convict - npm Package Compare versions

Comparing version 6.0.0 to 6.0.1

package.json

@@ -8,8 +8,15 @@ {
     "config",
+    "conf",
     "key value store",
     "schema",
     "nested",
-    "validation"
+    "validation",
+    "customize",
+    "env",
+    "environment",
+    "json",
+    "yaml",
+    "toml"
   ],
-  "version": "6.0.0",
+  "version": "6.0.1",
   "license": "Apache-2.0",
@@ -33,3 +40,3 @@ "homepage": "https://github.com/mozilla/node-convict",
   },
-  "gitHead": "7f974daa6eb6088b7f366fd0b450634e52d6f211"
+  "gitHead": "7e068d8e41375b065ffe3c14376092d9342a4475"
 }

README.md

 # Convict
 
 [![NPM version](http://img.shields.io/npm/v/convict.svg)](https://www.npmjs.org/package/convict)
+[![Build Status](https://travis-ci.org/mozilla/node-convict.svg?branch=master)](https://travis-ci.org/mozilla/node-convict)
+[![Coverage Status](https://coveralls.io/repos/github/mozilla/node-convict/badge.svg?branch=master)](https://coveralls.io/github/mozilla/node-convict?branch=master)
 
-Convict expands on the standard pattern of configuring node.js applications in a way that is more robust and accessible to collaborators, who may have less interest in digging through imperative code in order to inspect or modify settings. By introducing a configuration schema, convict gives project collaborators more **context** on each setting and enables **validation and early failures** for when configuration goes wrong.
+Convict expands on the standard pattern of configuring node.js applications in a
+way that is more robust and accessible to collaborators, who may have less
+interest in digging through code in order to inspect or modify settings. By
+introducing a configuration schema, convict gives project collaborators more
+**context** on each setting and enables **validation and early failures** for
+when configuration goes wrong.
 
@@ -606,1 +613,6 @@
 * To support *"loading configuration from a `http://foo.bar/some.json` URL"*, build a thin wrapper around convict using your favorite http package (e.g. [`superagent`](https://visionmedia.github.io/superagent/)). Typically, in the success callback, call convict's `load()` on the body of the response.
+
+
+## Migrating
+
+* [Migrating from Convict 5 to 6](MIGRATING_FROM_CONVICT_5_TO_6.md)

src/main.js

@@ -564,4 +564,6 @@ /**
       const parentKey = path.join('.')
-      const parent = walk(this._instance, parentKey, true)
-      parent[childKey] = v
+      if (!(parentKey == '__proto__' || parentKey == 'constructor' || parentKey == 'prototype')) {
+        const parent = walk(this._instance, parentKey, true)
+        parent[childKey] = v 
+      }
       return this
@@ -568,0 +570,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

40929

increased by1.41%

Lines of code

674

increased by0.3%

Number of lines in readme file

618

increased by1.98%

No dependency changes