+116
-0
@@ -10,2 +10,3 @@ 'use strict'; | ||
| safeParseURL, | ||
| createTransparentProxy, | ||
| }; | ||
@@ -94,1 +95,116 @@ | ||
| } | ||
| /** | ||
| * Create a Proxy that behaves like the real object, but remains transparent to | ||
| * monkeypatch libraries (e.g. defineProperty-based overrides). | ||
| * | ||
| * - Lazily creates the real object on first access. | ||
| * - Allows overriding properties on the proxy target (overlay) to take effect. | ||
| * - Delegates everything else to the real object. | ||
| * | ||
| * @param {Object} options | ||
| * @param {Function} options.createReal Create the real object (lazy) | ||
| * @param {boolean} [options.bindFunctions=true] Bind real methods to the real object | ||
| * @return {Proxy} | ||
| */ | ||
| function createTransparentProxy({ createReal, bindFunctions = true }) { | ||
| if (typeof createReal !== 'function') { | ||
| throw new TypeError('createReal must be a function'); | ||
| } | ||
| let real = null; | ||
| let error = null; | ||
| let initialized = false; | ||
| const init = () => { | ||
| if (initialized) { | ||
| if (error) throw error; | ||
| return; | ||
| } | ||
| initialized = true; | ||
| try { | ||
| real = createReal(); | ||
| } catch (err) { | ||
| error = err; | ||
| throw err; | ||
| } | ||
| }; | ||
| return new Proxy({}, { | ||
| get(target, prop, receiver) { | ||
| init(); | ||
| // Check if property is defined on proxy target (monkeypatch overlay) | ||
| if (Object.getOwnPropertyDescriptor(target, prop)) { | ||
| return Reflect.get(target, prop, receiver); | ||
| } | ||
| const value = real[prop]; | ||
| if (bindFunctions && typeof value === 'function') { | ||
| return value.bind(real); | ||
| } | ||
| return value; | ||
| }, | ||
| set(target, prop, value, receiver) { | ||
| init(); | ||
| if (Object.getOwnPropertyDescriptor(target, prop)) { | ||
| return Reflect.set(target, prop, value, receiver); | ||
| } | ||
| return Reflect.set(real, prop, value); | ||
| }, | ||
| has(target, prop) { | ||
| init(); | ||
| return prop in target || prop in real; | ||
| }, | ||
| ownKeys(target) { | ||
| init(); | ||
| const keys = new Set([ ...Reflect.ownKeys(real), ...Reflect.ownKeys(target) ]); | ||
| return Array.from(keys); | ||
| }, | ||
| getOwnPropertyDescriptor(target, prop) { | ||
| init(); | ||
| return Object.getOwnPropertyDescriptor(target, prop) | ||
| || Object.getOwnPropertyDescriptor(real, prop); | ||
| }, | ||
| deleteProperty(target, prop) { | ||
| init(); | ||
| if (Object.getOwnPropertyDescriptor(target, prop)) { | ||
| return delete target[prop]; | ||
| } | ||
| return delete real[prop]; | ||
| }, | ||
| getPrototypeOf() { | ||
| init(); | ||
| return Object.getPrototypeOf(real); | ||
| }, | ||
| setPrototypeOf(_target, proto) { | ||
| init(); | ||
| return Reflect.setPrototypeOf(real, proto); | ||
| }, | ||
| isExtensible() { | ||
| init(); | ||
| return Reflect.isExtensible(real); | ||
| }, | ||
| preventExtensions(target) { | ||
| init(); | ||
| // Must also prevent extensions on target to satisfy Proxy invariants | ||
| const result = Reflect.preventExtensions(real); | ||
| if (result) { | ||
| Reflect.preventExtensions(target); | ||
| } | ||
| return result; | ||
| }, | ||
| defineProperty(target, prop, descriptor) { | ||
| // Used by monkeypatch libs: keep overrides on proxy target (overlay layer). | ||
| return Reflect.defineProperty(target, prop, descriptor); | ||
| }, | ||
| }); | ||
| } |
+3
-32
@@ -319,36 +319,7 @@ const { performance } = require('perf_hooks'); | ||
| }; | ||
| return new Proxy({}, { | ||
| get(_target, prop) { | ||
| return utils.createTransparentProxy({ | ||
| createReal() { | ||
| init(); | ||
| const value = realClient[prop]; | ||
| if (typeof value === 'function') { | ||
| return value.bind(realClient); | ||
| } | ||
| return value; | ||
| return realClient; | ||
| }, | ||
| set(_target, prop, value) { | ||
| init(); | ||
| realClient[prop] = value; | ||
| return true; | ||
| }, | ||
| has(_target, prop) { | ||
| init(); | ||
| return prop in realClient; | ||
| }, | ||
| ownKeys() { | ||
| init(); | ||
| return Reflect.ownKeys(realClient); | ||
| }, | ||
| getOwnPropertyDescriptor(_target, prop) { | ||
| init(); | ||
| return Object.getOwnPropertyDescriptor(realClient, prop); | ||
| }, | ||
| deleteProperty(_target, prop) { | ||
| init(); | ||
| return delete realClient[prop]; | ||
| }, | ||
| getPrototypeOf() { | ||
| init(); | ||
| return Object.getPrototypeOf(realClient); | ||
| }, | ||
| }); | ||
@@ -355,0 +326,0 @@ } |
+1
-1
| { | ||
| "name": "egg", | ||
| "version": "3.33.0", | ||
| "version": "3.33.1", | ||
| "publishConfig": { | ||
@@ -5,0 +5,0 @@ "tag": "release-3.x", |
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 3 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 3 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
160941
1.48%4532
1.64%23
4.55%