Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
minimist - npm Package Compare versions
Comparing version 1.2.5 to 1.2.6
@@ -73,3 +73,3 @@ module.exports = function (args, opts) { | ||
| var key = keys[i]; | ||
| if (key === '__proto__') return; | ||
| if (isConstructorOrProto(o, key)) return; | ||
| if (o[key] === undefined) o[key] = {}; | ||
@@ -83,3 +83,3 @@ if (o[key] === Object.prototype || o[key] === Number.prototype | ||
| var key = keys[keys.length - 1]; | ||
| if (key === '__proto__') return; | ||
| if (isConstructorOrProto(o, key)) return; | ||
| if (o === Object.prototype || o === Number.prototype | ||
@@ -248,1 +248,5 @@ || o === String.prototype) o = {}; | ||
| function isConstructorOrProto (obj, key) { | ||
| return key === 'constructor' && typeof obj[key] === 'function' || key === '__proto__'; | ||
| } |
| { | ||
| "name": "minimist", | ||
| "version": "1.2.5", | ||
| "version": "1.2.6", | ||
| "description": "parse argument options", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -45,1 +45,17 @@ var parse = require('../'); | ||
| }); | ||
| test('proto pollution (constructor function)', function (t) { | ||
| var argv = parse(['--_.concat.constructor.prototype.y', '123']); | ||
| function fnToBeTested() {} | ||
| t.equal(fnToBeTested.y, undefined); | ||
| t.equal(argv.y, undefined); | ||
| t.end(); | ||
| }); | ||
| // powered by snyk - https://github.com/backstage/backstage/issues/10343 | ||
| test('proto pollution (constructor function) snyk', function (t) { | ||
| var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' ')); | ||
| t.equal((function(){}).foo, undefined); | ||
| t.equal(argv.y, undefined); | ||
| t.end(); | ||
| }) |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.53%
33202
- Lines of code
- increased by1.8%
959
- Number of lines in readme file
- increased by3.13%
99
No dependency changes