		@@ -1094,2 +1094,3 @@ /* AUTO-GENERATED. DO NOT MODIFY. */
		this.NON_SEMICOLON_NEWLINE_PROPERTY = [
		"grid-template-areas",
		"grid-template"
		@@ -1426,3 +1427,4 @@ ];
		} else if (this._ch === '"' \|\| this._ch === '\'') {
		this.preserveSingleSpace(isAfterSpace);
		var preserveQuoteSpace = previous_ch === '"' \|\| previous_ch === '\'';
		this.preserveSingleSpace(preserveQuoteSpace \|\| isAfterSpace);
		this.print_string(this._ch + this.eatString(this._ch));
		@@ -1471,3 +1473,8 @@ this.eatWhitespace(true);
		} else {
		this.preserveSingleSpace(isAfterSpace);
		var space_needed = false;
		if (this._input.lookBack("with")) {
		// look back is not an accurate solution, we need tokens to confirm without whitespaces
		space_needed = true;
		}
		this.preserveSingleSpace(isAfterSpace \|\| space_needed);
		this.print_string(this._ch);
		@@ -1530,3 +1537,3 @@
		} else if (this._ch === '!' && !this._input.lookBack("\\")) { // !important
		this.print_string(' ');
		this._output.space_before_token = true;
		this.print_string(this._ch);
		@@ -1533,0 +1540,0 @@ } else {

+10

-3

js/src/css/beautifier.js

		@@ -71,2 +71,3 @@ /jshint node:true /
		this.NON_SEMICOLON_NEWLINE_PROPERTY = [
		"grid-template-areas",
		"grid-template"
		@@ -403,3 +404,4 @@ ];
		} else if (this._ch === '"' \|\| this._ch === '\'') {
		this.preserveSingleSpace(isAfterSpace);
		var preserveQuoteSpace = previous_ch === '"' \|\| previous_ch === '\'';
		this.preserveSingleSpace(preserveQuoteSpace \|\| isAfterSpace);
		this.print_string(this._ch + this.eatString(this._ch));
		@@ -448,3 +450,8 @@ this.eatWhitespace(true);
		} else {
		this.preserveSingleSpace(isAfterSpace);
		var space_needed = false;
		if (this._input.lookBack("with")) {
		// look back is not an accurate solution, we need tokens to confirm without whitespaces
		space_needed = true;
		}
		this.preserveSingleSpace(isAfterSpace \|\| space_needed);
		this.print_string(this._ch);
		@@ -507,3 +514,3 @@
		} else if (this._ch === '!' && !this._input.lookBack("\\")) { // !important
		this.print_string(' ');
		this._output.space_before_token = true;
		this.print_string(this._ch);
		@@ -510,0 +517,0 @@ } else {

+18

-5

js/src/html/beautifier.js

		@@ -610,10 +610,15 @@ /jshint node:true /
		} else {
		tag_check_match = raw_token.text.match(/^{{(?:[\^]\|#\*?)?([^\s}]+)/);
		tag_check_match = raw_token.text.match(/^{{~?(?:[\^]\|#\*?)?([^\s}]+)/);
		this.tag_check = tag_check_match ? tag_check_match[1] : '';

		// handle "{{#> myPartial}}
		if (raw_token.text === '{{#>' && this.tag_check === '>' && raw_token.next !== null) {
		this.tag_check = raw_token.next.text.split(' ')[0];
		// handle "{{#> myPartial}}" or "{{~#> myPartial}}"
		if ((raw_token.text.startsWith('{{#>') \|\| raw_token.text.startsWith('{{~#>')) && this.tag_check[0] === '>') {
		if (this.tag_check === '>' && raw_token.next !== null) {
		this.tag_check = raw_token.next.text.split(' ')[0];
		} else {
		this.tag_check = raw_token.text.split('>')[1];
		}
		}
		}

		this.tag_check = this.tag_check.toLowerCase();
		@@ -630,5 +635,13 @@

		// if whitespace handler ~ included (i.e. {{~#if true}}), handlebars tags start at pos 3 not pos 2
		var handlebar_starts = 2;
		if (this.tag_start_char === '{' && this.text.length >= 3) {
		if (this.text.charAt(2) === '~') {
		handlebar_starts = 3;
		}
		}

		// handlebars tags that don't start with # or ^ are single_tags, and so also start and end.
		this.is_end_tag = this.is_end_tag \|\|
		(this.tag_start_char === '{' && (this.text.length < 3 \|\| (/[^#\^]/.test(this.text.charAt(2)))));
		(this.tag_start_char === '{' && (this.text.length < 3 \|\| (/[^#\^]/.test(this.text.charAt(handlebar_starts)))));
		}
		@@ -635,0 +648,0 @@ };

