pelo - npm Package Compare versions
Comparing version 0.0.4 to 0.0.5
60
index.js
@@ -10,5 +10,23 @@ 'use strict' | ||
| var BOOL_PROP_PATTERN = new RegExp(' (' + BOOL_PROPS.join('|') + ')=(""|\'\')', 'ig') | ||
| var BOOL_PROP_PATTERN = new RegExp(' (' + BOOL_PROPS.join('|') + '|onclick)=(""|\'\')', 'ig') | ||
| var DISABLED_PATTERN = new RegExp('disabled=("true"|\'true\')', 'ig') | ||
| const replaceMap = { | ||
| '&': '&', | ||
| '<': '<', | ||
| '>': '>', | ||
| '"': '"', | ||
| '\'': ''' | ||
| } | ||
| const replaceMapRE = new RegExp(Object.keys(replaceMap).join('|'), 'g') | ||
| function replaceMapper (matched){ | ||
| return replaceMap[matched] | ||
| } | ||
| function handleValue (value) { | ||
| if (value === null || value === undefined || value === false) { | ||
| return '' | ||
| } | ||
| if (Array.isArray(value)) { | ||
@@ -22,11 +40,8 @@ // Suppose that each item is a result of html``. | ||
| // onclick="" | ||
| if (typeof value === 'function') { | ||
| const valueType = typeof value | ||
| if (valueType === 'function') { | ||
| return '""' | ||
| } | ||
| if (value === null || value === undefined || value === false) { | ||
| return '' | ||
| } | ||
| if (typeof value === 'object' && value.constructor.name !== 'String') { | ||
| if (valueType === 'object' && value.constructor.name !== 'String') { | ||
| return objToString(value) | ||
@@ -38,9 +53,4 @@ } | ||
| } | ||
| const str = value.toString() | ||
| return str | ||
| .replace(/&/g, '&') | ||
| .replace(/</g, '<') | ||
| .replace(/>/g, '>') | ||
| .replace(/"/g, '"') | ||
| .replace(/'/g, ''') | ||
| return value.toString().replace(replaceMapRE, replaceMapper) | ||
| } | ||
@@ -51,9 +61,10 @@ | ||
| var output = '' | ||
| for (var i = 0; i < pieces.length; i++) { | ||
| output += pieces[i] | ||
| if (i < pieces.length - 1) { | ||
| output += handleValue(arguments[i + 1]) | ||
| } | ||
| for (var i = 0; i < pieces.length - 1; i++) { | ||
| output += pieces[i] + handleValue(arguments[i + 1]) | ||
| } | ||
| output = output.replace(BOOL_PROP_PATTERN, '') | ||
| output += pieces[i] | ||
| output = output | ||
| .replace(DISABLED_PATTERN, 'disabled="disabled"') | ||
| .replace(BOOL_PROP_PATTERN, '') | ||
| // HACK: Avoid double encoding by marking encoded string | ||
@@ -68,7 +79,8 @@ // You cannot add properties to string literals | ||
| function objToString (obj) { | ||
| var values = '' | ||
| const keys = Object.keys(obj) | ||
| return keys.map(function (key, i) { | ||
| const val = obj[key] || '' | ||
| return key + '="' + val + '"' | ||
| }).join(' ') | ||
| for (var i = 0; i < keys.length - 1; i++) { | ||
| values += keys[i] + '="' + (obj[keys[i]] || '') + '" ' | ||
| } | ||
| return values + keys[i] + '="' + (obj[keys[i]] || '') + '"' | ||
| } | ||
@@ -75,0 +87,0 @@ |
| { | ||
| "name": "pelo", | ||
| "version": "0.0.4", | ||
| "version": "0.0.5", | ||
| "description": "Lightning fast server-side rendering with tagged template literals", | ||
@@ -8,3 +8,3 @@ "main": "index.js", | ||
| "start": "npm run build && node server.js", | ||
| "test": "node benchmark.js", | ||
| "test": "tape '**/*.test.js' && node benchmark.js", | ||
| "build": "browserify client.js > bundle.js", | ||
@@ -17,4 +17,6 @@ "compare": "node compare.js" | ||
| "browserify": "^14.3.0", | ||
| "nanomorph": "^4.0.4", | ||
| "standard": "^10.0.2" | ||
| "html-minifier": "^3.5.6", | ||
| "nanomorph": "^5.1.3", | ||
| "standard": "^10.0.2", | ||
| "tape": "^4.8.0" | ||
| }, | ||
@@ -21,0 +23,0 @@ "homepage": "https://github.com/shuhei/pelo", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by51.47%
108317
- Lines of code
- increased by421.56%
1137
Worsened metrics
- Dev dependency count
- increased by50%
6
- Number of package files
- decreased by-10%
9
- Number of low supply chain risk alerts
- increased by66.67%
5
- Number of medium supply chain risk alerts
- increased by100%
2