enable-window-document - npm Package Compare versions

Comparing version 1.17.0 to 1.19.0

index.js

@@ -5,3 +5,5 @@ let JSDOM = require('jsdom'),
         resources: 'usable',
-        runScripts: 'dangerously'
+        runScripts: global.UNSAFE_MODE 
+            ? 'dangerously' 
+            : 'outside-only'
     });
@@ -8,0 +10,0 @@

package.json

 {
   "name": "enable-window-document",
-  "version": "1.17.0",
+  "version": "1.19.0",
   "description": "Enables \"window\" and \"document\" globals so browser code does not throw errors in Node. Built with JSDOM.",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -42,3 +42,5 @@ # Enable `window` and `document`
         resources: 'usable',
-        runScripts: 'dangerously'
+        runScripts: global.UNSAFE_MODE 
+            ? 'dangerously' 
+            : 'outside-only'
     });
@@ -50,2 +52,5 @@
 
-The `url` param is set for compatibility reasons related to `localStorage`, and `resources` and `runScripts` are set by default so that external scripts work as expected.
+The `url` param is set for compatibility reasons related to `localStorage`, and `resources` and `runScripts` are set by default so that external scripts work as expected.
+
+## Unsafe Mode
+By default, JSDOM is called with `runScripts: 'outside-only'`. Set `global.UNSAFE_MODE` before your `require('enable-window-document')` call to enable dangerous mode and execute external scripts when added to DOM.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

7363

increased by5.11%

Lines of code

9

increased by28.57%

Number of lines in readme file

54

increased by10.2%

No dependency changes