json-pointer - npm Package Compare versions

Comparing version 0.6.0 to 0.6.1

index.js

@@ -72,4 +72,11 @@ 'use strict';
 
+    if (refTokens.length === 0) {
+      throw Error('Can not set the root object');
+    }
+
     for (var i = 0; i < refTokens.length - 1; ++i) {
         var tok = refTokens[i];
+        if (tok === "__proto__" || tok === "constructor" || tok === "prototype") {
+            continue
+        }
         if (tok === '-' && Array.isArray(obj)) {
@@ -76,0 +83,0 @@ tok = obj.length;

package.json

 {
   "name": "json-pointer",
   "description": "Some utilities for JSON pointers described by RFC 6901",
-  "version": "0.6.0",
-  "author": "Manuel Stofer <manuel@takimata.ch>",
+  "version": "0.6.1",
+  "author": "Manuel Stofer <manuel@smallpdf.com>",
   "license": "MIT",
@@ -17,8 +17,20 @@ "dependencies": {
     "chai": "^1.9.1",
+    "coveralls": "^2.11.14",
     "mocha": "^1.9.0",
+    "nyc": "^8.3.1",
     "seamless-immutable": "^5.1.1"
   },
   "scripts": {
-    "test": "make test"
+    "test": "nyc make test"
+  },
+  "nyc": {
+    "exclude": [
+      "test",
+      "node_modules"
+    ],
+    "reporter": [
+      "lcov",
+      "text-summary"
+    ]
   }
 }

Readme.md

 # json-pointer
 
-[![Build Status](https://travis-ci.org/manuelstofer/json-pointer.png)](https://travis-ci.org/manuelstofer/json-pointer)
+[![Build Status](https://travis-ci.org/manuelstofer/json-pointer.svg?branch=master)](https://travis-ci.org/manuelstofer/json-pointer)
+[![npm version](https://badge.fury.io/js/json-pointer.svg)](https://www.npmjs.com/package/json-pointer)
+[![Coverage Status](https://coveralls.io/repos/github/manuelstofer/json-pointer/badge.svg?branch=master&service=github)](https://coveralls.io/github/manuelstofer/json-pointer?branch=master)
 
@@ -5,0 +7,0 @@ Some utilities for JSON pointers described by RFC 6901

test/test.js

@@ -104,2 +104,5 @@ /*global describe, it, beforeEach*/
     describe('#set', function () {
+        it('should throw when try to set the root object', function () {
+            expect(pointer.set.bind(pointer, {}, '', 'bla')).to.throw(Error);
+        });
 
@@ -437,2 +440,29 @@ it('should set a value on an object with pointer', function () {
     });
+
+    it('should not set __proto__', function () {
+        var obj = {}, objPointer = pointer(obj);
+        expect(obj.polluted).to.be.undefined();
+        objPointer.set('/__proto__/polluted', true);
+        expect(obj.polluted).to.be.undefined();
+        var obj2 = {};
+        expect(obj2.polluted).to.be.undefined();
+    });
+
+    it('should not set prototype', function () {
+        var obj = {}, objPointer = pointer(obj);
+        expect(obj.polluted).to.be.undefined();
+        objPointer.set('/prototype/polluted', true);
+        expect(obj.polluted).to.be.undefined();
+        var obj2 = {};
+        expect(obj2.polluted).to.be.undefined();
+    });
+
+    it('should not set constructor', function () {
+        var obj = {}, objPointer = pointer(obj);
+        expect(obj.polluted).to.be.undefined();
+        objPointer.set('/constructor/prototype/polluted', true);
+        expect(obj.polluted).to.be.undefined();
+        var obj2 = {};
+        expect(obj2.polluted).to.be.undefined();
+    });
 });

No alert changes

Improved metrics

Total package byte prevSize

27498

increased by7.48%

Lines of code

598

increased by5.84%

Number of lines in readme file

162

increased by1.25%

Worsened metrics

Dev dependency count

5

increased by66.67%

Number of package files

8

decreased by-11.11%

No dependency changes