Socket
Socket
Sign inDemoInstall

semver

Package Overview
Dependencies
0
Maintainers
6
Versions
107
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 5.7.1 to 5.7.2

28

package.json
{
"name": "semver",
"version": "5.7.1",
"version": "5.7.2",
"description": "The semantic version parser used by npm.",
"main": "semver.js",
"scripts": {
"test": "tap",
"preversion": "npm test",
"postversion": "npm publish",
"postpublish": "git push origin --all; git push origin --tags"
"test": "tap test/ --100 --timeout=30",
"lint": "echo linting disabled",
"postlint": "template-oss-check",
"template-oss-apply": "template-oss-apply --force",
"lintfix": "npm run lint -- --fix",
"snap": "tap test/ --100 --timeout=30",
"posttest": "npm run lint"
},
"devDependencies": {
"tap": "^13.0.0-rc.18"
"@npmcli/template-oss": "4.17.0",
"tap": "^12.7.0"
},
"license": "ISC",
"repository": "https://github.com/npm/node-semver",
"repository": {
"type": "git",
"url": "https://github.com/npm/node-semver.git"
},
"bin": {

@@ -25,5 +32,8 @@ "semver": "./bin/semver"

],
"tap": {
"check-coverage": true
"author": "GitHub Inc.",
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"content": "./scripts/template-oss",
"version": "4.17.0"
}
}

@@ -29,7 +29,35 @@ exports = module.exports = SemVer

var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
// The actual regexps go on exports.re
var re = exports.re = []
var safeRe = exports.safeRe = []
var src = exports.src = []
var R = 0
var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
// Replace some greedy regex tokens to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
var safeRegexReplacements = [
['\\s', 1],
['\\d', MAX_LENGTH],
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
]
function makeSafeRe (value) {
for (var i = 0; i < safeRegexReplacements.length; i++) {
var token = safeRegexReplacements[i][0]
var max = safeRegexReplacements[i][1]
value = value
.split(token + '*').join(token + '{0,' + max + '}')
.split(token + '+').join(token + '{1,' + max + '}')
}
return value
}
// The following Regular Expressions can be used for tokenizing,

@@ -44,3 +72,3 @@ // validating, and parsing SemVer version strings.

var NUMERICIDENTIFIERLOOSE = R++
src[NUMERICIDENTIFIERLOOSE] = '[0-9]+'
src[NUMERICIDENTIFIERLOOSE] = '\\d+'

@@ -52,3 +80,3 @@ // ## Non-numeric Identifier

var NONNUMERICIDENTIFIER = R++
src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*'
src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'

@@ -95,3 +123,3 @@ // ## Main Version

var BUILDIDENTIFIER = R++
src[BUILDIDENTIFIER] = '[0-9A-Za-z-]+'
src[BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'

@@ -181,2 +209,3 @@ // ## Build Metadata

re[TILDETRIM] = new RegExp(src[TILDETRIM], 'g')
safeRe[TILDETRIM] = new RegExp(makeSafeRe(src[TILDETRIM]), 'g')
var tildeTrimReplace = '$1~'

@@ -197,2 +226,3 @@

re[CARETTRIM] = new RegExp(src[CARETTRIM], 'g')
safeRe[CARETTRIM] = new RegExp(makeSafeRe(src[CARETTRIM]), 'g')
var caretTrimReplace = '$1^'

@@ -219,2 +249,3 @@

re[COMPARATORTRIM] = new RegExp(src[COMPARATORTRIM], 'g')
safeRe[COMPARATORTRIM] = new RegExp(makeSafeRe(src[COMPARATORTRIM]), 'g')
var comparatorTrimReplace = '$1$2$3'

@@ -248,2 +279,10 @@

re[i] = new RegExp(src[i])
// Replace all greedy whitespace to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
safeRe[i] = new RegExp(makeSafeRe(src[i]))
}

@@ -273,3 +312,3 @@ }

var r = options.loose ? re[LOOSE] : re[FULL]
var r = options.loose ? safeRe[LOOSE] : safeRe[FULL]
if (!r.test(version)) {

@@ -329,3 +368,3 @@ return null

var m = version.trim().match(options.loose ? re[LOOSE] : re[FULL])
var m = version.trim().match(options.loose ? safeRe[LOOSE] : safeRe[FULL])

