stacktracey - npm Package Compare versions

Comparing version 2.0.18 to 2.0.19

package.json

 {
   "name": "stacktracey",
-  "version": "2.0.18",
+  "version": "2.0.19",
   "description": "Parses call stacks. Reads sources. Clean & filtered output. Sourcemaps. Node & browsers.",
@@ -5,0 +5,0 @@ "main": "stacktracey",

stacktracey.js

@@ -115,3 +115,4 @@ "use strict";
 
-            if ((planA = line.match (/at (.+) \((.+)\)/)) ||
+            if ((planA = line.match (/at (.+) \(eval at .+ \((.+)\), .+\)/)) || // eval calls
+                (planA = line.match (/at (.+) \((.+)\)/)) ||
                 ((line.slice (0, 3) !== 'at ') && (planA = line.match (/(.*)@(.*)/)))) {
@@ -118,0 +119,0 @@

test.js

@@ -303,2 +303,13 @@ "use strict";
 
+    it('parses "eval at" stuff', () => {
+        function bar() {
+            const entry = new StackTracey().items[1]
+            entry.callee.should.equal('eval')
+            entry.fileName.should.equal('test.js')
+        }
+        function foo() {
+            eval('bar()')
+        }
+        foo()
+    })
 })
@@ -305,0 +316,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

43102

increased by0.94%

Lines of code

538

increased by2.28%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes