Comparing version 0.18.8 to 1.0.0
{ | ||
"name": "ses", | ||
"version": "0.18.8", | ||
"version": "1.0.0", | ||
"description": "Hardened JavaScript for Fearless Cooperation", | ||
@@ -38,2 +38,3 @@ "keywords": [ | ||
".": { | ||
"types": "./types.d.ts", | ||
"import": "./index.js", | ||
@@ -43,2 +44,3 @@ "require": "./dist/ses.cjs" | ||
"./lockdown": { | ||
"types": "./types.d.ts", | ||
"import": "./index.js", | ||
@@ -65,7 +67,7 @@ "require": "./dist/ses.cjs" | ||
"dependencies": { | ||
"@endo/env-options": "^0.1.4" | ||
"@endo/env-options": "^1.0.0" | ||
}, | ||
"devDependencies": { | ||
"@endo/compartment-mapper": "^0.9.2", | ||
"@endo/static-module-record": "^0.8.2", | ||
"@endo/compartment-mapper": "^1.0.0", | ||
"@endo/static-module-record": "^1.0.0", | ||
"@endo/test262-runner": "^0.1.32", | ||
@@ -80,3 +82,3 @@ "ava": "^5.3.0", | ||
"eslint-plugin-eslint-comments": "^3.1.2", | ||
"eslint-plugin-import": "^2.27.5", | ||
"eslint-plugin-import": "^2.29.0", | ||
"prettier": "^3.0.0", | ||
@@ -186,3 +188,6 @@ "sinon": "^15.1.0", | ||
}, | ||
"gitHead": "9c779d317c4b02133172dbe142c5b2d1727efc49" | ||
"typeCoverage": { | ||
"atLeast": 81.13 | ||
}, | ||
"gitHead": "6aa22009bf8128575c446aebceb0f9a01459d165" | ||
} |
@@ -196,3 +196,3 @@ /** | ||
* at As explained at | ||
* https://github.com/endojs/endo/blob/master/packages/ses/lockdown-options.md#overridetaming-options | ||
* https://github.com/endojs/endo/blob/master/packages/ses/docs/lockdown.md#overridetaming-options | ||
* Open the triangles at the bottom of that section. | ||
@@ -199,0 +199,0 @@ */ |
@@ -177,2 +177,6 @@ // @ts-check | ||
const makeCausalConsole = (baseConsole, loggedErrorHandler) => { | ||
if (!baseConsole) { | ||
return undefined; | ||
} | ||
const { getStackString, tagError, takeMessageLogArgs, takeNoteLogArgsArray } = | ||
@@ -179,0 +183,0 @@ loggedErrorHandler; |
@@ -86,5 +86,5 @@ // @ts-check | ||
* | ||
* @param {VirtualConsole} baseConsole | ||
* @param {VirtualConsole | undefined} baseConsole | ||
* @param {LoggedErrorHandler} loggedErrorHandler | ||
* @returns {VirtualConsole} | ||
* @returns {VirtualConsole | undefined} | ||
*/ |
// @ts-check | ||
import { TypeError, globalThis } from '../commons.js'; | ||
import { | ||
TypeError, | ||
apply, | ||
defineProperty, | ||
freeze, | ||
globalThis, | ||
} from '../commons.js'; | ||
import { loggedErrorHandler as defaultHandler } from './assert.js'; | ||
@@ -10,5 +16,32 @@ import { makeCausalConsole } from './console.js'; | ||
const wrapLogger = (logger, thisArg) => | ||
freeze((...args) => apply(logger, thisArg, args)); | ||
// eslint-disable-next-line no-restricted-globals | ||
const originalConsole = console; | ||
const originalConsole = /** @type {VirtualConsole} */ ( | ||
// eslint-disable-next-line no-nested-ternary | ||
typeof console !== 'undefined' | ||
? console | ||
: typeof print === 'function' | ||
? // Make a good-enough console for eshost (including only functions that | ||
// log at a specific level with no special argument interpretation). | ||
// https://console.spec.whatwg.org/#logging | ||
(p => freeze({ debug: p, log: p, info: p, warn: p, error: p }))( | ||
// eslint-disable-next-line no-undef | ||
wrapLogger(print), | ||
) | ||
: undefined | ||
); | ||
// Upgrade a log-only console (as in `eshost -h SpiderMonkey`). | ||
if (originalConsole && originalConsole.log) { | ||
for (const methodName of ['warn', 'error']) { | ||
if (!originalConsole[methodName]) { | ||
defineProperty(originalConsole, methodName, { | ||
value: wrapLogger(originalConsole.log, originalConsole), | ||
}); | ||
} | ||
} | ||
} | ||
/** | ||
@@ -44,6 +77,7 @@ * Wrap console unless suppressed. | ||
} | ||
const ourConsole = | ||
const ourConsole = /** @type {VirtualConsole} */ ( | ||
consoleTaming === 'unsafe' | ||
? originalConsole | ||
: makeCausalConsole(originalConsole, loggedErrorHandler); | ||
: makeCausalConsole(originalConsole, loggedErrorHandler) | ||
); | ||
@@ -50,0 +84,0 @@ // Attach platform-specific error traps such that any error that gets thrown |
@@ -7,3 +7,3 @@ // @ts-check | ||
* | ||
* @param {*} flag The truthy/falsy value | ||
* @param {any} flag The truthy/falsy value | ||
* @param {Details=} optDetails The details to throw | ||
@@ -55,4 +55,4 @@ * @param {ErrorConstructor=} ErrorConstructor An optional alternate error | ||
* Assert that two values must be `Object.is`. | ||
* @param {*} actual The value we received | ||
* @param {*} expected What we wanted | ||
* @param {any} actual The value we received | ||
* @param {any} expected What we wanted | ||
* @param {Details=} optDetails The details to throw | ||
@@ -206,3 +206,3 @@ * @param {ErrorConstructor=} ErrorConstructor An optional alternate error | ||
* @callback AssertQuote | ||
* @param {*} payload What to declassify | ||
* @param {any} payload What to declassify | ||
* @param {(string|number)=} spaces | ||
@@ -209,0 +209,0 @@ * @returns {StringablePayload} The declassified payload |
@@ -113,6 +113,8 @@ import { | ||
perCompartmentGlobals.Compartment = makeCompartmentConstructor( | ||
makeCompartmentConstructor, | ||
intrinsics, | ||
markVirtualizedNativeFunction, | ||
perCompartmentGlobals.Compartment = freeze( | ||
makeCompartmentConstructor( | ||
makeCompartmentConstructor, | ||
intrinsics, | ||
markVirtualizedNativeFunction, | ||
), | ||
); | ||
@@ -149,3 +151,3 @@ | ||
{ | ||
const f = makeEvalFunction(evaluator); | ||
const f = freeze(makeEvalFunction(evaluator)); | ||
markVirtualizedNativeFunction(f); | ||
@@ -160,3 +162,3 @@ defineProperty(globalObject, 'eval', { | ||
{ | ||
const f = makeFunctionConstructor(evaluator); | ||
const f = freeze(makeFunctionConstructor(evaluator)); | ||
markVirtualizedNativeFunction(f); | ||
@@ -163,0 +165,0 @@ defineProperty(globalObject, 'Function', { |
@@ -28,2 +28,3 @@ // Copyright (C) 2018 Agoric | ||
noEvalEvaluate, | ||
getOwnPropertyNames, | ||
} from './commons.js'; | ||
@@ -155,3 +156,3 @@ import { makeHardener } from './make-hardener.js'; | ||
// is useful. See | ||
// [`stackFiltering` options](https://github.com/Agoric/SES-shim/blob/master/packages/ses/lockdown-options.md#stackfiltering-options) | ||
// [`stackFiltering` options](https://github.com/Agoric/SES-shim/blob/master/packages/ses/docs/lockdown.md#stackfiltering-options) | ||
// for an explanation. | ||
@@ -163,10 +164,14 @@ | ||
errorTaming = getenv('LOCKDOWN_ERROR_TAMING', 'safe'), | ||
errorTrapping = getenv('LOCKDOWN_ERROR_TRAPPING', 'platform'), | ||
unhandledRejectionTrapping = getenv( | ||
'LOCKDOWN_UNHANDLED_REJECTION_TRAPPING', | ||
'report', | ||
errorTrapping = /** @type {"platform" | "none" | "report" | "abort" | "exit" | undefined} */ ( | ||
getenv('LOCKDOWN_ERROR_TRAPPING', 'platform') | ||
), | ||
unhandledRejectionTrapping = /** @type {"none" | "report" | undefined} */ ( | ||
getenv('LOCKDOWN_UNHANDLED_REJECTION_TRAPPING', 'report') | ||
), | ||
regExpTaming = getenv('LOCKDOWN_REGEXP_TAMING', 'safe'), | ||
localeTaming = getenv('LOCKDOWN_LOCALE_TAMING', 'safe'), | ||
consoleTaming = getenv('LOCKDOWN_CONSOLE_TAMING', 'safe'), | ||
consoleTaming = /** @type {'unsafe' | 'safe' | undefined} */ ( | ||
getenv('LOCKDOWN_CONSOLE_TAMING', 'safe') | ||
), | ||
overrideTaming = getenv('LOCKDOWN_OVERRIDE_TAMING', 'moderate'), | ||
@@ -391,2 +396,14 @@ stackFiltering = getenv('LOCKDOWN_STACK_FILTERING', 'concise'), | ||
// Harden evaluators | ||
tamedHarden(globalThis.Function); | ||
tamedHarden(globalThis.eval); | ||
// @ts-ignore Compartment does exist on globalThis | ||
tamedHarden(globalThis.Compartment); | ||
// Harden Symbol and properties for initialGlobalPropertyNames in the host realm | ||
tamedHarden(globalThis.Symbol); | ||
for (const prop of getOwnPropertyNames(initialGlobalPropertyNames)) { | ||
tamedHarden(globalThis[prop]); | ||
} | ||
return tamedHarden; | ||
@@ -393,0 +410,0 @@ }; |
@@ -1417,2 +1417,4 @@ /* eslint-disable no-restricted-globals */ | ||
resolve: fn, | ||
// https://github.com/tc39/proposal-promise-with-resolvers | ||
withResolvers: fn, | ||
'@@species': getter, | ||
@@ -1419,0 +1421,0 @@ }, |
@@ -61,4 +61,7 @@ /** | ||
exports: Array<string>; | ||
/** | ||
* Note that this value does _not_ contain any numeric or symbol property keys, which can theoretically be members of `exports` in a CommonJS module. | ||
*/ | ||
execute( | ||
proxiedExports: Object, | ||
proxiedExports: Record<string, any>, | ||
compartment: Compartment, | ||
@@ -65,0 +68,0 @@ resolvedImports: Record<string, string>, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
3074237
65913
0
+ Added@endo/env-options@1.1.5(transitive)
- Removed@endo/env-options@0.1.4(transitive)
Updated@endo/env-options@^1.0.0