flatstr - npm Package Compare versions

Comparing version 1.0.5 to 1.0.6

index.js

@@ -1,4 +0,19 @@
-module.exports = function flatstr(s) {
-  Number(s)
-  return s
-}
+'use strict'
+
+try { 
+  var flatstr = Function('s', 'return %FlattenString(s)')
+} catch (e) {
+  try { 
+    var v8 = require('v' + '8')
+    v8.setFlagsFromString('--allow-natives-syntax')
+    var flatstr = Function('s', 'return %FlattenString(s)')
+    v8.setFlagsFromString('--no-allow-natives-syntax')
+  } catch (e) {
+    var flatstr = function flatstr(s) {
+      Number(s)
+      return s
+    }
+  }
+}
+
+module.exports = flatstr

package.json

 {
   "name": "flatstr",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "Flattens the underlying C structures of a concatenated JavaScript string",
@@ -5,0 +5,0 @@ "main": "index.js",

readme.md

@@ -62,19 +62,10 @@ # flatstr
 
-There are several ways to indirectly call `String::Flatten` (see `alt-benchmark.js`), but coercion to a number appears to be (one of) the cheapest.
+There are several ways to indirectly call `String::Flatten` (see `alt-benchmark.js`), 
+but coercion to a number appears to be (one of) the cheapest.
 
-Here's the code:
+However since Node 10 the V8 version has stopped using Flatten in all 
+places identified. Thus the code has been updated to seamlessly 
+use the native runtime function `%FlattenString` without having to use 
+the `--allow-natives-syntax` flag directly. 
 
-```js
-module.exports = function flatstr(s) {
-  Number(s)
-  return s
-}
-```
-
-Obviously, you could just use `Number` in your own code, and not use
-this module at all. However, this module serves the purpose of preventing
-misunderstandings in your code base (and potential removal of code that
-appears to be superfluous at first glance). Tests show that the additional
-function wrapper adds negligible overhead.
-
 One final note: calling flatstr too much can in fact negatively effect performance. For instance, don't call it every time you concat (if that
@@ -81,0 +72,0 @@ was performant, v8 wouldn't be using trees in the first place). The best

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

11988

increased by1.5%

Lines of code

289

increased by4.71%

Worsened metrics

Number of package files

6

decreased by-14.29%

Number of lines in readme file

83

decreased by-9.78%

Number of low supply chain risk alerts

3

increased by50%

Number of medium supply chain risk alerts

2

increased byInfinity%

No dependency changes