machinepack-localmachinepacks - npm Package Compare versions

Comparing version 1.7.0 to 1.8.0

machines/build-machine-code.js

@@ -85,2 +85,5 @@ module.exports = {
 
+    couldNotParseFnInsideInput: {},
+    couldNotParseFnInsideExit: {},
+
     couldNotParseFn: {
@@ -100,4 +103,39 @@ description: 'The provided `fn` could not be parsed as a function.'
     var util = require('util');
+    var rttc = require('rttc');
     var _ = require('lodash');
 
+    // Wrap any `getExample` function strings in a function wrapper, and convert
+    // to a real js function.
+    try {
+      inputs.exits = _.mapValues(inputs.exits, function (exitDef, exitId){
+        if (_.isString(exitDef.getExample)) {
+          exitDef.getExample = new Function('inputs','env', exitDef.getExample);
+        }
+        return exitDef;
+      });
+    }
+    catch (e){
+      return exits.couldNotParseFnInsideExit(e);
+    }
+
+    // Wrap any `validate` or `defaultsTo` function strings in a function wrapper,
+    // and convert to a real js function.
+    try {
+      inputs.inputs = _.mapValues(inputs.inputs, function (inputDef, inputId){
+        if (_.isString(inputDef.validate)) {
+            inputDef.validate = new Function('inputs','env', inputDef.validate);
+        }
+
+        // Hydrate any functions in the `defaultsTo`:
+        if (inputDef.defaultsTo) {
+          inputDef.defaultsTo = rttc.hydrate(inputDef.defaultsTo, rttc.infer(inputDef.example));
+        }
+
+        return inputDef;
+      });
+    }
+    catch (e){
+      return exits.couldNotParseFnInsideInput(e);
+    }
+
     // Parse encoded `fn` to a real JavaScript function, then `toString` it again.
@@ -118,2 +156,3 @@ var fn;
     }
+    // console.log('*********** BUILDING MACHINE CODE ************',util.inspect(inputs,{depth:null}));
 
@@ -143,3 +182,3 @@ var code = 'module.exports = {\n\n\n';
       memo += util.format('\n\n    %s: {%s\n    },', name, _.reduce(def, function (submemo, value, key){
-        submemo += util.format('\n      %s: %s,', key, util.inspect(value, false, null));
+        submemo += util.format('\n      %s: %s,', key, rttc.compile(value));
         return submemo;
@@ -151,3 +190,3 @@ },''));
       memo += util.format('\n\n    %s: {%s\n    },', name, _.reduce(def, function (submemo, value, key){
-        submemo += util.format('\n      %s: %s,', key, util.inspect(value, false, null));
+        submemo += util.format('\n      %s: %s,', key, rttc.compile(value));
         return submemo;
@@ -154,0 +193,0 @@ },''));

machines/write-pack.js

@@ -89,3 +89,4 @@ module.exports = {
       }]
-    }), packData);
+    }), rttc.dehydrate(packData, true));
+    // ^Note that we dehydrate before coercing in order to ensure functions are stringified.
 
@@ -92,0 +93,0 @@ // Just in case...

package.json

 {
   "name": "machinepack-localmachinepacks",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Work with local machinepacks.",
@@ -30,3 +30,3 @@ "scripts": {
     "open": "0.0.5",
-    "rttc": "^7.0.1"
+    "rttc": "^8.0.0"
   },
@@ -33,0 +33,0 @@ "devDependencies": {

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

105505

increased by1.35%

Lines of code

2727

increased by1.3%

Worsened metrics

Number of medium supply chain risk alerts

6

increased by20%

Dependency changes

• Updatedrttc@^8.0.0