millisecond - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

index.js

		@@ -41,8 +41,16 @@ 'use strict';
		module.exports = function millisecond(ms) {
		if ('string' !== typeof ms \|\| '0' === ms \|\| +ms) return +ms;
		var type = typeof ms
		, amount
		, match;

		var match = regex.exec(ms)
		, amount;
		if ('number' === type) return ms;
		else if ('string' !== type \|\| '0' === ms \|\| !ms) return 0;
		else if (+ms) return +ms;

		if (!match) return 0;
		//
		// We are vulnerable to the regular expression denial of service (ReDoS).
		// In order to mitigate this we don't parse the input string if it is too long.
		// See https://nodesecurity.io/advisories/46.
		//
		if (ms.length > 10000 \|\| !(match = regex.exec(ms))) return 0;

		@@ -49,0 +57,0 @@ amount = parseFloat(match[1]);

package.json

		{
		"name": "millisecond",
		"version": "0.1.1",
		"version": "0.1.2",
		"description": "Convert time strings to milliseconds",
		@@ -5,0 +5,0 @@ "main": "index.js",

test.js

		@@ -14,3 +14,17 @@ describe('millisecond', function () {

		it('can parse numbers', function () {
		it('should bail out if the input string is too long', function () {
		var str = ''
		, i = 0;

		for (; i < 10000; i++) str += '5';
		str += ' minutes';

		assume(ms(str)).to.equal(0);
		});

		it('should return 0 if invalid', function () {
		assume(ms('Hello mom')).to.equal(0);
		});

		it('should parse numbers', function () {
		assume(ms(100)).to.equal(100);
		@@ -77,6 +91,2 @@ });

		it('should return 0 if invalid', function () {
		assume(ms('Hello mom')).to.equal(0);
		});

		it('should be case-insensitive', function () {
		@@ -83,0 +93,0 @@ assume(ms('1.5H')).to.equal(5400000);

New alerts