node-settings - npm Package Compare versions

Comparing version 0.1.2 to 0.1.3

lib/configurator.js

@@ -60,3 +60,3 @@ (function() {
           return process.nextTick(function() {
-            return callback(eval(data));
+            return callback(JSON.parse(data));
           });
@@ -68,3 +68,3 @@ });
         data = fs.readFileSync(options.location, options.encoding || 'utf8');
-        return eval(data);
+        return JSON.parse(data);
       }
@@ -84,6 +84,6 @@ },
       get: function(options, callback) {
-        return callback(eval(options.data));
+        return callback(JSON.parse(options.data));
       },
       getSync: function(options) {
-        return eval(options.data);
+        return JSON.parse(options.data);
       }
@@ -90,0 +90,0 @@ }

package.json

@@ -5,3 +5,3 @@ {
   "description": "Provides easy, multi-environment configuration",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "homepage": "",
@@ -8,0 +8,0 @@ "repository": {

spec/testconfig.json

 {
-	key1: 'value1'
+	"default": {
+		"mongo": {
+			"host": "localhost",
+			"port": 27017,
+			"database": "test"
+		}
+	}
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10975

increased by1.2%

Lines of code

88

increased by7.32%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes