Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More →
lodash.escape
Advanced tools
lodash.escape - npm Package Compare versions
+22
| Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/> | ||
| Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas, | ||
| DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/> | ||
| Permission is hereby granted, free of charge, to any person obtaining | ||
| a copy of this software and associated documentation files (the | ||
| "Software"), to deal in the Software without restriction, including | ||
| without limitation the rights to use, copy, modify, merge, publish, | ||
| distribute, sublicense, and/or sell copies of the Software, and to | ||
| permit persons to whom the Software is furnished to do so, subject to | ||
| the following conditions: | ||
| The above copyright notice and this permission notice shall be | ||
| included in all copies or substantial portions of the Software. | ||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
+122
-19
| /** | ||
| * lodash 3.0.0 (Custom Build) <https://lodash.com/> | ||
| * Build: `lodash modern modularize exports="npm" -o ./` | ||
| * Copyright 2012-2015 The Dojo Foundation <http://dojofoundation.org/> | ||
| * Based on Underscore.js 1.7.0 <http://underscorejs.org/LICENSE> | ||
| * Copyright 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors | ||
| * lodash 3.1.0 (Custom Build) <https://lodash.com/> | ||
| * Build: `lodash modularize exports="npm" -o ./` | ||
| * Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/> | ||
| * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE> | ||
| * Copyright 2009-2016 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors | ||
| * Available under MIT license <https://lodash.com/license> | ||
| */ | ||
| var baseToString = require('lodash._basetostring'); | ||
| /** Used as references for various `Number` constants. */ | ||
| var INFINITY = 1 / 0; | ||
| /** `Object#toString` result references. */ | ||
| var symbolTag = '[object Symbol]'; | ||
| /** Used to match HTML entities and HTML characters. */ | ||
@@ -36,11 +41,110 @@ var reUnescapedHtml = /[&<>"'`]/g, | ||
| /** Used for built-in method references. */ | ||
| var objectProto = global.Object.prototype; | ||
| /** | ||
| * Converts the characters "&", "<", ">", '"', "'", and '`', in `string` to | ||
| * Used to resolve the [`toStringTag`](http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring) | ||
| * of values. | ||
| */ | ||
| var objectToString = objectProto.toString; | ||
| /** Built-in value references. */ | ||
| var _Symbol = global.Symbol; | ||
| /** Used to convert symbols to primitives and strings. */ | ||
| var symbolProto = _Symbol ? _Symbol.prototype : undefined, | ||
| symbolToString = _Symbol ? symbolProto.toString : undefined; | ||
| /** | ||
| * Checks if `value` is object-like. A value is object-like if it's not `null` | ||
| * and has a `typeof` result of "object". | ||
| * | ||
| * @static | ||
| * @memberOf _ | ||
| * @category Lang | ||
| * @param {*} value The value to check. | ||
| * @returns {boolean} Returns `true` if `value` is object-like, else `false`. | ||
| * @example | ||
| * | ||
| * _.isObjectLike({}); | ||
| * // => true | ||
| * | ||
| * _.isObjectLike([1, 2, 3]); | ||
| * // => true | ||
| * | ||
| * _.isObjectLike(_.noop); | ||
| * // => false | ||
| * | ||
| * _.isObjectLike(null); | ||
| * // => false | ||
| */ | ||
| function isObjectLike(value) { | ||
| return !!value && typeof value == 'object'; | ||
| } | ||
| /** | ||
| * Checks if `value` is classified as a `Symbol` primitive or object. | ||
| * | ||
| * @static | ||
| * @memberOf _ | ||
| * @category Lang | ||
| * @param {*} value The value to check. | ||
| * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. | ||
| * @example | ||
| * | ||
| * _.isSymbol(Symbol.iterator); | ||
| * // => true | ||
| * | ||
| * _.isSymbol('abc'); | ||
| * // => false | ||
| */ | ||
| function isSymbol(value) { | ||
| return typeof value == 'symbol' || | ||
| (isObjectLike(value) && objectToString.call(value) == symbolTag); | ||
| } | ||
| /** | ||
| * Converts `value` to a string if it's not one. An empty string is returned | ||
| * for `null` and `undefined` values. The sign of `-0` is preserved. | ||
| * | ||
| * @static | ||
| * @memberOf _ | ||
| * @category Lang | ||
| * @param {*} value The value to process. | ||
| * @returns {string} Returns the string. | ||
| * @example | ||
| * | ||
| * _.toString(null); | ||
| * // => '' | ||
| * | ||
| * _.toString(-0); | ||
| * // => '-0' | ||
| * | ||
| * _.toString([1, 2, 3]); | ||
| * // => '1,2,3' | ||
| */ | ||
| function toString(value) { | ||
| // Exit early for strings to avoid a performance hit in some environments. | ||
| if (typeof value == 'string') { | ||
| return value; | ||
| } | ||
| if (value == null) { | ||
| return ''; | ||
| } | ||
| if (isSymbol(value)) { | ||
| return _Symbol ? symbolToString.call(value) : ''; | ||
| } | ||
| var result = (value + ''); | ||
| return (result == '0' && (1 / value) == -INFINITY) ? '-0' : result; | ||
| } | ||
| /** | ||
| * Converts the characters "&", "<", ">", '"', "'", and "\`" in `string` to | ||
| * their corresponding HTML entities. | ||
| * | ||
| * **Note:** No other characters are escaped. To escape additional characters | ||
| * use a third-party library like [_he_](https://mths.be/he). | ||
| * **Note:** No other characters are escaped. To escape additional | ||
| * characters use a third-party library like [_he_](https://mths.be/he). | ||
| * | ||
| * Though the ">" character is escaped for symmetry, characters like | ||
| * ">" and "/" don't require escaping in HTML and have no special meaning | ||
| * ">" and "/" don't need escaping in HTML and have no special meaning | ||
| * unless they're part of a tag or unquoted attribute value. | ||
@@ -50,11 +154,11 @@ * See [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands) | ||
| * | ||
| * Backticks are escaped because in Internet Explorer < 9, they can break out | ||
| * of attribute values or HTML comments. See [#102](https://html5sec.org/#102), | ||
| * [#108](https://html5sec.org/#108), and [#133](https://html5sec.org/#133) of | ||
| * the [HTML5 Security Cheatsheet](https://html5sec.org/) for more details. | ||
| * | ||
| * When working with HTML you should always quote attribute values to reduce | ||
| * XSS vectors. See [Ryan Grove's article](http://wonko.com/post/html-escaping) | ||
| * Backticks are escaped because in IE < 9, they can break out of | ||
| * attribute values or HTML comments. See [#59](https://html5sec.org/#59), | ||
| * [#102](https://html5sec.org/#102), [#108](https://html5sec.org/#108), and | ||
| * [#133](https://html5sec.org/#133) of the [HTML5 Security Cheatsheet](https://html5sec.org/) | ||
| * for more details. | ||
| * | ||
| * When working with HTML you should always [quote attribute values](http://wonko.com/post/html-escaping) | ||
| * to reduce XSS vectors. | ||
| * | ||
| * @static | ||
@@ -71,4 +175,3 @@ * @memberOf _ | ||
| function escape(string) { | ||
| // Reset `lastIndex` because in IE < 9 `String#replace` does not. | ||
| string = baseToString(string); | ||
| string = toString(string); | ||
| return (string && reHasUnescapedHtml.test(string)) | ||
@@ -75,0 +178,0 @@ ? string.replace(reUnescapedHtml, escapeHtmlChar) |
+5
-10
| { | ||
| "name": "lodash.escape", | ||
| "version": "3.0.0", | ||
| "description": "The modern build of lodash’s `_.escape` as a module.", | ||
| "version": "3.1.0", | ||
| "description": "The lodash method `_.escape` exported as a module.", | ||
| "homepage": "https://lodash.com/", | ||
| "icon": "https://lodash.com/icon.svg", | ||
| "license": "MIT", | ||
| "keywords": "lodash, lodash-modularized, stdlib, util", | ||
| "keywords": "lodash, lodash-modularized, stdlib, util, escape", | ||
| "author": "John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)", | ||
| "contributors": [ | ||
| "John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)", | ||
| "Benjamin Tan <demoneaux@gmail.com> (https://d10.github.io/)", | ||
| "Blaine Bublitz <blaine@iceddev.com> (http://www.iceddev.com/)", | ||
| "Kit Cambridge <github@kitcambridge.be> (http://kitcambridge.be/)", | ||
| "Blaine Bublitz <blaine@iceddev.com> (https://github.com/phated)", | ||
| "Mathias Bynens <mathias@qiwi.be> (https://mathiasbynens.be/)" | ||
| ], | ||
| "repository": "lodash/lodash", | ||
| "scripts": { "test": "echo \"See https://travis-ci.org/lodash/lodash-cli for testing details.\"" }, | ||
| "dependencies": { | ||
| "lodash._basetostring": "^3.0.0" | ||
| } | ||
| "scripts": { "test": "echo \"See https://travis-ci.org/lodash/lodash-cli for testing details.\"" } | ||
| } |
+4
-6
@@ -1,4 +0,4 @@ | ||
| # lodash.escape v3.0.0 | ||
| # lodash.escape v3.1.0 | ||
| The [modern build](https://github.com/lodash/lodash/wiki/Build-Differences) of [lodash’s](https://lodash.com/) `_.escape` exported as a [Node.js](http://nodejs.org/)/[io.js](https://iojs.org/) module. | ||
| The [lodash](https://lodash.com/) method `_.escape` exported as a [Node.js](https://nodejs.org/) module. | ||
@@ -8,3 +8,2 @@ ## Installation | ||
| Using npm: | ||
| ```bash | ||
@@ -15,4 +14,3 @@ $ {sudo -H} npm i -g npm | ||
| In Node.js/io.js: | ||
| In Node.js: | ||
| ```js | ||
@@ -22,2 +20,2 @@ var escape = require('lodash.escape'); | ||
| See the [documentation](https://lodash.com/docs#escape) or [package source](https://github.com/lodash/lodash/blob/3.0.0-npm-packages/lodash.escape) for more details. | ||
| See the [documentation](https://lodash.com/docs#escape) or [package source](https://github.com/lodash/lodash/blob/3.1.0-npm-packages/lodash.escape) for more details. |
-22
| Copyright 2012-2015 The Dojo Foundation <http://dojofoundation.org/> | ||
| Based on Underscore.js 1.7.0, copyright 2009-2015 Jeremy Ashkenas, | ||
| DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/> | ||
| Permission is hereby granted, free of charge, to any person obtaining | ||
| a copy of this software and associated documentation files (the | ||
| "Software"), to deal in the Software without restriction, including | ||
| without limitation the rights to use, copy, modify, merge, publish, | ||
| distribute, sublicense, and/or sell copies of the Software, and to | ||
| permit persons to whom the Software is furnished to do so, subject to | ||
| the following conditions: | ||
| The above copyright notice and this permission notice shall be | ||
| included in all copies or substantial portions of the Software. | ||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
New alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
7474
38.1%- Dependency count
0
-100%- Lines of code
165
132.39%- Number of low supply chain risk alerts
3
-25%Worsened metrics
- Number of lines in readme file
19
-9.52%Dependency changes
- Removed
lodash._basetostring@^3.0.0- Removed
lodash._basetostring@3.0.1(transitive)