poly-js-utils - npm Package Compare versions

Comparing version 1.3.5 to 1.3.6

package.json

 {
   "name": "poly-js-utils",
-  "version": "1.3.5",
+  "version": "1.3.6",
   "description": "Common client-side tools used in HSS Sites themes and locators.",
@@ -5,0 +5,0 @@ "main": "main.js",

spec/utils.spec.js

@@ -15,15 +15,18 @@ var utils = require('../src/utils');
             var tag = ["true"];
-            expect(utils.selectBoxIsTrue(tag)).toBeTruthy();
+            expect(utils.selectBoxIsTrue(tag)).toBe(true);
         });
         it("should return true if the tag has a value of TRUE", function() {
             var tag = ["TRUE"];
-            expect(utils.selectBoxIsTrue(tag)).toBeTruthy();
+            expect(utils.selectBoxIsTrue(tag)).toBe(true);
         });
         it("should return false if the tag does not exist", function() {
-            expect(utils.selectBoxIsTrue(undefined)).toBeFalsy();
+            expect(utils.selectBoxIsTrue(undefined)).toBe(false);
         });
         it("should return false if the tag has any value other than true", function() {
             var tag = ["some other value"];
-            expect(utils.selectBoxIsTrue(tag)).toBeFalsy();
+            expect(utils.selectBoxIsTrue(tag)).toBe(false);
         });
+        it("should return false if passed in an empty array", function() {
+            expect(utils.selectBoxIsTrue([])).toBe(false);
+        });
     });
@@ -30,0 +33,0 @@

src/utils.js

@@ -184,3 +184,3 @@ var _ = require('underscore');
 var selectBoxIsTrue = function(value) {
-    return (value && value[0].toLowerCase() === "true");
+    return !!(value && value.length && value[0].toLowerCase() === "true");
 };
@@ -187,0 +187,0 @@

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

2

decreased by-92.86%

Number of medium supply chain risk alerts

2

decreased by-50%

Worsened metrics

Total package byte prevSize

121307

decreased by-84.85%

Number of package files

34

decreased by-2.86%

Lines of code

2481

decreased by-86.45%

No dependency changes