gulp-file-include
Advanced tools
gulp-file-include - npm Package Compare versions
+13
-4
@@ -108,5 +108,9 @@ 'use strict'; | ||
| function conditionalHandler(inst) { | ||
| // jshint ignore: start | ||
| var condition = new Function('var context = this; with (context) { return ' + inst.args + '; }').call(data); | ||
| // jshint ignore: end | ||
| try { | ||
| // jshint ignore: start | ||
| var condition = new Function('var context = this; with (context) { return ' + inst.args + '; }').call(data); | ||
| // jshint ignore: end | ||
| } catch (error) { | ||
| throw new Error(error.message + ': ' + inst.args); | ||
| } | ||
@@ -117,6 +121,11 @@ return condition ? inst.body : ''; | ||
| function forHandler(inst) { | ||
| var condition = 'var context = this; with (context) { var result=""; for' + inst.args + ' { result+=`' + inst.body + '`; } return result; }'; | ||
| var forLoop = 'for' + inst.args + ' { result+=`' + inst.body + '`; }'; | ||
| var condition = 'var context = this; with (context) { var result=""; ' + forLoop + ' return result; }'; | ||
| try { | ||
| // jshint ignore: start | ||
| var result = new Function(condition).call(data); | ||
| // jshint ignore: end | ||
| } catch (error) { | ||
| throw new Error(error.message + ': ' + forLoop); | ||
| } | ||
@@ -123,0 +132,0 @@ return result; |
+8
-8
| { | ||
| "name": "gulp-file-include", | ||
| "version": "1.1.0", | ||
| "version": "1.2.0", | ||
| "description": "a gulp plugin for file include", | ||
@@ -31,12 +31,12 @@ "main": "lib/index.js", | ||
| "devDependencies": { | ||
| "gulp": "3", | ||
| "istanbul": "0", | ||
| "markdown": "0", | ||
| "mocha": "3", | ||
| "should": "11" | ||
| "gulp": "^3.9.1", | ||
| "istanbul": "^0.4.5", | ||
| "markdown": "^0.5.0", | ||
| "mocha": "^3.5.0", | ||
| "should": "^11.2.1" | ||
| }, | ||
| "dependencies": { | ||
| "balanced-match": "^0.4.2", | ||
| "balanced-match": "^1.0.0", | ||
| "concat-stream": "^1.6.0", | ||
| "extend": "^3.0.0", | ||
| "extend": "^3.0.1", | ||
| "flatnest": "^1.0.0", | ||
@@ -43,0 +43,0 @@ "gulp-util": "^3.0.8", |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
18119
1.54%- Lines of code
335
2.76%Dependency changes
+ Added
balanced-match@1.0.2(transitive)- Removed
balanced-match@0.4.2(transitive)Updated
balanced-match@^1.0.0Updated
extend@^3.0.1