Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

node-sec-patterns

Package Overview
Dependencies
Maintainers
1
Versions
16
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-sec-patterns - npm Package Compare versions

Comparing version 2.0.3 to 2.0.4

36

index.js

@@ -31,6 +31,6 @@ 'use strict'

const weakSetHas = WeakSet.prototype.has
const { lastIndexOf, split, substring } = String.prototype
const { indexOf, lastIndexOf, split, substring } = String.prototype
const { dedot, dirname } = require('module-keys/lib/relpath.js')
const { sep } = require('path')
const { isAbsolute, sep } = require('path')

@@ -299,2 +299,9 @@ // Module keys polyfill as per module-keys/babel

function toFullModuleId (moduleId) {
if (moduleId[0] !== '/' && !isAbsolute(moduleId)) {
return `${configRoot}${sep}${moduleId}`
}
return moduleId
}
function mayMint (pubKey) {

@@ -312,6 +319,7 @@ const moduleId = dedot(pubKey.moduleIdentifier)

let publicKey = null
// Treat the exported publicKey as the source of truth.
try {
// eslint-disable-next-line global-require
publicKey = require(`${configRoot}${sep}${moduleId}`)[publicKeySymbol]
publicKey = require(toFullModuleId(moduleId))[publicKeySymbol]
} catch (failedToRequire) {

@@ -351,8 +359,20 @@ // deny

function relModuleId (moduleIdentifier) {
const prefix = 'node_modules/'
const i = apply(lastIndexOf, moduleIdentifier, [ prefix, 0 ])
if (i === 0) {
// node_modules/foo/bar/baz -> "foo/bar/baz"
return apply(substring, moduleIdentifier, [ i + prefix.length ])
{
const prefix = 'node_modules/'
const i = apply(lastIndexOf, moduleIdentifier, [ prefix, 0 ])
if (i === 0) {
// node_modules/foo/bar/baz -> "foo/bar/baz"
return apply(substring, moduleIdentifier, [ i + prefix.length ])
}
}
{
const infix = '/node_modules/'
const i = apply(indexOf, moduleIdentifier, [ infix ])
if (i >= 0) {
return apply(substring, moduleIdentifier, [ i + infix.length ])
}
}
if (moduleIdentifier[0] === '/') {
return moduleIdentifier
}
return `./${moduleIdentifier}`

@@ -359,0 +379,0 @@ }

5

package.json
{
"name": "node-sec-patterns",
"description": "Allow projects control over which dependencies can create objects that encapsulate security guarantees.",
"version": "2.0.3",
"version": "2.0.4",
"keywords": [

@@ -14,4 +14,3 @@ "design-patterns",

"files": [
"index.js",
"lib/mintable.js"
"index.js"
],

@@ -18,0 +17,0 @@ "dependencies": {

6

README.md

@@ -191,3 +191,3 @@ # Node security design patterns

1. targetPackage = targetPackage.slice(targetPackage.indexOf('node_modules') + 1)
1. targetPackage = targetPackage.slice(0, targetPackage[0][0] === '@' ? 2 : 1)
1. targetPackage = targetPackage.slice(0, targetPackage\[0\]\[0\] === '@' ? 2 : 1)
1. targetPackage = targetPackage.join('/')

@@ -197,5 +197,5 @@ 1. Fetch the target configuration

1. Incorporate any self nominations into the application's grants
1. let selfNominations = (targetConfig.mintable || {}).selfNominate || []
1. let selfNominations = (targetConfig.mintable || {}).selfNominate || \[\]
1. for (selfNomination of selfNominations)
1. grants[selfNomination] = grants[selfNomination] || []
1. grants[selfNomination] = grants[selfNomination] || \[\]
1. grants[selfNomination].push(

@@ -202,0 +202,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc