constantinople
Advanced tools
Comparing version 3.0.0 to 3.0.1
12
index.js
@@ -16,3 +16,3 @@ 'use strict' | ||
try { | ||
Function('return (' + src + ')'); | ||
isExpression(src); | ||
return lastRes = (detect(src).filter(function (key) { | ||
@@ -34,1 +34,11 @@ return !constants || !(key.name in constants); | ||
} | ||
function isExpression(src) { | ||
try { | ||
eval('throw "STOP"; (function () { return (' + src + '); })()'); | ||
return false; | ||
} | ||
catch (err) { | ||
return err === 'STOP'; | ||
} | ||
} |
{ | ||
"name": "constantinople", | ||
"version": "3.0.0", | ||
"version": "3.0.1", | ||
"description": "Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)", | ||
@@ -5,0 +5,0 @@ "keywords": [], |
# constantinople | ||
Determine whether a JavaScript expression evaluates to a constant (using UglifyJS). Here it is assumed to be safe to underestimate how constant something is. | ||
Determine whether a JavaScript expression evaluates to a constant (using acorn). Here it is assumed to be safe to underestimate how constant something is. | ||
@@ -5,0 +5,0 @@ [![Build Status](https://img.shields.io/travis/ForbesLindesay/constantinople/master.svg)](https://travis-ci.org/ForbesLindesay/constantinople) |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
7382
93