fast-redact - npm Package Compare versions

Comparing version 1.1.2 to 1.1.3

lib/validator.js

 'use strict'
 
-const { Script } = require('vm')
+const { createContext, runInContext } = require('vm')
 
@@ -26,8 +26,26 @@ module.exports = validator
         const expr = s.replace(/^\*/, '〇').replace(/\.\*/g, '.〇').replace(/\[\*\]/g, '[〇]')
+        if (/\n|;/.test(expr)) throw Error()
         if (/\/\*/.test(expr)) throw Error()
         /* eslint-disable-next-line */
-        new Script(`
-          o.${expr}
-          if ([o.${expr}].length !== 1) throw Error()
-        `).runInNewContext({o: proxy, 〇: null})
+        runInContext(`
+          (function (
+            Array, ArrayBuffer, Atomics, Boolean, DataView, Date,
+            Error, EvalError, Float32Array, Float64Array, Function,
+            Int16Array, Int32Array, Int8Array, Intl, JSON, Map,
+            Math, NaN, Number, Object, Promise, Proxy, RangeError,
+            ReferenceError, Reflect, RegExp, Set, SharedArrayBuffer,
+            String, Symbol, SyntaxError, TypeError, URIError,
+            Uint16Array, Uint32Array, Uint8Array, Uint8ClampedArray,
+            WeakMap, WeakSet, WebAssembly, decodeURI,
+            decodeURIComponent, encodeURI, encodeURIComponent, escape,
+            isFinite, isNaN, parseFloat, parseInt, unescape
+          ) {
+            'use strict'
+            arguments.constructor = null
+            o.${expr}
+            if ([o.${expr}].length !== 1) throw {}
+          })()
+        `, createContext({o: proxy, 〇: null, console}), {
+          codeGeneration: {strings: false, wasm: false}
+        })
       } catch (e) {
@@ -34,0 +52,0 @@ throw Error(ERR_INVALID_PATH(s))

package.json

 {
   "name": "fast-redact",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "very fast object redaction",
@@ -5,0 +5,0 @@ "main": "index.js",

readme.md

@@ -232,3 +232,3 @@ # fast-redact
 ```
-  194 passing (450.351ms)
+  195 passing (581.051ms)
 ```
@@ -235,0 +235,0 @@

test/index.js

@@ -129,2 +129,5 @@ 'use strict'
   }, err('a = o.b'))
+  throws((e) => {
+    fastRedact({paths: ['a\n']})
+  }, err('a\n'))
   end()
@@ -131,0 +134,0 @@ })

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

51616

increased by1.93%

Lines of code

1153

increased by1.86%

No dependency changes