custom-element-flow - npm Package Compare versions

Comparing version 1.0.72 to 1.0.73

bin/update.ts

@@ -26,10 +26,15 @@ #! /usr/bin/env node
       const settingsData = await readFile(filePath.replace('.component.json', '.settings.ts'), 'utf-8');
-      const settingsObject = {
-        activeTab: "Main",
-        tabs: JSON.parse(settingsData),
-      };
+      const settingsObject = eval(settingsData);
+      const settings = settingsObject.settings;
+      
+      console.log("SETTINGS", settings);
 
-      const res = await updateCustomElementSettings(appId, compId, settingsObject);
+      // const settingsObject = {
+      //   activeTab: "Main",
+      //   tabs: settingsData,
+      // };
+
+      // const res = await updateCustomElementSettings(appId, compId, settingsObject);
     }),
   );
 };

dist/bin/update.js

@@ -13,3 +13,2 @@ #! /usr/bin/env node
 import { readFile } from 'fs/promises';
-import { updateCustomElementSettings } from '../src/services/app-service.js';
 export const update = () => __awaiter(void 0, void 0, void 0, function* () {
@@ -26,8 +25,11 @@ const projectDir = process.cwd();
         const settingsData = yield readFile(filePath.replace('.component.json', '.settings.ts'), 'utf-8');
-        const settingsObject = {
-            activeTab: "Main",
-            tabs: JSON.parse(settingsData),
-        };
-        const res = yield updateCustomElementSettings(appId, compId, settingsObject);
+        const settingsObject = eval(settingsData);
+        const settings = settingsObject.settings;
+        console.log("SETTINGS", settings);
+        // const settingsObject = {
+        //   activeTab: "Main",
+        //   tabs: settingsData,
+        // };
+        // const res = await updateCustomElementSettings(appId, compId, settingsObject);
     })));
 });

package.json

 {
   "name": "custom-element-flow",
-  "version": "1.0.72",
+  "version": "1.0.73",
   "description": "My New Project description.",
@@ -5,0 +5,0 @@ "type": "module",

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

74016

increased by0.29%

Lines of code

1922

increased by0.26%

Worsened metrics

Number of medium supply chain risk alerts

5

increased by25%

No dependency changes