serialize-to-js - npm Package Compare versions

Comparing version 1.2.2 to 2.0.0

lib/index.js

 module.exports = {
   serialize: require('./serialize'),
-  serializeToModule: require('./serializeToModule'),
-  deserialize: require('./deserialize')
+  serializeToModule: require('./serializeToModule')
 }

package.json

 {
   "name": "serialize-to-js",
-  "version": "1.2.2",
+  "version": "2.0.0",
   "description": "serialize objects to javascript",
@@ -45,16 +45,14 @@ "keywords": [
   "dependencies": {
-    "js-beautify": "^1.8.9",
-    "safer-eval": "^1.3.0"
+    "js-beautify": "^1.10.0"
   },
   "devDependencies": {
-    "eslint": "^5.11.1",
+    "eslint": "^5.16.0",
     "eslint-config-standard": "^12.0.0",
-    "eslint-plugin-import": "^2.14.0",
-    "eslint-plugin-node": "^8.0.0",
-    "eslint-plugin-promise": "^4.0.1",
+    "eslint-plugin-import": "^2.17.2",
+    "eslint-plugin-node": "^9.0.1",
+    "eslint-plugin-promise": "^4.1.1",
     "eslint-plugin-standard": "^4.0.0",
-    "jsdox": "^0.4.10",
-    "mocha": "^5.2.0",
-    "nyc": "^13.1.0",
-    "rimraf": "^2.6.2"
+    "mocha": "^6.1.4",
+    "nyc": "^14.1.1",
+    "rimraf": "^2.6.3"
   },
@@ -61,0 +59,0 @@ "engines": {

README.md

@@ -95,34 +95,2 @@ # serialize-to-js
 
-### deserialize
-
-`deserialize(str, [context])`
-
-deserialize a serialized object to javascript
-
-> _NOTE_: Deserialization uses `new Function()` for code evaluation which may be "harmful".
-> **SO NOW YOU ARE WARNED!**
-
-Uses [safer-eval][] for deserialization.
-
-#### Example - deserializing regex, date, ...
-
-```js
-var str = '{obj: {foo: "bar"}, arr: [1, "2"], regexp: /^test?$/, date: new Date("2016-04-15T16:22:52.009Z")}'
-var res = deserialize(str)
-console.log(res)
-//> { obj: { foo: 'bar' },
-//>   arr: [ 1, '2' ],
-//>   regexp: /^test?$/,
-//>   date: Sat Apr 16 2016 01:22:52 GMT+0900 (JST) }
-```
-
-**Parameters**
-
-**str**: `String`, string containing serialized data
-
-**context**: (optional) pass context e.g. if requiring Buffer use `{Buffer: Buffer}`.
-
-**Returns**: `Any`, deserialized data
-
-
 ### serializeToModule
@@ -129,0 +97,0 @@

Fixed alerts

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Dependency count

1

decreased by-50%

Dev dependency count

9

decreased by-10%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

16841

decreased by-10.66%

Number of package files

8

decreased by-11.11%

Lines of code

363

decreased by-8.79%

Number of lines in readme file

149

decreased by-17.68%

Dependency changes

• - Removedsafer-eval@^1.3.0

• - Removedclones@1.2.0(transitive)

• - Removedsafer-eval@1.3.6(transitive)

• Updatedjs-beautify@^1.10.0