate, k, left, len, ref, rite,
     indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; },
@@ -17,3 +17,3 @@ slice = [].slice;
 
-  exports.Rewriter = (function() {
+  exports.Rewriter = Rewriter = (function() {
     function Rewriter() {}
@@ -175,3 +175,3 @@
       return this.scanTokens(function(token, i, tokens) {
-        var endImplicitCall, endImplicitObject, forward, inImplicit, inImplicitCall, inImplicitControl, inImplicitObject, newLine, nextTag, offset, prevTag, prevToken, ref, ref1, ref2, ref3, ref4, ref5, s, sameLine, stackIdx, stackTag, stackTop, startIdx, startImplicitCall, startImplicitObject, startsLine, tag;
+        var endImplicitCall, endImplicitObject, forward, inImplicit, inImplicitCall, inImplicitControl, inImplicitObject, isImplicit, isImplicitCall, isImplicitObject, k, newLine, nextTag, offset, prevTag, prevToken, ref, ref1, ref2, ref3, ref4, ref5, s, sameLine, stackIdx, stackItem, stackTag, stackTop, startIdx, startImplicitCall, startImplicitObject, startsLine, tag;
         tag = token[0];
@@ -187,13 +187,20 @@ prevTag = (prevToken = i > 0 ? tokens[i - 1] : [])[0];
         };
+        isImplicit = function(stackItem) {
+          var ref;
+          return stackItem != null ? (ref = stackItem[2]) != null ? ref.ours : void 0 : void 0;
+        };
+        isImplicitObject = function(stackItem) {
+          return isImplicit(stackItem) && (stackItem != null ? stackItem[0] : void 0) === '{';
+        };
+        isImplicitCall = function(stackItem) {
+          return isImplicit(stackItem) && (stackItem != null ? stackItem[0] : void 0) === '(';
+        };
         inImplicit = function() {
-          var ref, ref1;
-          return (ref = stackTop()) != null ? (ref1 = ref[2]) != null ? ref1.ours : void 0 : void 0;
+          return isImplicit(stackTop());
         };
         inImplicitCall = function() {
-          var ref;
-          return inImplicit() && ((ref = stackTop()) != null ? ref[0] : void 0) === '(';
+          return isImplicitCall(stackTop());
         };
         inImplicitObject = function() {
-          var ref;
-          return inImplicit() && ((ref = stackTop()) != null ? ref[0] : void 0) === '{';
+          return isImplicitObject(stackTop());
         };
@@ -322,4 +329,9 @@ inImplicitControl = function() {
         }
-        if (inImplicitObject() && indexOf.call(LINEBREAKS, tag) >= 0) {
-          stackTop()[2].sameLine = false;
+        if (indexOf.call(LINEBREAKS, tag) >= 0) {
+          for (k = stack.length - 1; k >= 0; k += -1) {
+            stackItem = stack[k];
+            if (isImplicitObject(stackItem)) {
+              stackItem[2].sameLine = false;
+            }
+          }
         }
@@ -402,3 +414,3 @@ newLine = prevTag === 'OUTDENT' || prevToken.newLine;
         var ref, ref1, ref2, ref3;
-        return token[1] !== ';' && (ref = token[0], indexOf.call(SINGLE_CLOSERS, ref) >= 0) && !(token[0] === 'TERMINATOR' && (ref1 = this.tag(i + 1), indexOf.call(EXPRESSION_CLOSE, ref1) >= 0)) && !(token[0] === 'ELSE' && starter !== 'THEN') && !(((ref2 = token[0]) === 'CATCH' || ref2 === 'FINALLY') && (starter === '->' || starter === '=>')) || (ref3 = token[0], indexOf.call(CALL_CLOSERS, ref3) >= 0) && this.tokens[i - 1].newLine;
+        return token[1] !== ';' && (ref = token[0], indexOf.call(SINGLE_CLOSERS, ref) >= 0) && !(token[0] === 'TERMINATOR' && (ref1 = this.tag(i + 1), indexOf.call(EXPRESSION_CLOSE, ref1) >= 0)) && !(token[0] === 'ELSE' && starter !== 'THEN') && !(((ref2 = token[0]) === 'CATCH' || ref2 === 'FINALLY') && (starter === '->' || starter === '=>')) || (ref3 = token[0], indexOf.call(CALL_CLOSERS, ref3) >= 0) && (this.tokens[i - 1].newLine || this.tokens[i - 1][0] === 'OUTDENT');
       };
@@ -405,0 +417,0 @@ action = function(token, i) {

lib/coffee-script/scope.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var Scope,

lib/coffee-script/sourcemap.js

@@ -1,2 +0,2 @@
-// Generated by CoffeeScript 1.12.5
+// Generated by CoffeeScript 1.12.6
 (function() {
@@ -3,0 +3,0 @@ var LineMap, SourceMap;

package.json

@@ -11,3 +11,3 @@ {
   "author": "Jeremy Ashkenas",
-  "version": "1.12.5",
+  "version": "1.12.6",
   "license": "MIT",
@@ -31,3 +31,2 @@ "engines": {
   ],
-  "preferGlobal": true,
   "scripts": {
@@ -45,4 +44,4 @@ "test": "node ./bin/cake test",
     "docco": "~0.7.0",
-    "google-closure-compiler-js": "^20170218.0.0",
-    "highlight.js": "~9.10.0",
+    "google-closure-compiler-js": "^20170423.0.0",
+    "highlight.js": "~9.11.0",
     "jison": ">=0.4.17",
@@ -49,0 +48,0 @@ "markdown-it": "^8.3.1",

README.md

@@ -25,6 +25,6 @@ {
 
-If you have the node package manager, npm, installed:
+Once you have Node.js installed:
 
 ```shell
-npm install --global coffee-script
+npm install --global coffeescript
 ```
@@ -50,3 +50,3 @@
 
-To suggest a feature or report a bug: http://github.com/jashkenas/coffeescript/issues
+To suggest a feature or report a bug: https://github.com/jashkenas/coffeescript/issues
 
@@ -59,2 +59,2 @@ If you’d like to chat, drop by #coffeescript on Freenode IRC.
 
-Our lovely and talented contributors are listed here: http://github.com/jashkenas/coffeescript/contributors
+Our lovely and talented contributors are listed here: https://github.com/jashkenas/coffeescript/contributors

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 3 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 3 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

397659

0.83%

Lines of code

9016

0.64%

Worsened metrics

Number of low supply chain risk alerts

32

3.23%

Number of medium supply chain risk alerts

5

25%

No dependency changes