		@@ -0,1 +1,10 @@
		1.11.0 / 2015-06-12
		==================

		* Added block code support ([@alephyud](https://github.com/alephyud))
		* Improved runtime performance of mixins significantly ([Andreas Lubbe](https://github.com/alubbe))
		* Improved runtime performance of jade's string escaping ([Andreas Lubbe](https://github.com/alubbe)) and ([@ForbesLindesay](http://www.forbeslindesay.co.uk/))
		* Better line number counting for pipeless text ([@alephyud](https://github.com/alephyud))


		1.10.0 / 2015-05-25
		@@ -2,0 +11,0 @@ ==================

+3

-1

lib/compiler.js

		@@ -407,3 +407,5 @@ 'use strict';
		}
		this.buf.push(name + ' = function(' + args.join(',') + '){');
		// we need use jade_interp here for v8: https://code.google.com/p/v8/issues/detail?id=4165
		// once fixed, use this: this.buf.push(name + ' = function(' + args.join(',') + '){');
		this.buf.push(name + ' = jade_interp = function(' + args.join(',') + '){');
		this.buf.push('var block = (this && this.block), attributes = (this && this.attributes) \|\| {};');
		@@ -410,0 +412,0 @@ if (rest) {

+17

-0

lib/lexer.js

		@@ -589,3 +589,18 @@ 'use strict';


		/**
		* Block code.
		*/

		blockCode: function() {
		var captures;
		if (captures = /^-\n/.exec(this.input)) {
		this.consume(captures[0].length - 1);
		var tok = this.tok('blockCode');
		this.pipeless = true;
		return tok;
		}
		},

		/**
		* Attributes.
		@@ -849,2 +864,3 @@ */
		this.consume(str.length + 1);
		++this.lineno;
		tokens.push(str.substr(indent.length));
		@@ -921,2 +937,3 @@ }
		\|\| this.filter()
		\|\| this.blockCode()
		\|\| this.code()
		@@ -923,0 +940,0 @@ \|\| this.id()

+21

-0

lib/parser.js

		@@ -236,2 +236,4 @@ 'use strict';
		return this.parseCode();
		case 'blockCode':
		return this.parseBlockCode();
		case 'call':
		@@ -381,2 +383,21 @@ return this.parseCall();
		/**
		* block code
		*/

		parseBlockCode: function(){
		var tok = this.expect('blockCode');
		var node;
		var body = this.peek();
		var text;
		if (body.type === 'pipeless-text') {
		this.advance();
		text = body.val.join('\n');
		} else {
		text = '';
		}
		node = new nodes.Code(text, false, false);
		return node;
		},

		/**
		* comment
		@@ -383,0 +404,0 @@ */

+15

-6

lib/runtime.js

		@@ -182,8 +182,17 @@ 'use strict';

		exports.escape = function escape(html){
		var result = String(html)
		.replace(/&/g, '&')
		.replace(/</g, '<')
		.replace(/>/g, '>')
		.replace(/"/g, '"');
		var jade_encode_html_rules = {
		'&': '&',
		'<': '<',
		'>': '>',
		'"': '"'
		};
		var jade_match_html = /[&<>"]/g;

		function jade_encode_char(c) {
		return jade_encode_html_rules[c] \|\| c;
		}

		exports.escape = jade_escape;
		function jade_escape(html){
		var result = String(html).replace(jade_match_html, jade_encode_char);
		if (result === '' + html) return html;
		@@ -190,0 +199,0 @@ else return result;

+1

-1

package.json

		{
		"name": "jade",
		"description": "A clean, whitespace-sensitive template language for writing HTML",
		"version": "1.10.0",
		"version": "1.11.0",
		"author": "TJ Holowaychuk <tj@vision-media.ca>",
		@@ -6,0 +6,0 @@ "maintainers": [

+15

-6

runtime.js

		@@ -183,8 +183,17 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.jade = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){

		exports.escape = function escape(html){
		var result = String(html)
		.replace(/&/g, '&')
		.replace(/</g, '<')
		.replace(/>/g, '>')
		.replace(/"/g, '"');
		var jade_encode_html_rules = {
		'&': '&',
		'<': '<',
		'>': '>',
		'"': '"'
		};
		var jade_match_html = /[&<>"]/g;

		function jade_encode_char(c) {
		return jade_encode_html_rules[c] \|\| c;
		}

		exports.escape = jade_escape;
		function jade_escape(html){
		var result = String(html).replace(jade_match_html, jade_encode_char);
		if (result === '' + html) return html;
		@@ -191,0 +200,0 @@ else return result;

jade.js

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

jade - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics