jshint - npm Package Compare versions

Comparing version 1.1.0 to 2.0.0

package.json

 {
 	"name":     "jshint",
-	"version":  "1.1.0",
+	"version":  "2.0.0",
 	"homepage": "http://jshint.com/",
@@ -18,2 +18,3 @@ "description": "Static analysis tool for JavaScript",
 	"scripts": {
+		"build": "node ./make.js build",
 		"test": "node ./make.js test",
@@ -26,6 +27,4 @@ "lint": "node ./make.js lint"
 	"dependencies": {
-		"esprima":    "https://github.com/ariya/esprima/tarball/master",
 		"shelljs":    "0.1.x",
 		"underscore": "1.4.x",
-		"peakle":     "0.0.x",
 		"cli":        "0.4.x",
@@ -38,9 +37,17 @@ "minimatch":  "0.x.x"
 		"shelljs":    "0.1.x",
-		"browserify": "1.16.1",
+		"browserify": "2.12.x",
 		"coveraje":   "0.2.x",
 		"nodeunit":   "0.7.x",
-		"sinon":      "1.6.x"
+		"sinon":      "1.6.x",
+		"console-browserify": "0.1.x"
 	},
 
+	"licenses": [
+		{
+			"type": "MIT",
+			"url": "https://github.com/jshint/jshint/blob/master/LICENSE"
+		}
+	],
+
 	"preferGlobal": true
 }

README.md

 JSHint, A Static Code Analysis Tool for JavaScript
 ==================================================
 [![Build Status](https://travis-ci.org/jshint/jshint.png?branch=master)](https://travis-ci.org/jshint/jshint)
+[![NPM version](https://badge.fury.io/js/jshint.png)](http://badge.fury.io/js/jshint)
 
@@ -20,19 +21,16 @@ JSHint is a community-driven tool to detect errors and potential problems in
 
-JSHint Fundraiser / Bug Bounties
+Bug Bounties
 --------------------------------
 
-We're [running a fundraiser](https://www.bountysource.com/#fundraisers/91-jshint)
-for JSHint! If JSHint helps you in your day-to-day development, please consider
-donating.  All money raised on this page will be used as monetary rewards for
-fixing JSHint bugs and implementing new features. Our hope is to introduce more
-developers to JSHint hacking and boost its development.
+Some bugs are so important to us, we will pay you if you fix them! Go to
+[our page on BountySource](https://www.bountysource.com/#trackers/48759-jshint)
+to see which bugs have bounties behind them.
 
-**Rules**:
+Really want to have something fixed but don't have time? You can add your
+own bounty to any JSHint bug and make it more attractive for potential
+contributors!
 
-1. All funds (aside from fees) will be used only to fund bounties.
-2. If core team ends up fixing bounty bugs, the reward will be donated to the Electronic Frontier Foundation.
-3. Before marking bugs as fixed, all patches must be reviewed by a core team member.
+**Rule:** A bug is considered fixed only after it has been merged into the
+master branch of the main JSHint repository.
 
-Thanks!
-
 Reporting a bug
@@ -39,0 +37,0 @@ ---------------

src/cli/cli.js

@@ -100,8 +100,10 @@ "use strict";
  *
+ * @param {sting} file path to the file to be linted
  * @returns {string} a path to the config file
  */
-function findConfig() {
+function findConfig(file) {
 	var name = ".jshintrc";
-	var proj = findFile(name);
-	var home = path.normalize(path.join(process.env.HOME, name));
+	var dir = path.dirname(path.resolve(file));
+	var proj = findFile(name, dir);
+	var home = path.normalize(path.join(process.env.HOME || process.env.HOMEPATH, name));
 
@@ -134,2 +136,6 @@ if (proj) {
 
+// Storage for memoized results from find file
+// Should prevent lots of directory traversal &
+// lookups when liniting an entire project
+var findFileResults = {};
 /**
@@ -150,5 +156,10 @@ * Searches for a file with a specified name starting with
 	var filename = path.normalize(path.join(dir, name));
+	if (findFileResults[filename] !== undefined) {
+		return findFileResults[filename];
+	}
+
 	var parent = path.resolve(dir, "../");
 
 	if (shjs.test("-e", filename)) {
+		findFileResults[filename] = filename;
 		return filename;
@@ -158,2 +169,3 @@ }
 	if (dir === parent) {
+		findFileResults[filename] = null;
 		return null;
@@ -294,2 +306,27 @@ }
 	/**
+	 * Gathers all files that need to be linted
+	 *
+	 * @param {object} post-processed options from 'interpret':
+	 *								   args     - CLI arguments
+	 *								   ignores  - A list of files/dirs to ignore (defaults to .jshintignores)
+	 *								   extensions - A list of non-dot-js extensions to check
+	 */
+	gather: function (opts) {
+		var files = [];
+		var reg = new RegExp("\\.(js" +
+			(opts.extensions === "" ? "" : "|" +
+				opts.extensions.replace(/,/g, "|").replace(/[\. ]/g, "")) + ")$");
+
+		var ignores = !opts.ignores ? loadIgnores() : opts.ignores.map(function (target) {
+			return path.resolve(target);
+		});
+
+		opts.args.forEach(function (target) {
+			collect(target, files, ignores, reg);
+		});
+
+		return files;
+	},
+
+	/**
 	 * Gathers all files that need to be linted, lints them, sends them to
@@ -308,15 +345,9 @@ * a reporter and returns the overall result.
 	run: function (opts) {
-		var files = [];
+		var files = exports.gather(opts);
 		var results = [];
 		var data = [];
-		var reg = new RegExp("\\.(js" +
-			(opts.extensions === "" ? "" : "|" +
-				opts.extensions.replace(/,/g, "|").replace(/[\. ]/g, "")) + ")$");
 
-		opts.args.forEach(function (target) {
-			collect(target, files, opts.ignores, reg);
-		});
-
 		files.forEach(function (file) {
-			lint(file, results, opts.config, data);
+			var config = opts.config || loadConfig(findConfig(file));
+			lint(file, results, config, data);
 		});
@@ -329,2 +360,10 @@
 
+	/** 
+	 * Helper exposed for testing.
+	 * Used to determine is stdout has any buffered output before exiting the program
+	 */
+	getBufferSize: function () {
+		return process.stdout.bufferSize; 
+	},
+	
 	/**
@@ -344,3 +383,7 @@ * Main entrance function. Parses arguments and calls 'run' when
 		var options = cli.parse(OPTIONS);
-		var config = loadConfig(options.config || findConfig());
+		// Use config file if specified
+		var config;
+		if (options.config) {
+			config = loadConfig(options.config);
+		}
 
@@ -389,10 +432,9 @@ switch (true) {
 
-		// Avoid stdout cutoff in Node 0.4.x, also supports 0.5.x.
-		// See https://github.com/joyent/node/issues/1669
-
-		function exit() { process.exit(passed ? 0 : 2); }
-
+		// Patch as per https://github.com/visionmedia/mocha/issues/333
+		// fixes issues with piped output on Windows.
+		// Root issue is here https://github.com/joyent/node/issues/3584
+		function exit() { process.exit(passed ? 0 : 2); }    
 		try {
-			if (!process.stdout.flush()) {
-				process.stdout.once("drain", exit);
+			if (exports.getBufferSize()) {
+				process.stdout.once('drain', exit);
 			} else {
@@ -399,0 +441,0 @@ exit();

src/reporters/jslint_xml.js

@@ -1,3 +0,1 @@
-// Author: Vasili Sviridov
-// http://github.com/vsviridov
 module.exports =
@@ -45,5 +43,8 @@ {
 				issue = files[file][i];
-				out.push("\t\t<issue line=\"" + issue.line + "\" char=\"" +
-					issue.character + "\" reason=\"" + encode(issue.reason) +
-					"\" evidence=\"" + encode(issue.evidence) + "\" />");
+				out.push("\t\t<issue line=\"" + issue.line +
+					"\" char=\"" + issue.character +
+					"\" reason=\"" + encode(issue.reason) +
+					"\" evidence=\"" + encode(issue.evidence) +
+					(issue.code ? "\" severity=\"" + encode(issue.code.charAt(0)) : "") +
+					"\" />");
 			}
@@ -50,0 +51,0 @@ out.push("\t</file>");

