sift - npm Package Compare versions

Comparing version 9.0.0 to 9.0.1

changelog.md

@@ -0,1 +1,5 @@
+## 9.0.0
+
+- (behavior change) toJSON works for vanilla objects.
+
 ## 8.5.1
@@ -2,0 +6,0 @@

lib/index.js

@@ -449,5 +449,13 @@ "use strict";
   $where: function $where(query) {
-    return typeof query === "string"
-      ? new Function("obj", "return " + query)
-      : query;
+    if (typeof query === "function") {
+      return query;
+    }
+
+    if (!process.env.CSP_ENABLED) {
+      return new Function("obj", "return " + query);
+    }
+
+    throw new Error(
+      'In CSP mode, sift does not support strings in "$where" condition'
+    );
   },
@@ -454,0 +462,0 @@

package.json

 {
   "name": "sift",
   "description": "mongodb query style array filtering",
-  "version": "9.0.0",
+  "version": "9.0.1",
   "repository": "crcn/sift.js",
@@ -40,3 +40,6 @@ "author": {
   "scripts": {
-    "build": "mkdir -p lib; babel src/index.js > lib/index.js; webpack",
+    "build": "mkdir -p lib; babel src/index.js > lib/index.js",
+    "build.min": "webpack",
+    "build.csp": "CSP_ENABLED=1 webpack",
+    "postbuild": "npm run build.min && npm run build.csp",
     "build:watch": "mkdir -p lib; babel --watch  src/index.js --out-file=lib/index.js",
@@ -43,0 +46,0 @@ "test": "mocha ./test -R spec --compilers js:babel-core/register"

README.md

@@ -171,3 +171,3 @@ ## validate objects & filter arrays with mongodb queries
 //filtered: ['Craig','Tim']
-sift({ $exists: true }, ["Craig", null, "Tim"]);
+sift({ $exists: true })(["Craig", null, "Tim"]);
 ```
@@ -174,0 +174,0 @@

sift.min.js

@@ -299,7 +299,4 @@ !(function(n, t) {
           },
-          $where: function(n) {
-            return "string" == typeof n
-              ? new Function("obj", "return " + n)
-              : n;
-          },
+          $where: n =>
+            "function" == typeof n ? n : new Function("obj", "return " + n),
           $elemMatch: function(n, t, r) {
@@ -454,1 +451,2 @@ return v(r)(n);
 });
+//# sourceMappingURL=sift.min.js.map

src/index.js

@@ -405,6 +405,14 @@ /*
 
-  $where: function(query) {
-    return typeof query === "string"
-      ? new Function("obj", "return " + query)
-      : query;
+  $where(query) {
+    if (typeof query === "function") {
+      return query;
+    }
+
+    if (!process.env.CSP_ENABLED) {
+      return new Function("obj", "return " + query);
+    }
+
+    throw new Error(
+      'In CSP mode, sift does not support strings in "$where" condition'
+    );
   },
@@ -411,0 +419,0 @@

webpack.config.js

@@ -1,6 +0,5 @@
-const { resolve } = require("path");
-const fs = require("fs");
+const { DefinePlugin } = require("webpack");
 
 module.exports = {
-  devtool: "none",
+  devtool: "source-map",
   mode: "production",
@@ -14,3 +13,3 @@ entry: {
     libraryTarget: "umd",
-    filename: "sift.min.js"
+    filename: `sift.${process.env.CSP_ENABLED ? "csp." : ""}min.js`
   },
@@ -22,3 +21,10 @@ resolve: {
     rules: []
-  }
+  },
+  plugins: [
+    new DefinePlugin({
+      "process.env.CSP_ENABLED": JSON.stringify(
+        process.env.CSP_ENABLED || false
+      )
+    })
+  ]
 };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

340729

increased by27.74%

Number of package files

28

increased by12%

Lines of code

3591

increased by15.06%

Worsened metrics

Number of low supply chain risk alerts

3

increased by50%

No dependency changes