object.assign - npm Package Compare versions

Comparing version 4.1.2 to 4.1.3

CHANGELOG.md

@@ -0,1 +1,21 @@
+4.1.3 / 2022-08-05
+==================
+  * [Refactor] make steps closer to actual spec
+  * [Refactor] simplify object coercible check
+  * [readme] remove defunct badges, add coverage and actions badges
+  * [eslint] ignore coverage output
+  * [meta] use `npmignore` to autogenerate an npmignore file
+  * [meta] remove audit-level
+  * [Deps] update `call-bind`, `define-properties`, `has-symbols`
+  * [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `@es-shims/api`, `aud`, `functions-have-names`, `safe-publish-latest`, `ses`, `tape`
+  * [actions] use `node/install` instead of `node/run`; use `codecov` action
+  * [actions] reuse common workflows
+  * [actions] update codecov uploader
+  * [Tests] add implementation tests
+  * [Tests] use `mock-property`
+  * [Tests] disable posttest pending `aud` handling `file:` deps
+  * [Tests] migrate remaining tests to Github Actions (#81)
+  * [Tests] gitignore coverage output
+  * [Tests] test node v1-v9 on Github Actions instead of travis; resume testing all minors (#80)
+
 4.1.2 / 2020-10-30
@@ -2,0 +22,0 @@ ==================

implementation.js

 'use strict';
 
 // modified from https://github.com/es-shims/es6-shim
-var keys = require('object-keys');
-var canBeObject = function (obj) {
-	return typeof obj !== 'undefined' && obj !== null;
-};
+var objectKeys = require('object-keys');
 var hasSymbols = require('has-symbols/shams')();
@@ -17,27 +14,34 @@ var callBound = require('call-bind/callBound');
 module.exports = function assign(target, source1) {
-	if (!canBeObject(target)) { throw new TypeError('target must be an object'); }
-	var objTarget = toObject(target);
-	var s, source, i, props, syms, value, key;
-	for (s = 1; s < arguments.length; ++s) {
-		source = toObject(arguments[s]);
-		props = keys(source);
+	if (target == null) { throw new TypeError('target must be an object'); }
+	var to = toObject(target); // step 1
+	if (arguments.length === 1) {
+		return to; // step 2
+	}
+	for (var s = 1; s < arguments.length; ++s) {
+		var from = toObject(arguments[s]); // step 3.a.i
+
+		// step 3.a.ii:
+		var keys = objectKeys(from);
 		var getSymbols = hasSymbols && (Object.getOwnPropertySymbols || originalGetSymbols);
 		if (getSymbols) {
-			syms = getSymbols(source);
-			for (i = 0; i < syms.length; ++i) {
-				key = syms[i];
-				if ($propIsEnumerable(source, key)) {
-					$push(props, key);
+			var syms = getSymbols(from);
+			for (var j = 0; j < syms.length; ++j) {
+				var key = syms[j];
+				if ($propIsEnumerable(from, key)) {
+					$push(keys, key);
 				}
 			}
 		}
-		for (i = 0; i < props.length; ++i) {
-			key = props[i];
-			value = source[key];
-			if ($propIsEnumerable(source, key)) {
-				objTarget[key] = value;
+
+		// step 3.a.iii:
+		for (var i = 0; i < keys.length; ++i) {
+			var nextKey = keys[i];
+			if ($propIsEnumerable(from, nextKey)) { // step 3.a.iii.2
+				var propValue = from[nextKey]; // step 3.a.iii.2.a
+				to[nextKey] = propValue; // step 3.a.iii.2.b
 			}
 		}
 	}
-	return objTarget;
+
+	return to; // step 4
 };

package.json

 {
 	"name": "object.assign",
-	"version": "4.1.2",
+	"version": "4.1.3",
 	"author": "Jordan Harband",
@@ -12,2 +12,3 @@ "funding": {
 	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
 		"pretest": "npm run lint && es-shim-api --bound",
@@ -23,3 +24,4 @@ "test": "npm run tests-only && npm run test:ses",
 		"build": "mkdir -p dist && browserify browserShim.js > dist/browser.js",
-		"prepublish": "safe-publish-latest && npm run build"
+		"prepublishOnly": "safe-publish-latest && npm run build",
+		"prepublish": "not-in-publish || npm run prepublishOnly"
 	},
@@ -44,21 +46,24 @@ "repository": {
 	"dependencies": {
-		"call-bind": "^1.0.0",
-		"define-properties": "^1.1.3",
-		"has-symbols": "^1.0.1",
+		"call-bind": "^1.0.2",
+		"define-properties": "^1.1.4",
+		"has-symbols": "^1.0.3",
 		"object-keys": "^1.1.1"
 	},
 	"devDependencies": {
-		"@es-shims/api": "^2.1.2",
-		"@ljharb/eslint-config": "^17.2.0",
-		"aud": "^1.1.2",
+		"@es-shims/api": "^2.2.3",
+		"@ljharb/eslint-config": "^21.0.0",
+		"aud": "^2.0.0",
 		"browserify": "^16.5.2",
-		"eslint": "^7.12.1",
+		"eslint": "=8.8.0",
 		"for-each": "^0.3.3",
-		"functions-have-names": "^1.2.1",
+		"functions-have-names": "^1.2.3",
 		"has": "^1.0.3",
+		"has-strict-mode": "^1.0.1",
 		"is": "^3.3.0",
+		"mock-property": "^1.0.0",
+		"npmignore": "^0.3.0",
 		"nyc": "^10.3.2",
-		"safe-publish-latest": "^1.1.4",
-		"ses": "^0.10.4",
-		"tape": "^5.0.1"
+		"safe-publish-latest": "^2.0.0",
+		"ses": "^0.11.1",
+		"tape": "^5.5.3"
 	},
@@ -85,3 +90,10 @@ "testling": {
 		"node": ">= 0.4"
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows",
+			"bower.json",
+			"browserShim.js"
+		]
 	}
 }

README.md

@@ -1,4 +0,5 @@
-#object.assign <sup>[![Version Badge][npm-version-svg]][npm-url]</sup>
+# object.assign <sup>[![Version Badge][npm-version-svg]][npm-url]</sup>
 
-[![Build Status][travis-svg]][travis-url]
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
 [![dependency status][deps-svg]][deps-url]
@@ -11,4 +12,2 @@ [![dev dependency status][dev-deps-svg]][dev-deps-url]
 
-[![browser support][testling-png]][testling-url]
-
 An Object.assign shim. Invoke its "shim" method to shim Object.assign if it is unavailable.
@@ -130,4 +129,2 @@
 [dev-deps-url]: https://david-dm.org/ljharb/object.assign#info=devDependencies
-[testling-png]: https://ci.testling.com/ljharb/object.assign.png
-[testling-url]: https://ci.testling.com/ljharb/object.assign
 [npm-badge-png]: https://nodei.co/npm/object.assign.png?downloads=true&stars=true
@@ -138,1 +135,5 @@ [license-image]: http://img.shields.io/npm/l/object.assign.svg
 [downloads-url]: http://npm-stat.com/charts.html?package=object.assign
+[codecov-image]: https://codecov.io/gh/ljharb/object.assign/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/object.assign/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/object.assign
+[actions-url]: https://github.com/ljharb/object.assign/actions

test/tests.js

@@ -6,2 +6,3 @@ 'use strict';
 var has = require('has');
+var mockProperty = require('mock-property');
 
@@ -164,7 +165,3 @@ module.exports = function (assign, t) {
 	t.test('does not fail when symbols are not present', { skip: !Object.isFrozen || Object.isFrozen(Object) }, function (st) {
-		var getSyms;
-		if (hasSymbols) {
-			getSyms = Object.getOwnPropertySymbols;
-			delete Object.getOwnPropertySymbols;
-		}
+		st.teardown(mockProperty(Object, 'getOwnPropertySymbols', { 'delete': true }));
 
@@ -189,4 +186,2 @@ var visited = [];
 			st.equal(target[symbol], Infinity);
-
-			Object.getOwnPropertySymbols = getSyms;
 		}
@@ -193,0 +188,0 @@ st.end();

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1135842

1721.19%

Number of lines in readme file

137

0.74%

Number of low supply chain risk alerts

0

-100%

Number of medium supply chain risk alerts

1

-66.67%

Worsened metrics

Dev dependency count

16

23.08%

Number of package files

21

-8.7%

Lines of code

475

-60.71%

Dependency changes

• Updated

  call-bind@^1.0.2

• Updated

  define-properties@^1.1.4

• Updated

  has-symbols@^1.0.3