Comparing version 4.2.0 to 4.2.1
18
index.js
'use strict'; | ||
const isObj = require('is-obj'); | ||
const disallowedKeys = [ | ||
'__proto__', | ||
'prototype', | ||
'constructor' | ||
]; | ||
const isValidPath = pathSegments => !pathSegments.some(segment => disallowedKeys.includes(segment)); | ||
function getPathSegments(path) { | ||
@@ -19,2 +27,6 @@ const pathArr = path.split('.'); | ||
if (!isValidPath(parts)) { | ||
return []; | ||
} | ||
return parts; | ||
@@ -30,2 +42,5 @@ } | ||
const pathArr = getPathSegments(path); | ||
if (pathArr.length === 0) { | ||
return; | ||
} | ||
@@ -63,2 +78,5 @@ for (let i = 0; i < pathArr.length; i++) { | ||
const pathArr = getPathSegments(path); | ||
if (pathArr.length === 0) { | ||
return; | ||
} | ||
@@ -65,0 +83,0 @@ for (let i = 0; i < pathArr.length; i++) { |
{ | ||
"name": "dot-prop", | ||
"version": "4.2.0", | ||
"version": "4.2.1", | ||
"description": "Get, set, or delete a property from a nested object using a dot path", | ||
@@ -41,5 +41,5 @@ "license": "MIT", | ||
"devDependencies": { | ||
"ava": "*", | ||
"ava": "1.4.1", | ||
"matcha": "^0.7.0", | ||
"xo": "*" | ||
"xo": "0.24.0" | ||
}, | ||
@@ -46,0 +46,0 @@ "xo": { |
@@ -88,2 +88,4 @@ # dot-prop [![Build Status](https://travis-ci.org/sindresorhus/dot-prop.svg?branch=master)](https://travis-ci.org/sindresorhus/dot-prop) | ||
The following path components are invalid and results in `undefined` being returned: `__proto__`, `prototype`, `constructor`. | ||
#### value | ||
@@ -90,0 +92,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
6350
108
106