@@ -744,2 +783,3 @@ if (!m) {

comp = comp.trim().split(/\s+/).join(' ')
debug('comparator', comp, options)

@@ -761,3 +801,3 @@ this.options = options

Comparator.prototype.parse = function (comp) {
var r = this.options.loose ? re[COMPARATORLOOSE] : re[COMPARATOR]
var r = this.options.loose ? safeRe[COMPARATORLOOSE] : safeRe[COMPARATOR]
var m = comp.match(r)

@@ -876,5 +916,12 @@

// First reduce all whitespace as much as possible so we do not have to rely
// on potentially slow regexes like \s*. This is then stored and used for
// future error messages as well.
this.raw = range
.trim()
.split(/\s+/)
.join(' ')
// First, split based on boolean or ||
this.raw = range
this.set = range.split(/\s*\|\|\s*/).map(function (range) {
this.set = this.raw.split('||').map(function (range) {
return this.parseRange(range.trim())

@@ -887,3 +934,3 @@ }, this).filter(function (c) {

if (!this.set.length) {
throw new TypeError('Invalid SemVer Range: ' + range)
throw new TypeError('Invalid SemVer Range: ' + this.raw)
}

@@ -907,24 +954,19 @@

var loose = this.options.loose
range = range.trim()
// `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
var hr = loose ? re[HYPHENRANGELOOSE] : re[HYPHENRANGE]
var hr = loose ? safeRe[HYPHENRANGELOOSE] : safeRe[HYPHENRANGE]
range = range.replace(hr, hyphenReplace)
debug('hyphen replace', range)
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
range = range.replace(re[COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, re[COMPARATORTRIM])
range = range.replace(safeRe[COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, safeRe[COMPARATORTRIM])
// `~ 1.2.3` => `~1.2.3`
range = range.replace(re[TILDETRIM], tildeTrimReplace)
range = range.replace(safeRe[TILDETRIM], tildeTrimReplace)
// `^ 1.2.3` => `^1.2.3`
range = range.replace(re[CARETTRIM], caretTrimReplace)
range = range.replace(safeRe[CARETTRIM], caretTrimReplace)
// normalize spaces
range = range.split(/\s+/).join(' ')
// At this point, the range is completely trimmed and
// ready to be split into comparators.
var compRe = loose ? re[COMPARATORLOOSE] : re[COMPARATOR]
var compRe = loose ? safeRe[COMPARATORLOOSE] : safeRe[COMPARATOR]
var set = range.split(' ').map(function (comp) {

@@ -1005,3 +1047,3 @@ return parseComparator(comp, this.options)

function replaceTilde (comp, options) {
var r = options.loose ? re[TILDELOOSE] : re[TILDE]
var r = options.loose ? safeRe[TILDELOOSE] : safeRe[TILDE]
return comp.replace(r, function (_, M, m, p, pr) {

@@ -1047,3 +1089,3 @@ debug('tilde', comp, _, M, m, p, pr)

debug('caret', comp, options)
var r = options.loose ? re[CARETLOOSE] : re[CARET]
var r = options.loose ? safeRe[CARETLOOSE] : safeRe[CARET]
return comp.replace(r, function (_, M, m, p, pr) {

@@ -1107,3 +1149,3 @@ debug('caret', comp, _, M, m, p, pr)

comp = comp.trim()
var r = options.loose ? re[XRANGELOOSE] : re[XRANGE]
var r = options.loose ? safeRe[XRANGELOOSE] : safeRe[XRANGE]
return comp.replace(r, function (ret, gtlt, M, m, p, pr) {

@@ -1178,6 +1220,6 @@ debug('xRange', comp, ret, gtlt, M, m, p, pr)

// Looseness is ignored here. star is always as loose as it gets!
return comp.trim().replace(re[STAR], '')
return comp.trim().replace(safeRe[STAR], '')
}
// This function is passed to string.replace(re[HYPHENRANGE])
// This function is passed to string.replace(safeRe[HYPHENRANGE])
// M, m, patch, prerelease, build

@@ -1493,3 +1535,3 @@ // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5

var match = version.match(re[COERCE])
var match = version.match(safeRe[COERCE])

@@ -1496,0 +1538,0 @@ if (match == null) {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc