constantinople
Advanced tools
Comparing version 2.0.1 to 3.0.0
52
index.js
'use strict' | ||
var uglify = require('uglify-js') | ||
var detect = require('acorn-globals'); | ||
var lastSRC = '(null)' | ||
var lastRes = true | ||
var lastSRC = '(null)'; | ||
var lastRes = true; | ||
var lastConstants = undefined; | ||
module.exports = isConstant | ||
module.exports = isConstant; | ||
function isConstant(src, constants) { | ||
src = '(' + src + ')' | ||
if (lastSRC === src && lastConstants === constants) return lastRes | ||
lastSRC = src | ||
src = '(' + src + ')'; | ||
if (lastSRC === src && lastConstants === constants) return lastRes; | ||
lastSRC = src; | ||
lastConstants = constants; | ||
try { | ||
Function('return (' + src + ')'); | ||
return lastRes = (detect(src).filter(function (key) { | ||
return !constants || !(key in constants) | ||
}).length === 0) | ||
return !constants || !(key.name in constants); | ||
}).length === 0); | ||
} catch (ex) { | ||
return lastRes = false | ||
return lastRes = false; | ||
} | ||
} | ||
isConstant.isConstant = isConstant | ||
isConstant.isConstant = isConstant; | ||
isConstant.toConstant = toConstant | ||
isConstant.toConstant = toConstant; | ||
function toConstant(src, constants) { | ||
if (!isConstant(src, constants)) throw new Error(JSON.stringify(src) + ' is not constant.') | ||
if (!isConstant(src, constants)) throw new Error(JSON.stringify(src) + ' is not constant.'); | ||
return Function(Object.keys(constants || {}).join(','), 'return (' + src + ')').apply(null, Object.keys(constants || {}).map(function (key) { | ||
@@ -31,25 +33,1 @@ return constants[key]; | ||
} | ||
function detect(src) { | ||
var ast = uglify.parse(src.toString()) | ||
ast.figure_out_scope() | ||
var globals = ast.globals | ||
.map(function (node, name) { | ||
return name | ||
}) | ||
// Walk the AST tree in search for `this` | ||
// Add a fake "this" global when found | ||
var has_this = false; | ||
var walker = new uglify.TreeWalker(function(node) { | ||
if (node instanceof uglify.AST_This) { | ||
has_this = true; | ||
} | ||
}); | ||
ast.walk(walker); | ||
if (has_this) { | ||
globals.push('this') | ||
} | ||
return globals | ||
} |
{ | ||
"name": "constantinople", | ||
"version": "2.0.1", | ||
"version": "3.0.0", | ||
"description": "Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)", | ||
"keywords": [], | ||
"dependencies": { | ||
"uglify-js": "~2.4.0" | ||
"acorn-globals": "^1.0.0" | ||
}, | ||
@@ -9,0 +9,0 @@ "devDependencies": { |
@@ -7,3 +7,3 @@ # constantinople | ||
[![Dependency Status](https://img.shields.io/gemnasium/ForbesLindesay/constantinople.svg)](https://gemnasium.com/ForbesLindesay/constantinople) | ||
[![NPM version](https://img.shields.io/npm/v/constantinople.svg)](http://badge.fury.io/js/constantinople) | ||
[![NPM version](https://img.shields.io/npm/v/constantinople.svg)](https://www.npmjs.org/package/constantinople) | ||
@@ -43,2 +43,2 @@ ## Installation | ||
MIT | ||
MIT |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
43
7212
84
2
+ Addedacorn-globals@^1.0.0
+ Addedacorn@2.7.0(transitive)
+ Addedacorn-globals@1.0.9(transitive)
- Removeduglify-js@~2.4.0
- Removedamdefine@1.0.1(transitive)
- Removedasync@0.2.10(transitive)
- Removedcamelcase@1.2.1(transitive)
- Removeddecamelize@1.2.0(transitive)
- Removedsource-map@0.1.34(transitive)
- Removeduglify-js@2.4.24(transitive)
- Removeduglify-to-browserify@1.0.2(transitive)
- Removedwindow-size@0.1.0(transitive)
- Removedwordwrap@0.0.2(transitive)
- Removedyargs@3.5.4(transitive)