jstransformer-twig - npm Package Compare versions

Comparing version 1.6.2 to 1.7.0

HISTORY.md

 # Changelog
 
+## v1.7.0: 2020-10-07
+
+- Added name validation when loading extensions
+
 ## v1.6.2: 2020-03-04
@@ -4,0 +8,0 @@

index.js

@@ -5,2 +5,3 @@ 'use strict'
 const Twig = require('twig')
+const validPackageName = require('validate-npm-package-name')
 
@@ -12,6 +13,6 @@ const twigRender = Twig.twig
 
-exports.compile = function (str, options) {
+exports.compile = function (input, options) {
   // Construct the Twig options.
   options = options || {}
-  options.data = str
+  options.data = input
   if ('filename' in options && !('path' in options)) {
@@ -54,19 +55,22 @@ options.path = options.filename
           case 'string':
-            try {
-              // Load the filter module.
-              const out = require(options[extendableName][name])
+            // Validate that we're loading an actual package.
+            if (validPackageName(options[extendableName][name]).validForNewPackages) {
+              try {
+                // Load the filter module.
+                const out = require(options[extendableName][name])
 
-              // Check if the module is just a function.
-              if (typeof out === 'function') {
-                Twig[extendFunctionName](name, out)
-              } else if (out && (typeof out === 'object')) {
-                // Perhaps it is an associative array of functions?
-                for (const outName in out) {
-                  if (typeof out[outName] === 'function') {
-                    Twig[extendFunctionName](outName, out[outName])
+                // Check if the module is just a function.
+                if (typeof out === 'function') {
+                  Twig[extendFunctionName](name, out)
+                } else if (out && (typeof out === 'object')) {
+                  // Perhaps it is an associative array of functions?
+                  for (const outName in out) {
+                    if (typeof out[outName] === 'function') {
+                      Twig[extendFunctionName](outName, out[outName])
+                    }
                   }
                 }
+              } catch (error) {
+                console.error(error)
               }
-            } catch (error) {
-              console.error(error)
             }
@@ -73,0 +77,0 @@

package.json

 {
   "name": "jstransformer-twig",
-  "version": "1.6.2",
+  "version": "1.7.0",
   "description": "Twig.js support for JSTransformers.",
   "dependencies": {
-    "twig": "^1.15.0"
+    "twig": "^1.15.2",
+    "validate-npm-package-name": "^3.0.0"
   },
@@ -16,4 +17,4 @@ "keywords": [
     "phone-formatter": "0.0.2",
-    "slugify": "^1.0.2",
-    "test-jstransformer": "^1.0.0",
+    "slugify": "^1.4.5",
+    "test-jstransformer": "^1.1.0",
     "xo": "*"
@@ -20,0 +21,0 @@ },

README.md

@@ -8,3 +8,2 @@ # jstransformer-twig
 [![Dependency Status](https://img.shields.io/david/jstransformers/jstransformer-twig/master.svg)](http://david-dm.org/jstransformers/jstransformer-twig)
-[![Greenkeeper badge](https://badges.greenkeeper.io/jstransformers/jstransformer-twig.svg)](https://greenkeeper.io/)
 [![NPM version](https://img.shields.io/npm/v/jstransformer-twig.svg)](https://www.npmjs.org/package/jstransformer-twig)
@@ -11,0 +10,0 @@

No alert changes

Improved metrics

Total package byte prevSize

7423

increased by3.64%

Lines of code

87

increased by4.82%

Worsened metrics

Dependency count

2

increased by100%

Number of lines in readme file

26

decreased by-3.7%

Dependency changes

• + Addedvalidate-npm-package-name@^3.0.0

• + Addedbuiltins@1.0.3(transitive)

• + Addedvalidate-npm-package-name@3.0.0(transitive)

• Updatedtwig@^1.15.2