You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
semver - npm Package Compare versions
Comparing version 5.7.1 to 5.7.2
| { | ||
| "name": "semver", | ||
| "version": "5.7.1", | ||
| "version": "5.7.2", | ||
| "description": "The semantic version parser used by npm.", | ||
| "main": "semver.js", | ||
| "scripts": { | ||
| "test": "tap", | ||
| "preversion": "npm test", | ||
| "postversion": "npm publish", | ||
| "postpublish": "git push origin --all; git push origin --tags" | ||
| "test": "tap test/ --100 --timeout=30", | ||
| "lint": "echo linting disabled", | ||
| "postlint": "template-oss-check", | ||
| "template-oss-apply": "template-oss-apply --force", | ||
| "lintfix": "npm run lint -- --fix", | ||
| "snap": "tap test/ --100 --timeout=30", | ||
| "posttest": "npm run lint" | ||
| }, | ||
| "devDependencies": { | ||
| "tap": "^13.0.0-rc.18" | ||
| "@npmcli/template-oss": "4.17.0", | ||
| "tap": "^12.7.0" | ||
| }, | ||
| "license": "ISC", | ||
| "repository": "https://github.com/npm/node-semver", | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "https://github.com/npm/node-semver.git" | ||
| }, | ||
| "bin": { | ||
@@ -25,5 +32,8 @@ "semver": "./bin/semver" | ||
| ], | ||
| "tap": { | ||
| "check-coverage": true | ||
| "author": "GitHub Inc.", | ||
| "templateOSS": { | ||
| "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
| "content": "./scripts/template-oss", | ||
| "version": "4.17.0" | ||
| } | ||
| } |
@@ -29,7 +29,35 @@ exports = module.exports = SemVer | ||
| var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6 | ||
| // The actual regexps go on exports.re | ||
| var re = exports.re = [] | ||
| var safeRe = exports.safeRe = [] | ||
| var src = exports.src = [] | ||
| var R = 0 | ||
| var LETTERDASHNUMBER = '[a-zA-Z0-9-]' | ||
| // Replace some greedy regex tokens to prevent regex dos issues. These regex are | ||
| // used internally via the safeRe object since all inputs in this library get | ||
| // normalized first to trim and collapse all extra whitespace. The original | ||
| // regexes are exported for userland consumption and lower level usage. A | ||
| // future breaking change could export the safer regex only with a note that | ||
| // all input should have extra whitespace removed. | ||
| var safeRegexReplacements = [ | ||
| ['\\s', 1], | ||
| ['\\d', MAX_LENGTH], | ||
| [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH], | ||
| ] | ||
| function makeSafeRe (value) { | ||
| for (var i = 0; i < safeRegexReplacements.length; i++) { | ||
| var token = safeRegexReplacements[i][0] | ||
| var max = safeRegexReplacements[i][1] | ||
| value = value | ||
| .split(token + '*').join(token + '{0,' + max + '}') | ||
| .split(token + '+').join(token + '{1,' + max + '}') | ||
| } | ||
| return value | ||
| } | ||
| // The following Regular Expressions can be used for tokenizing, | ||
@@ -44,3 +72,3 @@ // validating, and parsing SemVer version strings. | ||
| var NUMERICIDENTIFIERLOOSE = R++ | ||
| src[NUMERICIDENTIFIERLOOSE] = '[0-9]+' | ||
| src[NUMERICIDENTIFIERLOOSE] = '\\d+' | ||
@@ -52,3 +80,3 @@ // ## Non-numeric Identifier | ||
| var NONNUMERICIDENTIFIER = R++ | ||
| src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*' | ||
| src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*' | ||
@@ -95,3 +123,3 @@ // ## Main Version | ||
| var BUILDIDENTIFIER = R++ | ||
| src[BUILDIDENTIFIER] = '[0-9A-Za-z-]+' | ||
| src[BUILDIDENTIFIER] = LETTERDASHNUMBER + '+' | ||
@@ -181,2 +209,3 @@ // ## Build Metadata | ||
| re[TILDETRIM] = new RegExp(src[TILDETRIM], 'g') | ||
| safeRe[TILDETRIM] = new RegExp(makeSafeRe(src[TILDETRIM]), 'g') | ||
| var tildeTrimReplace = '$1~' | ||
@@ -197,2 +226,3 @@ | ||
| re[CARETTRIM] = new RegExp(src[CARETTRIM], 'g') | ||
| safeRe[CARETTRIM] = new RegExp(makeSafeRe(src[CARETTRIM]), 'g') | ||
| var caretTrimReplace = '$1^' | ||
@@ -219,2 +249,3 @@ | ||
| re[COMPARATORTRIM] = new RegExp(src[COMPARATORTRIM], 'g') | ||
| safeRe[COMPARATORTRIM] = new RegExp(makeSafeRe(src[COMPARATORTRIM]), 'g') | ||
| var comparatorTrimReplace = '$1$2$3' | ||
@@ -248,2 +279,10 @@ | ||
| re[i] = new RegExp(src[i]) | ||
| // Replace all greedy whitespace to prevent regex dos issues. These regex are | ||
| // used internally via the safeRe object since all inputs in this library get | ||
| // normalized first to trim and collapse all extra whitespace. The original | ||
| // regexes are exported for userland consumption and lower level usage. A | ||
| // future breaking change could export the safer regex only with a note that | ||
| // all input should have extra whitespace removed. | ||
| safeRe[i] = new RegExp(makeSafeRe(src[i])) | ||
| } | ||
@@ -273,3 +312,3 @@ } | ||
