getobject - npm Package Compare versions

Comparing version 0.1.0 to 1.0.0

lib/getobject.js

@@ -44,2 +44,6 @@ /*
   parts = getParts(parts);
+  if (parts.includes('__proto__')) {
+    // do not allow setting of __proto__. See CVE-2020-28282.
+    return;
+  }
 
@@ -46,0 +50,0 @@ var prop = parts.pop();

package.json

 {
   "name": "getobject",
   "description": "get.and.set.deep.objects.easily = true",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "homepage": "https://github.com/cowboy/node-getobject",
@@ -25,3 +25,3 @@ "author": {
   "engines": {
-    "node": ">= 0.8.0"
+    "node": ">=10"
   },
@@ -33,3 +33,3 @@ "scripts": {
     "grunt-contrib-jshint": "~0.1.1",
-    "grunt-contrib-nodeunit": "~0.1.2",
+    "grunt-contrib-nodeunit": "~2.1.0",
     "grunt-contrib-watch": "~0.2.0",
@@ -45,3 +45,6 @@ "grunt": "~0.4.1"
     "dot"
+  ],
+  "files": [
+    "lib"
   ]
 }

README.md

@@ -1,2 +0,2 @@
-# getobject [![Build Status](https://secure.travis-ci.org/cowboy/node-getobject.png?branch=master)](http://travis-ci.org/cowboy/node-getobject)
+# getobject [![Build Status](https://github.com/cowboy/node-getobject/workflows/Tests/badge.svg)](https://github.com/cowboy/node-getobject/actions?workflow=Tests)
 
@@ -16,6 +16,8 @@ get.and.set.deep.objects.easily = true;
 ## Release History
-_(Nothing yet)_
 
+* 11/03/2021 - 1.0.0 Release. Fixes CVE-2020-28282.
+* 21/11/2013 - 0.1.0 Release.
+
 ## License
 Copyright (c) 2013 "Cowboy" Ben Alman
-Licensed under the MIT license.
+Licensed under the MIT license.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

23

increased by15%

Worsened metrics

Total package byte prevSize

3313

decreased by-60.32%

Number of package files

3

decreased by-66.67%

Lines of code

53

decreased by-61.87%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes