safer-eval - npm Package Compare versions

Comparing version 1.2.1 to 1.2.2

lib/common.js

@@ -68,7 +68,20 @@ 'use strict';
 function cloneFunctions(context) {
-  ;['clearImmediate', 'clearInterval', 'clearTimeout', 'setImmediate', 'setInterval', 'setTimeout'].forEach(function (str) {
+  ;['clearImmediate', 'clearInterval', 'clearTimeout'].forEach(function (str) {
     try {
       var fn = new Function('return ' + str)(); // eslint-disable-line no-new-func
-      context[str] = fn ? clones(fn) : undefined;
+      context[str] = fn ? function () {
+        return fn.apply(null, [].slice.call(arguments));
+      } : undefined;
     } catch (e) {}
+  });['setImmediate', 'setInterval', 'setTimeout'].forEach(function (str) {
+    try {
+      var fn = new Function('return ' + str)(); // eslint-disable-line no-new-func
+      context[str] = fn ? function (f) {
+        if (typeof f === 'function') {
+          return fn.apply(null, [].slice.call(arguments));
+        } else {
+          throw new Error(str + ' requires function as argument');
+        }
+      } : undefined;
+    } catch (e) {}
   });
@@ -79,2 +92,3 @@ }
 * wraps up build-in objects using a cloned copy
+* protect object against overwriting
 * @private
@@ -81,0 +95,0 @@ */

package.json

 {
   "name": "safer-eval",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "a safer eval",
   "author": "commenthol <commenthol@gmail.com>",
   "license": "MIT",
-  "main": "lib/index.js",
-  "browser": "lib/browser.js",
+  "main": "./lib/index.js",
+  "browser": {
+    "./lib/index.js": "./lib/browser.js"
+  },
   "repository": {
@@ -10,0 +12,0 @@ "type": "git",

src/common.js

@@ -71,3 +71,15 @@ 'use strict'
     'clearInterval',
-    'clearTimeout',
+    'clearTimeout'
+  ].forEach((str) => {
+    try {
+      let fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
+      context[str] = fn
+        ? function () {
+          return fn.apply(null, [].slice.call(arguments))
+        }
+        : undefined
+    } catch (e) {}
+  })
+
+  ;[
     'setImmediate',
@@ -79,3 +91,11 @@ 'setInterval',
       let fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
-      context[str] = fn ? clones(fn) : undefined
+      context[str] = fn
+        ? function (f) {
+          if (typeof f === 'function') {
+            return fn.apply(null, [].slice.call(arguments))
+          } else {
+            throw new Error(str + ' requires function as argument')
+          }
+        }
+        : undefined
     } catch (e) {}
@@ -87,2 +107,3 @@ })
 * wraps up build-in objects using a cloned copy
+* protect object against overwriting
 * @private
@@ -89,0 +110,0 @@ */

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

23203

4.89%

Lines of code

560

6.46%

Worsened metrics

Number of medium supply chain risk alerts

8

33.33%

No dependency changes