src/shared/messages.js

@@ -50,3 +50,3 @@ "use strict";
 	E031: "Bad assignment.", // FIXME: Rephrase
-	E032: "Expected a small integer and instead saw '{a}'.",
+	E032: "Expected a small integer or 'false' and instead saw '{a}'.",
 	E033: "Expected an operator and instead saw '{a}'.",
@@ -62,3 +62,8 @@ E034: "get/set are ES5 features.",
 	E042: "Stopping.",
-	E043: "Too many errors."
+	E043: "Too many errors.",
+	E044: "'{a}' is already defined and can't be redefined.",
+	E045: "Invalid for each loop.",
+	E046: "A yield statement shall be within a generator function (with syntax: `function*`)",
+	E047: "A generator function shall contain a yield statement.",
+	E048: "Let declaration not directly within block."
 };
@@ -95,3 +100,2 @@
 	W028: "Label '{a}' on {b} statement.",
-	W029: "Label '{a}' looks like a javascript url.",
 	W030: "Expected an assignment or function call and instead saw an expression.",
@@ -111,3 +115,3 @@ W031: "Do not use 'new' for side effects.",
 	W043: "Bad escaping of EOL. Use option multistr if needed.",
-	W044: "Bad escaping.",
+	W044: "Bad or unnecessary escaping.",
 	W045: "Bad number '{a}'.",
@@ -190,6 +194,10 @@ W046: "Don't use extra leading zeros '{a}'.",
 	W117: "'{a}' is not defined.",
+	W118: "'{a}' is only available in Mozilla JavaScript extensions (use moz option).",
+	W119: "'{a}' is only available in ES6 (use esnext option)."
 };
 
 var info = {
-	I001: "Comma warnings can be turned off with 'laxcomma'."
+	I001: "Comma warnings can be turned off with 'laxcomma'.",
+	I002: "Reserved words as properties can be used under the 'es5' option.",
+	I003: "ES5 option is now set per default"
 };
@@ -196,0 +204,0 @@

src/shared/vars.js

@@ -66,2 +66,3 @@ // jshint -W001
 	Element              : false,
+	ElementTimeControl   : false,
 	event                : false,
@@ -172,2 +173,158 @@ FileReader           : false,
 	status               : false,
+	SVGAElement          : false,
+	SVGAltGlyphDefElement: false,
+	SVGAltGlyphElement   : false,
+	SVGAltGlyphItemElement: false,
+	SVGAngle             : false,
+	SVGAnimateColorElement: false,
+	SVGAnimateElement    : false,
+	SVGAnimateMotionElement: false,
+	SVGAnimateTransformElement: false,
+	SVGAnimatedAngle     : false,
+	SVGAnimatedBoolean   : false,
+	SVGAnimatedEnumeration: false,
+	SVGAnimatedInteger   : false,
+	SVGAnimatedLength    : false,
+	SVGAnimatedLengthList: false,
+	SVGAnimatedNumber    : false,
+	SVGAnimatedNumberList: false,
+	SVGAnimatedPathData  : false,
+	SVGAnimatedPoints    : false,
+	SVGAnimatedPreserveAspectRatio: false,
+	SVGAnimatedRect      : false,
+	SVGAnimatedString    : false,
+	SVGAnimatedTransformList: false,
+	SVGAnimationElement  : false,
+	SVGCSSRule           : false,
+	SVGCircleElement     : false,
+	SVGClipPathElement   : false,
+	SVGColor             : false,
+	SVGColorProfileElement: false,
+	SVGColorProfileRule  : false,
+	SVGComponentTransferFunctionElement: false,
+	SVGCursorElement     : false,
+	SVGDefsElement       : false,
+	SVGDescElement       : false,
+	SVGDocument          : false,
+	SVGElement           : false,
+	SVGElementInstance   : false,
+	SVGElementInstanceList: false,
+	SVGEllipseElement    : false,
+	SVGExternalResourcesRequired: false,
+	SVGFEBlendElement    : false,
+	SVGFEColorMatrixElement: false,
+	SVGFEComponentTransferElement: false,
+	SVGFECompositeElement: false,
+	SVGFEConvolveMatrixElement: false,
+	SVGFEDiffuseLightingElement: false,
+	SVGFEDisplacementMapElement: false,
+	SVGFEDistantLightElement: false,
+	SVGFEFloodElement    : false,
+	SVGFEFuncAElement    : false,
+	SVGFEFuncBElement    : false,
+	SVGFEFuncGElement    : false,
+	SVGFEFuncRElement    : false,
+	SVGFEGaussianBlurElement: false,
+	SVGFEImageElement    : false,
+	SVGFEMergeElement    : false,
+	SVGFEMergeNodeElement: false,
+	SVGFEMorphologyElement: false,
+	SVGFEOffsetElement   : false,
+	SVGFEPointLightElement: false,
+	SVGFESpecularLightingElement: false,
+	SVGFESpotLightElement: false,
+	SVGFETileElement     : false,
+	SVGFETurbulenceElement: false,
+	SVGFilterElement     : false,
+	SVGFilterPrimitiveStandardAttributes: false,
+	SVGFitToViewBox      : false,
+	SVGFontElement       : false,
+	SVGFontFaceElement   : false,
+	SVGFontFaceFormatElement: false,
+	SVGFontFaceNameElement: false,
+	SVGFontFaceSrcElement: false,
+	SVGFontFaceUriElement: false,
+	SVGForeignObjectElement: false,
+	SVGGElement          : false,
+	SVGGlyphElement      : false,
+	SVGGlyphRefElement   : false,
+	SVGGradientElement   : false,
+	SVGHKernElement      : false,
+	SVGICCColor          : false,
+	SVGImageElement      : false,
+	SVGLangSpace         : false,
+	SVGLength            : false,
+	SVGLengthList        : false,
+	SVGLineElement       : false,
+	SVGLinearGradientElement: false,
+	SVGLocatable         : false,
+	SVGMPathElement      : false,
+	SVGMarkerElement     : false,
+	SVGMaskElement       : false,
+	SVGMatrix            : false,
+	SVGMetadataElement   : false,
+	SVGMissingGlyphElement: false,
+	SVGNumber            : false,
+	SVGNumberList        : false,
+	SVGPaint             : false,
+	SVGPathElement       : false,
+	SVGPathSeg           : false,
+	SVGPathSegArcAbs     : false,
+	SVGPathSegArcRel     : false,
+	SVGPathSegClosePath  : false,
+	SVGPathSegCurvetoCubicAbs: false,
+	SVGPathSegCurvetoCubicRel: false,
+	SVGPathSegCurvetoCubicSmoothAbs: false,
+	SVGPathSegCurvetoCubicSmoothRel: false,
+	SVGPathSegCurvetoQuadraticAbs: false,
+	SVGPathSegCurvetoQuadraticRel: false,
+	SVGPathSegCurvetoQuadraticSmoothAbs: false,
+	SVGPathSegCurvetoQuadraticSmoothRel: false,
+	SVGPathSegLinetoAbs  : false,
+	SVGPathSegLinetoHorizontalAbs: false,
+	SVGPathSegLinetoHorizontalRel: false,
+	SVGPathSegLinetoRel  : false,
+	SVGPathSegLinetoVerticalAbs: false,
+	SVGPathSegLinetoVerticalRel: false,
+	SVGPathSegList       : false,
+	SVGPathSegMovetoAbs  : false,
+	SVGPathSegMovetoRel  : false,
+	SVGPatternElement    : false,
+	SVGPoint             : false,
+	SVGPointList         : false,
+	SVGPolygonElement    : false,
+	SVGPolylineElement   : false,
+	SVGPreserveAspectRatio: false,
+	SVGRadialGradientElement: false,
+	SVGRect              : false,
+	SVGRectElement       : false,
+	SVGRenderingIntent   : false,
+	SVGSVGElement        : false,
+	SVGScriptElement     : false,
+	SVGSetElement        : false,
+	SVGStopElement       : false,
+	SVGStringList        : false,
+	SVGStylable          : false,
+	SVGStyleElement      : false,
+	SVGSwitchElement     : false,
+	SVGSymbolElement     : false,
+	SVGTRefElement       : false,
+	SVGTSpanElement      : false,
+	SVGTests             : false,
+	SVGTextContentElement: false,
+	SVGTextElement       : false,
+	SVGTextPathElement   : false,
+	SVGTextPositioningElement: false,
+	SVGTitleElement      : false,
+	SVGTransform         : false,
+	SVGTransformList     : false,
+	SVGTransformable     : false,
+	SVGURIReference      : false,
+	SVGUnitTypes         : false,
+	SVGUseElement        : false,
+	SVGVKernElement      : false,
+	SVGViewElement       : false,
+	SVGViewSpec          : false,
+	SVGZoomAndPan        : false,
+	TimeEvent            : false,
 	top                  : false,
@@ -174,0 +331,0 @@ Uint16Array          : false,

src/stable/lex.js

@@ -156,2 +156,23 @@ /*
 
+// Object that handles postponed lexing verifications that checks the parsed
+// environment state.
+
+function asyncTrigger() {
+	var _checks = [];
+
+	return {
+		push: function (fn) {
+			_checks.push(fn);
+		},
+
+		check: function () {
+			for (var check in _checks) {
+				_checks[check]();
+			}
+
+			_checks.splice(0, _checks.length);
+		}
+	};
+}
+
 /*
@@ -269,2 +290,17 @@ * Lexer for JSHint.
 	/*
+	 * Postpone a token event. the checking condition is set as
+	 * last parameter, and the trigger function is called in a
+	 * stored callback. To be later called using the check() function
+	 * by the parser. This avoids parser's peek() to give the lexer
+	 * a false context.
+	 */
+	triggerAsync: function (type, args, checks, fn) {
+		checks.push(function () {
+			if (fn()) {
+				this.trigger(type, args);
+			}
+		}.bind(this));
+	},
+
+	/*
 	 * Extract a punctuator out of the next sequence of characters
@@ -286,3 +322,8 @@ * or return 'null' if its not possible.
 			}
-
+			if (this.peek(1) === "." && this.peek(2) === ".") {
+				return {
+					type: Token.Punctuator,
+					value: "..."
+				};
+			}
 			/* falls through */
@@ -365,6 +406,14 @@ case "(":
 				type: Token.Punctuator,
-				value: "<<="
+				value: ">>="
 			};
 		}
 
+		// Fat arrow punctuator
+		if (ch1 === "=" && ch2 === ">") {
+			return {
+				type: Token.Punctuator,
+				value: ch1 + ch2
+			};
+		}
+
 		// 2-character punctuators: <= >= == != ++ -- << >> && ||
@@ -942,3 +991,4 @@ // += -= *= %= &= |= ^= (but not /=, see below)
    */
-	scanStringLiteral: function () {
+	scanStringLiteral: function (checks) {
+		/*jshint loopfunc:true */
 		var quote = this.peek();
@@ -952,9 +1002,7 @@
 		// In JSON strings must always use double quotes.
-		if (state.jsonMode && quote !== "\"") {
-			this.trigger("warning", {
-				code: "W108",
-				line: this.line,
-				character: this.char // +1?
-			});
-		}
+		this.triggerAsync("warning", {
+			code: "W108",
+			line: this.line,
+			character: this.char // +1?
+		}, checks, function () { return state.jsonMode && quote !== "\""; });
 
@@ -990,15 +1038,13 @@ var value = "";
 
-					if (!state.option.multistr) {
-						this.trigger("warning", {
-							code: "W043",
-							line: this.line,
-							character: this.char
-						});
-					} else if (state.jsonMode) {
-						this.trigger("warning", {
-							code: "W042",
-							line: this.line,
-							character: this.char
-						});
-					}
+					this.triggerAsync("warning", {
+						code: "W043",
+						line: this.line,
+						character: this.char
+					}, checks, function () { return !state.option.multistr; });
+
+					this.triggerAsync("warning", {
+						code: "W042",
+						line: this.line,
+						character: this.char
+					}, checks, function () { return state.jsonMode && state.option.multistr; });
 				}
@@ -1048,10 +1094,8 @@
 				case "'":
-					if (state.jsonMode) {
-						this.trigger("warning", {
-							code: "W114",
-							line: this.line,
-							character: this.char,
-							data: [ "\\'" ]
-						});
-					}
+					this.triggerAsync("warning", {
+						code: "W114",
+						line: this.line,
+						character: this.char,
+						data: [ "\\'" ]
+					}, checks, function () {return state.jsonMode; });
 					break;
@@ -1079,9 +1123,8 @@ case "b":
 					var n = parseInt(this.peek(1), 10);
-					if (n >= 0 && n <= 7 && state.directive["use strict"]) {
-						this.trigger("warning", {
-							code: "W115",
-							line: this.line,
-							character: this.char
-						});
-					}
+					this.triggerAsync("warning", {
+						code: "W115",
+						line: this.line,
+						character: this.char
+					}, checks,
+					function () { return n >= 0 && n <= 7 && state.directive["use strict"]; });
 					break;
@@ -1093,10 +1136,8 @@ case "u":
 				case "v":
-					if (state.jsonMode) {
-						this.trigger("warning", {
-							code: "W114",
-							line: this.line,
-							character: this.char,
-							data: [ "\\v" ]
-						});
-					}
+					this.triggerAsync("warning", {
+						code: "W114",
+						line: this.line,
+						character: this.char,
+						data: [ "\\v" ]
+					}, checks, function () { return state.jsonMode; });
 
@@ -1108,10 +1149,8 @@ char = "\v";
 
-					if (state.jsonMode) {
-						this.trigger("warning", {
-							code: "W114",
-							line: this.line,
-							character: this.char,
-							data: [ "\\x-" ]
-						});
-					}
+					this.triggerAsync("warning", {
+						code: "W114",
+						line: this.line,
+						character: this.char,
+						data: [ "\\x-" ]
+					}, checks, function () { return state.jsonMode; });
 
@@ -1336,3 +1375,3 @@ char = String.fromCharCode(x);
 			// Negative look-behind for "//"
-			match = this.input.match(/(\/\/)? \t/);
+			match = this.input.match(/(\/\/|^\s?\*)? \t/);
 			at = match && !match[1] ? 0 : -1;
@@ -1357,3 +1396,3 @@ } else {
 	 */
-	next: function () {
+	next: function (checks) {
 		this.from = this.char;
@@ -1372,3 +1411,3 @@
 			if (this.peek() === "") { // EOL
-				if (state.option.trailing) {
+				if (!/^\s*$/.test(this.lines[this.line - 1]) && state.option.trailing) {
 					this.trigger("warning", { code: "W102", line: this.line, character: start });
@@ -1383,3 +1422,3 @@ }
 		var match = this.scanComments() ||
-			this.scanStringLiteral();
+			this.scanStringLiteral(checks);
 
@@ -1461,2 +1500,4 @@ if (match) {
 	token: function () {
+		/*jshint loopfunc:true */
+		var checks = asyncTrigger();
 		var token;
@@ -1471,3 +1512,3 @@
 				// ES3 FutureReservedWord in an ES5 environment.
-				if (state.option.es5 && !token.meta.es5) {
+				if (state.option.inES5(true) && !token.meta.es5) {
 					return false;
@@ -1547,2 +1588,4 @@ }
 
+			obj.check = checks.check;
+
 			return obj;
@@ -1556,3 +1599,3 @@ }.bind(this);
 
-			token = this.next();
+			token = this.next(checks);
 
@@ -1577,3 +1620,3 @@ if (!token) {
 			case Token.StringLiteral:
-				this.trigger("String", {
+				this.triggerAsync("String", {
 					line: this.line,
@@ -1584,3 +1627,3 @@ char: this.char,
 					quote: token.quote
-				});
+				}, checks, function () { return true; });
 
@@ -1613,18 +1656,16 @@ return create("(string)", token.value);
 
-				if (state.jsonMode && token.base === 16) {
-					this.trigger("warning", {
-						code: "W114",
-						line: this.line,
-						character: this.char,
-						data: [ "0x-" ]
-					});
-				}
+				this.triggerAsync("warning", {
+					code: "W114",
+					line: this.line,
+					character: this.char,
+					data: [ "0x-" ]
+				}, checks, function () { return token.base === 16 && state.jsonMode; });
 
-				if (state.directive["use strict"] && token.base === 8) {
-					this.trigger("warning", {
-						code: "W115",
-						line: this.line,
-						character: this.char
-					});
-				}
+				this.triggerAsync("warning", {
+					code: "W115",
+					line: this.line,
+					character: this.char
+				}, checks, function () {
+					return state.directive["use strict"] && token.base === 8; 
+				});
 
@@ -1672,2 +1713,2 @@ this.trigger("Number", {
 
-exports.Lexer = Lexer;
+exports.Lexer = Lexer;

src/stable/reg.js

@@ -34,2 +34,2 @@ /*
 // Catches /* falls through */ comments (ft)
-exports.fallsThrough = /^\s*\/\*\s*falls\sthrough\s*\*\/\s*$/;
+exports.fallsThrough = /^\s*\/\*\s*falls?\sthrough\s*\*\/\s*$/;

src/stable/state.js

@@ -14,4 +14,6 @@ "use strict";
 		this.option = {};
+		this.ignored = {};
 		this.directive = {};
 		this.jsonMode = false;
+		this.jsonWarnings = [];
 		this.lines = [];
@@ -23,2 +25,2 @@ this.tab = "";
 
-exports.state = state;
+exports.state = state;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Dependency count

4

decreased by-33.33%

Number of high supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

1714767

decreased by-23.49%

Dev dependency count

7

increased by16.67%

Number of package files

27

decreased by-82.12%

Lines of code

29424

decreased by-16.01%

Number of lines in readme file

91

decreased by-2.15%

Number of low supply chain risk alerts

74

increased by469.23%

Number of medium supply chain risk alerts

51

increased byInfinity%

Dependency changes

• - Removedesprima@https://github.com/ariya/esprima/tarball/master

• - Removedpeakle@0.0.x

• - Removedpeakle@0.0.1(transitive)