javascript-stringify - npm Package Compare versions

Comparing version 1.1.2 to 1.2.0

javascript-stringify.js

@@ -226,5 +226,8 @@ (function (root, stringify) {
    * @param  {(Number|String)} [space]
+   * @param  {Object} [options]
    * @return {String}
    */
-  return function (value, replacer, space) {
+  return function (value, replacer, space, options) {
+    options = options || {}
+
     // Convert the spaces into a string.
@@ -235,2 +238,7 @@ if (typeof space !== 'string') {
 
+    var maxDepth = options.maxDepth || 200;
+
+    var depth = 0;
+    var cache = [];
+
     /**
@@ -240,8 +248,7 @@ * Handle recursion by checking if we've visited this node every iteration.
      * @param  {*}      value
-     * @param  {Array}  cache
      * @return {String}
      */
-    var recurse = function (value, cache, next) {
+    var recurse = function (value, next) {
       // If we've already visited this node before, break the recursion.
-      if (cache.indexOf(value) > -1) {
+      if (cache.indexOf(value) > -1 || depth > maxDepth) {
         return;
@@ -251,2 +258,3 @@ }
       // Push the value into the values cache to avoid an infinite loop.
+      depth++;
       cache.push(value);
@@ -256,3 +264,8 @@
       return next(value, space, function (value) {
-        return recurse(value, cache.slice(), next);
+        var result = recurse(value, next);
+
+        depth--;
+        cache.pop();
+
+        return result;
       });
@@ -264,3 +277,3 @@ };
     if (typeof replacer === 'function') {
-      return recurse(value, [], function (value, space, next) {
+      return recurse(value, function (value, space, next) {
         return replacer(value, space, function (value) {
@@ -272,4 +285,4 @@ return stringify(value, space, next);
 
-    return recurse(value, [], stringify);
+    return recurse(value, stringify);
   };
 });

package.json

 {
   "name": "javascript-stringify",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "description": "Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`",
@@ -5,0 +5,0 @@ "main": "javascript-stringify.js",

README.md

@@ -40,3 +40,3 @@ # JavaScript Stringify
 ```javascript
-javascriptStringify(value[, replacer [, space]])
+javascriptStringify(value[, replacer [, space [, options]]])
 ```
@@ -46,2 +46,6 @@
 
+The `options` object allows some additional configuration:
+
+* **maxDepth** The maximum depth to stringify to
+
 ### Examples
@@ -57,2 +61,4 @@
 
+javascriptStringify({ a: { b: { c: 1 } } }, null, null, { maxDepth: 2 }); // "{a:{b:{}}}"
+
 /**
@@ -59,0 +65,0 @@ * Invalid key names are automatically stringified.

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13164

3.23%

Lines of code

245

3.38%

Number of lines in readme file

115

5.5%

Worsened metrics

Number of low supply chain risk alerts

2

100%

No dependency changes