core-js - npm Package Compare versions

Comparing version 3.32.1 to 3.32.2

internals/check-correctness-of-iteration.js

@@ -25,3 +25,5 @@ 'use strict';
 module.exports = function (exec, SKIP_CLOSING) {
-  if (!SKIP_CLOSING && !SAFE_CLOSING) return false;
+  try {
+    if (!SKIP_CLOSING && !SAFE_CLOSING) return false;
+  } catch (error) { return false; } // workaround of old WebKit + `eval` bug
   var ITERATION_SUPPORT = false;
@@ -28,0 +30,0 @@ try {

internals/fix-regexp-well-known-symbol-logic.js

@@ -42,3 +42,6 @@ 'use strict';
 
-    re.exec = function () { execCalled = true; return null; };
+    re.exec = function () {
+      execCalled = true;
+      return null;
+    };
 
@@ -45,0 +48,0 @@ re[SYMBOL]('');

internals/ieee754.js

@@ -57,3 +57,3 @@ 'use strict';
       mantissa = roundToEven((number * c - 1) * pow(2, mantissaLength));
-      exponent = exponent + eBias;
+      exponent += eBias;
     } else {
@@ -107,4 +107,4 @@ mantissa = roundToEven(number * pow(2, eBias - 1) * pow(2, mantissaLength));
   } else {
-    mantissa = mantissa + pow(2, mantissaLength);
-    exponent = exponent - eBias;
+    mantissa += pow(2, mantissaLength);
+    exponent -= eBias;
   } return (s ? -1 : 1) * mantissa * pow(2, exponent - mantissaLength);
@@ -111,0 +111,0 @@ };

internals/iterator-define.js

@@ -33,3 +33,4 @@ 'use strict';
     if (KIND === DEFAULT && defaultIterator) return defaultIterator;
-    if (!BUGGY_SAFARI_ITERATORS && KIND in IterablePrototype) return IterablePrototype[KIND];
+    if (!BUGGY_SAFARI_ITERATORS && KIND && KIND in IterablePrototype) return IterablePrototype[KIND];
+
     switch (KIND) {
@@ -39,3 +40,5 @@ case KEYS: return function keys() { return new IteratorConstructor(this, KIND); };
       case ENTRIES: return function entries() { return new IteratorConstructor(this, KIND); };
-    } return function () { return new IteratorConstructor(this); };
+    }
+
+    return function () { return new IteratorConstructor(this); };
   };
@@ -42,0 +45,0 @@

internals/math-expm1.js

@@ -10,2 +10,3 @@ 'use strict';
   // Old FF bug
+  // eslint-disable-next-line no-loss-of-precision -- required for old engines
   || $expm1(10) > 22025.465794806719 || $expm1(10) < 22025.4657948067165168
@@ -12,0 +13,0 @@ // Tor Browser bug

internals/shared.js

@@ -8,7 +8,7 @@ 'use strict';
 })('versions', []).push({
-  version: '3.32.1',
+  version: '3.32.2',
   mode: IS_PURE ? 'pure' : 'global',
   copyright: '© 2014-2023 Denis Pushkarev (zloirock.ru)',
-  license: 'https://github.com/zloirock/core-js/blob/v3.32.1/LICENSE',
+  license: 'https://github.com/zloirock/core-js/blob/v3.32.2/LICENSE',
   source: 'https://github.com/zloirock/core-js'
 });

internals/string-punycode-to-ascii.js

@@ -150,3 +150,3 @@ 'use strict';
         while (true) {
-          var t = k <= bias ? tMin : (k >= bias + tMax ? tMax : k - bias);
+          var t = k <= bias ? tMin : k >= bias + tMax ? tMax : k - bias;
           if (q < t) break;
@@ -153,0 +153,0 @@ var qMinusT = q - t;

modules/es.number.constructor.js

@@ -50,5 +50,16 @@ 'use strict';
       switch (charCodeAt(it, 1)) {
-        case 66: case 98: radix = 2; maxCode = 49; break; // fast equal of /^0b[01]+$/i
-        case 79: case 111: radix = 8; maxCode = 55; break; // fast equal of /^0o[0-7]+$/i
-        default: return +it;
+        // fast equal of /^0b[01]+$/i
+        case 66:
+        case 98:
+          radix = 2;
+          maxCode = 49;
+          break;
+        // fast equal of /^0o[0-7]+$/i
+        case 79:
+        case 111:
+          radix = 8;
+          maxCode = 55;
+          break;
+        default:
+          return +it;
       }
@@ -55,0 +66,0 @@ digits = stringSlice(it, 2);

modules/es.regexp.constructor.js

@@ -89,3 +89,3 @@ 'use strict';
     if (chr === '\\') {
-      chr = chr + charAt(string, ++index);
+      chr += charAt(string, ++index);
     } else if (chr === ']') {
@@ -92,0 +92,0 @@ brackets = false;

modules/esnext.json.parse.js

@@ -33,3 +33,3 @@ 'use strict';
 var IS_NON_ZERO_DIGIT = /^[1-9]$/;
-var IS_NUMBER_START = /^(-|\d)$/;
+var IS_NUMBER_START = /^(?:-|\d)$/;
 var IS_WHITESPACE = /^[\t\n\r ]$/;
@@ -36,0 +36,0 @@

modules/web.structured-clone.js

@@ -65,3 +65,3 @@ 'use strict';
     var number = structuredCloneImplementation(Object(7));
-    return set2 === set1 || !set2.has(7) || typeof number != 'object' || number !== 7;
+    return set2 === set1 || !set2.has(7) || typeof number != 'object' || +number !== 7;
   }) && structuredCloneImplementation;
@@ -68,0 +68,0 @@ };

package.json

 {
   "name": "core-js",
-  "version": "3.32.1",
+  "version": "3.32.2",
   "description": "Standard library",
@@ -5,0 +5,0 @@ "keywords": [

postinstall.js

 'use strict';
+/* eslint-disable node/no-sync -- avoiding overcomplicating */
 var fs = require('fs');
@@ -3,0 +4,0 @@ var os = require('os');

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1194890

0.03%

Lines of code

29822

0.06%

Number of low supply chain risk alerts

11

-15.38%

No dependency changes