| var r = options.loose ? re[LOOSE] : re[FULL] | ||
| var r = options.loose ? safeRe[LOOSE] : safeRe[FULL] | ||
| if (!r.test(version)) { | ||
@@ -329,3 +368,3 @@ return null | ||
| var m = version.trim().match(options.loose ? re[LOOSE] : re[FULL]) | ||
| var m = version.trim().match(options.loose ? safeRe[LOOSE] : safeRe[FULL]) | ||
@@ -744,2 +783,3 @@ if (!m) { | ||
| comp = comp.trim().split(/\s+/).join(' ') | ||
| debug('comparator', comp, options) | ||
@@ -761,3 +801,3 @@ this.options = options | ||
| Comparator.prototype.parse = function (comp) { | ||
| var r = this.options.loose ? re[COMPARATORLOOSE] : re[COMPARATOR] | ||
| var r = this.options.loose ? safeRe[COMPARATORLOOSE] : safeRe[COMPARATOR] | ||
| var m = comp.match(r) | ||
@@ -876,5 +916,12 @@ | ||
| // First reduce all whitespace as much as possible so we do not have to rely | ||
| // on potentially slow regexes like \s*. This is then stored and used for | ||
| // future error messages as well. | ||
| this.raw = range | ||
| .trim() | ||
| .split(/\s+/) | ||
| .join(' ') | ||
| // First, split based on boolean or || | ||
| this.raw = range | ||
| this.set = range.split(/\s*\|\|\s*/).map(function (range) { | ||
| this.set = this.raw.split('||').map(function (range) { | ||
| return this.parseRange(range.trim()) | ||
@@ -887,3 +934,3 @@ }, this).filter(function (c) { | ||
| if (!this.set.length) { | ||
| throw new TypeError('Invalid SemVer Range: ' + range) | ||
| throw new TypeError('Invalid SemVer Range: ' + this.raw) | ||
| } | ||
@@ -907,24 +954,19 @@ | ||
| var loose = this.options.loose | ||
| range = range.trim() | ||
| // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4` | ||
| var hr = loose ? re[HYPHENRANGELOOSE] : re[HYPHENRANGE] | ||
| var hr = loose ? safeRe[HYPHENRANGELOOSE] : safeRe[HYPHENRANGE] | ||
| range = range.replace(hr, hyphenReplace) | ||
| debug('hyphen replace', range) | ||
| // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` | ||
| range = range.replace(re[COMPARATORTRIM], comparatorTrimReplace) | ||
| debug('comparator trim', range, re[COMPARATORTRIM]) | ||
| range = range.replace(safeRe[COMPARATORTRIM], comparatorTrimReplace) | ||
| debug('comparator trim', range, safeRe[COMPARATORTRIM]) | ||
| // `~ 1.2.3` => `~1.2.3` | ||
| range = range.replace(re[TILDETRIM], tildeTrimReplace) | ||
| range = range.replace(safeRe[TILDETRIM], tildeTrimReplace) | ||
| // `^ 1.2.3` => `^1.2.3` | ||
| range = range.replace(re[CARETTRIM], caretTrimReplace) | ||
| range = range.replace(safeRe[CARETTRIM], caretTrimReplace) | ||
| // normalize spaces | ||
| range = range.split(/\s+/).join(' ') | ||
| // At this point, the range is completely trimmed and | ||
| // ready to be split into comparators. | ||
| var compRe = loose ? re[COMPARATORLOOSE] : re[COMPARATOR] | ||
| var compRe = loose ? safeRe[COMPARATORLOOSE] : safeRe[COMPARATOR] | ||
| var set = range.split(' ').map(function (comp) { | ||
@@ -1005,3 +1047,3 @@ return parseComparator(comp, this.options) | ||
| function replaceTilde (comp, options) { | ||
| var r = options.loose ? re[TILDELOOSE] : re[TILDE] | ||
| var r = options.loose ? safeRe[TILDELOOSE] : safeRe[TILDE] | ||
| return comp.replace(r, function (_, M, m, p, pr) { | ||
@@ -1047,3 +1089,3 @@ debug('tilde', comp, _, M, m, p, pr) | ||
| debug('caret', comp, options) | ||
| var r = options.loose ? re[CARETLOOSE] : re[CARET] | ||
| var r = options.loose ? safeRe[CARETLOOSE] : safeRe[CARET] | ||
| return comp.replace(r, function (_, M, m, p, pr) { | ||
@@ -1107,3 +1149,3 @@ debug('caret', comp, _, M, m, p, pr) | ||
| comp = comp.trim() | ||
| var r = options.loose ? re[XRANGELOOSE] : re[XRANGE] | ||
| var r = options.loose ? safeRe[XRANGELOOSE] : safeRe[XRANGE] | ||
| return comp.replace(r, function (ret, gtlt, M, m, p, pr) { | ||
@@ -1178,6 +1220,6 @@ debug('xRange', comp, ret, gtlt, M, m, p, pr) | ||
| // Looseness is ignored here. star is always as loose as it gets! | ||
| return comp.trim().replace(re[STAR], '') | ||
| return comp.trim().replace(safeRe[STAR], '') | ||
| } | ||
| // This function is passed to string.replace(re[HYPHENRANGE]) | ||
| // This function is passed to string.replace(safeRe[HYPHENRANGE]) | ||
| // M, m, patch, prerelease, build | ||
@@ -1493,3 +1535,3 @@ // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5 | ||
| var match = version.match(re[COERCE]) | ||
| var match = version.match(safeRe[COERCE]) | ||
@@ -1496,0 +1538,0 @@ if (match == null) { |
Fixed alerts
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
63315
2.82%- Lines of code
1308
2.99%- Number of low maintenance alerts
1
-50%- Number of low supply chain risk alerts
0
-100%Worsened metrics
- Dev dependency count
2
100%- Number of package files
6
-14.29%No dependency changes