		{
		"name": "lavamoat-tofu",
		"version": "2.0.7",
		"version": "2.0.8",
		"main": "src/index.js",
		@@ -10,8 +10,14 @@ "license": "MIT",
		"devDependencies": {
		"depcheck": "^0.9.2",
		"standard": "^14.3.3",
		"tape": "^4.11.0"
		},
		"scripts": {
		"test": "node test/"
		"test": "node test/",
		"lint": "npm run lint:standard && npm run lint:deps",
		"lint:standard": "standard src/*/.js",
		"lint:fix": "standard src/*/.js --fix",
		"lint:deps": "depcheck --ignore-dirs=lib --ignores='ses,depcheck,standard'"
		},
		"gitHead": "aae4b10cff68975a0fba8ee727c973f485c47fdf"
		"gitHead": "cb721eeecd3c25718cb87eea338d483ec3aafd3d"
		}

src/index.js

		@@ -6,3 +6,3 @@ const inspectSource = require('./inspectSource')
		inspectSource,
		utils,
		}
		utils
		}

src/inspectSource.js

		@@ -7,14 +7,12 @@ const acornGlobals = require('acorn-globals')
		getKeysForMemberExpressionChain,
		isUndefinedCheck,
		reduceToTopmostApiCalls,
		addGlobalUsage,
		addGlobalUsage
		} = require('./util')


		module.exports = inspectSource

		function inspectSource (source, {
		ignoredRefs=[],
		globalRefs=[],
		languageRefs=standardJsGlobals,
		ignoredRefs = [],
		globalRefs = [],
		languageRefs = standardJsGlobals
		} = {}) {
		@@ -94,3 +92,2 @@ const ast = acornGlobals.parse(source)
		}

		}

106

src/standardGlobals.js

		module.exports = [
		// Reflect.ownKeys(realm.global)
		"Infinity",
		"NaN",
		"undefined",
		"isFinite",
		"isNaN",
		"parseFloat",
		"parseInt",
		"decodeURI",
		"decodeURIComponent",
		"encodeURI",
		"encodeURIComponent",
		"Array",
		"ArrayBuffer",
		"Boolean",
		"DataView",
		"EvalError",
		"Float32Array",
		"Float64Array",
		"Int8Array",
		"Int16Array",
		"Int32Array",
		"Map",
		"Number",
		"Object",
		"RangeError",
		"ReferenceError",
		"Set",
		"String",
		"Symbol",
		"SyntaxError",
		"TypeError",
		"Uint8Array",
		"Uint8ClampedArray",
		"Uint16Array",
		"Uint32Array",
		"URIError",
		"WeakMap",
		"WeakSet",
		"JSON",
		"Math",
		"Reflect",
		"escape",
		"unescape",
		"Date",
		"Error",
		"Promise",
		"Proxy",
		"RegExp",
		"Realm",
		"eval",
		"Function",
		"SES",
		'Infinity',
		'NaN',
		'undefined',
		'isFinite',
		'isNaN',
		'parseFloat',
		'parseInt',
		'decodeURI',
		'decodeURIComponent',
		'encodeURI',
		'encodeURIComponent',
		'Array',
		'ArrayBuffer',
		'Boolean',
		'DataView',
		'EvalError',
		'Float32Array',
		'Float64Array',
		'Int8Array',
		'Int16Array',
		'Int32Array',
		'Map',
		'Number',
		'Object',
		'RangeError',
		'ReferenceError',
		'Set',
		'String',
		'Symbol',
		'SyntaxError',
		'TypeError',
		'Uint8Array',
		'Uint8ClampedArray',
		'Uint16Array',
		'Uint32Array',
		'URIError',
		'WeakMap',
		'WeakSet',
		'JSON',
		'Math',
		'Reflect',
		'escape',
		'unescape',
		'Date',
		'Error',
		'Promise',
		'Proxy',
		'RegExp',
		'Realm',
		'eval',
		'Function',
		'SES',
		// additional
		"this",
		'this'
		]

src/util.js

		@@ -12,6 +12,6 @@
		objToMap,
		mapToObj,
		mapToObj
		}

		function getMemberExpressionNesting(identifierNode) {
		function getMemberExpressionNesting (identifierNode) {
		// remove the identifier node itself
		@@ -24,3 +24,3 @@ const parents = identifierNode.parents.slice(0, -1)

		function getKeysForMemberExpressionChain(memberExpressions) {
		function getKeysForMemberExpressionChain (memberExpressions) {
		const keys = memberExpressions.map(member => getNameFromNode(member.property))
		@@ -43,7 +43,7 @@ const rootMemberExpression = memberExpressions[0]

		function isDirectMemberExpression(node) {
		function isDirectMemberExpression (node) {
		return node.type === 'MemberExpression' && !node.computed
		}

		function isUndefinedCheck(identifierNode) {
		function isUndefinedCheck (identifierNode) {
		const parentExpression = identifierNode.parents[identifierNode.parents.length - 2]
		@@ -54,3 +54,3 @@ const isTypeof = (parentExpression.type === 'UnaryExpression' \|\| parentExpression.operator === 'typeof')

		function getTailmostMatchingChain(items, matcher) {
		function getTailmostMatchingChain (items, matcher) {
		const onlyMatched = items.map(item => matcher(item) ? item : null)
		@@ -63,3 +63,3 @@ const lastIndex = onlyMatched.lastIndexOf(null)
		// if array contains 'x' and 'x.y' just keep 'x'
		function reduceToTopmostApiCalls(globalsConfig) {
		function reduceToTopmostApiCalls (globalsConfig) {
		const allPaths = Array.from(globalsConfig.keys()).sort()
		@@ -79,3 +79,2 @@ return allPaths.forEach((path) => {
		globalsConfig.delete(path)
		return
		}
		@@ -108,4 +107,4 @@ // if no parents found, ok to include
		const obj = {}
		map.forEach((value, key) => obj[key] = value)
		map.forEach((value, key) => { obj[key] = value })
		return obj
		}

test/index.js

		require('./inspectSource')
		require('./util')
		require('./util')

103

test/inspectSource.js

		@@ -5,23 +5,23 @@ const test = require('tape')
		test('fnToCodeBlock utility works', (t) => {
		const src = fnToCodeBlock(function() {
		const src = fnToCodeBlock(function () {
		var x = 1
		})

		t.equal(src, ` var x = 1`)
		t.equal(src, ' var x = 1')
		t.end()
		})

		testInspect('detects global reads', {}, function() {
		testInspect('detects global reads', {}, function () {
		var x = xyz
		(function(a){ return a })(abc)
		(function (a) { return a })(abc)
		}, {
		'xyz': 'read',
		'abc': 'read',
		xyz: 'read',
		abc: 'read'
		})

		testInspect('doesnt detect "this"', {}, function() {
		testInspect('doesnt detect "this"', {}, function () {
		const x = this
		}, {})

		testInspect('doesnt detect properties on "this"', {}, function() {
		testInspect('doesnt detect properties on "this"', {}, function () {
		this.xyz
		@@ -32,31 +32,31 @@ }, {})
		globalRefs: ['zzz']
		}, function() {
		}, function () {
		const x = zzz.abc
		}, {
		'abc': 'read',
		abc: 'read'
		})

		testInspect('detects reads on multiple globalRefs', {
		globalRefs: ['a','b','c']
		}, function() {
		globalRefs: ['a', 'b', 'c']
		}, function () {
		const x = a.x + b.y * c.z
		}, {
		'x': 'read',
		'y': 'read',
		'z': 'read',
		x: 'read',
		y: 'read',
		z: 'read'
		})

		testInspect('detects implicit global writes', {}, function() {
		testInspect('detects implicit global writes', {}, function () {
		xyz = true
		}, {
		'xyz': 'write',
		xyz: 'write'
		})

		testInspect('detects implicit global writes with mixed usage', {}, function() {
		testInspect('detects implicit global writes with mixed usage', {}, function () {
		z = xyz
		xyz = (function(a){ return a })(abc)
		xyz = (function (a) { return a })(abc)
		}, {
		'xyz': 'write',
		'abc': 'read',
		'z': 'write',
		xyz: 'write',
		abc: 'read',
		z: 'write'
		})
		@@ -66,6 +66,6 @@
		globalRefs: ['zzz']
		}, function() {
		}, function () {
		zzz.abc = true
		}, {
		'abc': 'write',
		abc: 'write'
		})
		@@ -75,3 +75,3 @@
		globalRefs: ['zzz']
		}, function() {
		}, function () {
		const x = zzz
		@@ -82,11 +82,11 @@ }, {})
		globalRefs: ['zzz']
		}, function() {
		}, function () {
		zzz.abc = xyz.abc
		}, {
		'abc': 'write',
		'xyz.abc': 'read',
		abc: 'write',
		'xyz.abc': 'read'
		})

		testInspect('not picking up assignments to non-global matching globalRef name', {
		globalRefs: ['xyz'],
		globalRefs: ['xyz']
		}, function () {
		@@ -99,7 +99,7 @@ const xyz = {}
		globalRefs: ['abc']
		}, function(){
		}, function () {
		const key = 'hello'
		abc.xyz[key]
		}, {
		'xyz': 'read'
		xyz: 'read'
		})
		@@ -109,3 +109,3 @@
		globalRefs: ['abc']
		}, function(){
		}, function () {
		const key = 'hello'
		@@ -118,4 +118,4 @@ abc.xyz.ijk[key]
		testInspect('picking up mixed explicit and computed property lookups', {
		globalRefs: ['window'],
		}, function(){
		globalRefs: ['window']
		}, function () {
		const key = 'hello'
		@@ -125,8 +125,8 @@ window.location[key]
		}, {
		'location': 'read',
		location: 'read'
		})

		testInspect('not picking up js language features', {
		globalRefs: ['window'],
		}, function(){
		globalRefs: ['window']
		}, function () {
		Object
		@@ -149,3 +149,3 @@ window.Object
		'location.href': 'read',
		'navigator.userAgent': 'read',
		'navigator.userAgent': 'read'
		})
		@@ -169,3 +169,3 @@
		'document.body.children': 'read',
		'location.href': 'read',
		'location.href': 'read'
		})
		@@ -179,6 +179,12 @@
		}, {
		'location': 'read',
		'document.body.children': 'read',
		location: 'read',
		'document.body.children': 'read'
		})

		testInspect('correctly finds deep "process.env" reference', {}, function () {
		process.env.READABLE_STREAM === 'disable'
		}, {
		'process.env.READABLE_STREAM': 'read',
		})

		testInspect('read access to object implies write access to properties', {}, function () {
		@@ -188,6 +194,5 @@ const x = location
		}, {
		'location': 'read',
		location: 'read'
		})


		function testInspect (label, opts, fn, expectedResultObj) {
		@@ -199,3 +204,3 @@ test(label, (t) => {
		const expectedSorted = Object.entries(expectedResultObj).sort(sortBy(0))


		t.deepEqual(resultSorted, expectedSorted)
		@@ -206,5 +211,5 @@ t.end()

		function sortBy(key) {
		return (a,b) => {
		const vA = a[key], vB = b[key]
		function sortBy (key) {
		return (a, b) => {
		const vA = a[key]; const vB = b[key]
		if (vA === vB) return 0
		@@ -216,3 +221,3 @@ return vA > vB ? 1 : -1
		function fnToCodeBlock (fn) {
		return fn.toString().split('\n').slice(1,-1).join('\n')
		}
		return fn.toString().split('\n').slice(1, -1).join('\n')
		}

test/util.js

		@@ -5,31 +5,29 @@ const test = require('tape')
		testMerge('upgrades reads to writes', {
		'abc': 'write',
		'xyz': 'read',
		abc: 'write',
		xyz: 'read'
		}, {
		'abc': 'read',
		'xyz': 'write'
		abc: 'read',
		xyz: 'write'
		}, {
		'abc': 'write',
		'xyz': 'write',
		abc: 'write',
		xyz: 'write'
		})

		testMerge('dedupe overlapping', {
		'abc.xyz': 'read',
		'abc.xyz': 'read'
		}, {
		'abc': 'read',
		abc: 'read'
		}, {
		'abc': 'read',
		abc: 'read'
		})


		testMerge('non-overlapping', {
		'abc': 'read',
		abc: 'read'
		}, {
		'xyz.jkl': 'write',
		'xyz.jkl': 'write'
		}, {
		'abc': 'read',
		'xyz.jkl': 'write',
		abc: 'read',
		'xyz.jkl': 'write'
		})


		function testMerge (label, configA, configB, expectedResultObj) {
		@@ -36,0 +34,0 @@ test(label, (t) => {

lavamoat-tofu - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics