core-js-pure
Advanced tools
core-js-pure - npm Package Compare versions
@@ -7,5 +7,5 @@ var IS_PURE = require('../internals/is-pure'); | ||
| })('versions', []).push({ | ||
| version: '3.11.0', | ||
| version: '3.11.1', | ||
| mode: IS_PURE ? 'pure' : 'global', | ||
| copyright: '© 2021 Denis Pushkarev (zloirock.ru)' | ||
| }); |
+15
-12
@@ -9,2 +9,3 @@ 'use strict'; | ||
| var redefineAll = require('../internals/redefine-all'); | ||
| var setPrototypeOf = require('../internals/object-set-prototype-of'); | ||
| var setToStringTag = require('../internals/set-to-string-tag'); | ||
@@ -36,2 +37,3 @@ var setSpecies = require('../internals/set-species'); | ||
| var getInternalPromiseState = InternalStateModule.getterFor(PROMISE); | ||
| var NativePromisePrototype = NativePromise && NativePromise.prototype; | ||
| var PromiseConstructor = NativePromise; | ||
@@ -41,3 +43,2 @@ var TypeError = global.TypeError; | ||
| var process = global.process; | ||
| var $fetch = getBuiltIn('fetch'); | ||
| var newPromiseCapability = newPromiseCapabilityModule.f; | ||
@@ -289,7 +290,7 @@ var newGenericPromiseCapability = newPromiseCapability; | ||
| if (!IS_PURE && typeof NativePromise == 'function') { | ||
| nativeThen = NativePromise.prototype.then; | ||
| if (!IS_PURE && typeof NativePromise == 'function' && NativePromisePrototype !== Object.prototype) { | ||
| nativeThen = NativePromisePrototype.then; | ||
| // wrap native Promise#then for native async functions | ||
| redefine(NativePromise.prototype, 'then', function then(onFulfilled, onRejected) { | ||
| // make `Promise#then` return a polyfilled `Promise` for native promise-based APIs | ||
| redefine(NativePromisePrototype, 'then', function then(onFulfilled, onRejected) { | ||
| var that = this; | ||
@@ -302,9 +303,11 @@ return new PromiseConstructor(function (resolve, reject) { | ||
| // wrap fetch result | ||
| if (typeof $fetch == 'function') $({ global: true, enumerable: true, forced: true }, { | ||
| // eslint-disable-next-line no-unused-vars -- required for `.length` | ||
| fetch: function fetch(input /* , init */) { | ||
| return promiseResolve(PromiseConstructor, $fetch.apply(global, arguments)); | ||
| } | ||
| }); | ||
| // make `.constructor === Promise` work for native promise-based APIs | ||
| try { | ||
| delete NativePromisePrototype.constructor; | ||
| } catch (error) { /* empty */ } | ||
| // make `instanceof Promise` work for native promise-based APIs | ||
| if (setPrototypeOf) { | ||
| setPrototypeOf(NativePromisePrototype, PromiseConstructor.prototype); | ||
| } | ||
| } | ||
@@ -311,0 +314,0 @@ } |
+2
-2
| { | ||
| "name": "core-js-pure", | ||
| "description": "Standard library", | ||
| "version": "3.11.0", | ||
| "version": "3.11.1", | ||
| "repository": { | ||
@@ -58,3 +58,3 @@ "type": "git", | ||
| }, | ||
| "gitHead": "e94a771bfe1c88f1c37c4fa05505e82e84739493" | ||
| "gitHead": "1e9c4fbb22c7954d50a4db09d40d5c7648bead88" | ||
| } |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
624734
0.03%- Lines of code
15106
0.01%- Number of medium supply chain risk alerts
12
-36.84%