+18

-8

js/src/javascript/beautifier.js

		@@ -188,2 +188,3 @@ /jshint node:true /
		else_block: false,
		class_start_block: false, // class A { INSIDE HERE } or class B extends C { INSIDE HERE }
		do_block: false,
		@@ -601,2 +602,4 @@ do_while: false,
		}
		} else if (this._flags.parent && this._flags.parent.class_start_block) {
		this._output.space_before_token = true;
		}
		@@ -716,2 +719,8 @@ }

		if (this._flags.last_token) {
		if (reserved_array(this._flags.last_token.previous, ['class', 'extends'])) {
		this._flags.class_start_block = true;
		}
		}

		var empty_braces = !next_token.comments_before && next_token.text === '}';
		@@ -1157,9 +1166,2 @@ var empty_anonymous_function = empty_braces && this._flags.last_word === 'function' &&

		if (reserved_array(this._flags.last_token, special_words)) {
		// "return" had a special handling in TK_WORD. Now we need to return the favor
		this._output.space_before_token = true;
		this.print_token(current_token);
		return;
		}

		// hack for actionscript's import .*;
		@@ -1292,3 +1294,7 @@ if (current_token.text === '*' && this._flags.last_token.type === TOKEN.DOT) {
		if (current_token.newlines && (current_token.text === '--' \|\| current_token.text === '++' \|\| current_token.text === '~')) {
		this.print_newline(false, true);
		var new_line_needed = reserved_array(this._flags.last_token, special_words) && current_token.newlines;
		if (new_line_needed && (this._previous_flags.if_block \|\| this._previous_flags.else_block)) {
		this.restore_mode();
		}
		this.print_newline(new_line_needed, true);
		}
		@@ -1433,2 +1439,6 @@

		if (this._flags.last_token.text.match('^[0-9]+$')) {
		this._output.space_before_token = true;
		}

		if (reserved_array(this._flags.last_token, special_words)) {
		@@ -1435,0 +1445,0 @@ this._output.space_before_token = false;

+3

-2

js/src/javascript/tokenizer.js

		@@ -98,3 +98,3 @@ /jshint node:true /
		var line_starters = 'continue,try,throw,return,var,let,const,if,switch,case,default,for,while,break,function,import,export'.split(',');
		var reserved_words = line_starters.concat(['do', 'in', 'of', 'else', 'get', 'set', 'new', 'catch', 'finally', 'typeof', 'yield', 'async', 'await', 'from', 'as']);
		var reserved_words = line_starters.concat(['do', 'in', 'of', 'else', 'get', 'set', 'new', 'catch', 'finally', 'typeof', 'yield', 'async', 'await', 'from', 'as', 'class', 'extends']);
		var reserved_word_pattern = new RegExp('^(?:' + reserved_words.join('\|') + ')$');
		@@ -190,3 +190,4 @@
		reserved_word_pattern.test(resulting_string)) {
		if (resulting_string === 'in' \|\| resulting_string === 'of') { // hack for 'in' and 'of' operators
		if ((resulting_string === 'in' \|\| resulting_string === 'of') &&
		(previous_token.type === TOKEN.WORD \|\| previous_token.type === TOKEN.STRING)) { // hack for 'in' and 'of' operators
		return this._create_token(TOKEN.OPERATOR, resulting_string);
		@@ -193,0 +194,0 @@ }

+1

-1

package.json

		{
		"name": "js-beautify",
		"version": "1.14.3",
		"version": "1.14.4",
		"description": "beautifier.io for node",
		@@ -5,0 +5,0 @@ "main": "js/index.js",

+7

-11

README.md

		@@ -61,13 +61,9 @@ <p align="center"><img src="https://raw.githubusercontent.com/beautify-web/js-beautify/7db71fc/web/wordmark-light.svg" height="200px" align="center" alt="JS Beautifier"/></p>
		```html
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify-css.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify-html.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify-css.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify-html.js"></script>

		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify.min.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify-css.min.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.3/beautify-html.min.js"></script>

		<script src="https://cdn.rawgit.com/beautify-web/js-beautify/v1.14.3/js/lib/beautify.js"></script>
		<script src="https://cdn.rawgit.com/beautify-web/js-beautify/v1.14.3/js/lib/beautify-css.js"></script>
		<script src="https://cdn.rawgit.com/beautify-web/js-beautify/v1.14.3/js/lib/beautify-html.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify.min.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify-css.min.js"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify-html.min.js"></script>
		```
		@@ -405,2 +401,2 @@

		(README.md: js-beautify@1.14.3)
		(README.md: js-beautify@1.14.4)

js/lib/beautifier.js

Sorry, the diff of this file is too big to display

js/lib/beautifier.min.js

Sorry, the diff of this file is too big to display

js/lib/beautify-html.js

Sorry, the diff of this file is too big to display

js/lib/beautify.js

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

js-beautify - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics