stencila-js
Advanced tools
Comparing version 0.2.1 to 0.3.0
{ | ||
"name": "stencila-js", | ||
"version": "0.2.1", | ||
"version": "0.3.0", | ||
"description": "Stencila components for Javascript", | ||
@@ -9,2 +9,4 @@ "main": "index.js", | ||
"test": "tape tests | tap-spec", | ||
"test-bundle": "browserify tests/*.test.js > tests/bundle.temp.js", | ||
"test-browser": "browserify tests/*.test.js | testling", | ||
"cover": "istanbul cover tests", | ||
@@ -34,2 +36,3 @@ "docs": "documentation build --config docs/docs.yml --output docs --format html", | ||
"dependencies": { | ||
"buble": "^0.15.2", | ||
"d3": "^4.4.0" | ||
@@ -46,4 +49,5 @@ }, | ||
"tap-spec": "^4.1.1", | ||
"tape": "^4.6.3" | ||
"tape": "^4.6.3", | ||
"testling": "^1.7.1" | ||
} | ||
} |
@@ -11,3 +11,3 @@ ## `stencila/js` : Stencila for Javascript | ||
- a `JsSession` class for executing code in Javascript | ||
- a `JsSession` class for executing chunks of Javascript code | ||
- data `pack` and `unpack` functions for transferring data over the wire and between languages | ||
@@ -17,2 +17,10 @@ | ||
The `JsSession.execute()` method is really just a fancy `eval` with some extra functionality including: | ||
- transpiles Javascript to [ES2015(ES6)](https://en.wikipedia.org/wiki/ECMAScript#6th_Edition_-_ECMAScript_2015) | ||
- provides a `global` scope for persistence of session variables across calls | ||
- unpacks input arguments into a local scope for each call | ||
- returns errors by line number | ||
- provides a `require` function for requiring NPM modules when in the browser | ||
### Install | ||
@@ -27,4 +35,6 @@ | ||
```js | ||
const stencilaJs = require('stencila-js') | ||
// Create a session | ||
let session = new JsSession() | ||
let session = new stencilaJs.JsSession() | ||
@@ -69,2 +79,3 @@ // Evaluate an expression... | ||
Run tests | `npm test` | `make test` | ||
Run tests in the browser | `npm run test-browser`| `make test-browser` | ||
Run tests with coverage | `npm run cover` | `make cover` | ||
@@ -75,2 +86,2 @@ Build documentation | `npm run docs` | `make docs` | ||
Tests live in the `tests` folder and are written using the [`tape`](https://github.com/substack/tape) test harness. And, in another breathtaking display of naming logic, documentation lives in the `docs` folder. Docs are published using Github Pages, so to update them after making changes run `make docs`, commit the updated docs and do a `git push`. | ||
Tests live in the `tests` folder and are written using the [`tape`](https://github.com/substack/tape) test harness. And, in further breathtaking displays of naming logic, documentation lives in the `docs` folder and uses [documentation.js](http://documentation.js.org). Docs are published using Github Pages, so to update them after making changes run `make docs`, commit the updated docs and do a `git push`. |
@@ -0,2 +1,5 @@ | ||
const buble = require('buble') | ||
const {pack, unpack} = require('./packing') | ||
const require_ = typeof window !== 'undefined' ? require('./need') : require | ||
@@ -14,3 +17,10 @@ /** | ||
constructor () { | ||
constructor (options) { | ||
this.options = options || {} | ||
if (typeof this.options.transform === 'undefined') { | ||
// By default transform code chunks whenin the browser | ||
this.options.transform = typeof window !== 'undefined' | ||
} | ||
this.globals = {} | ||
@@ -50,2 +60,4 @@ } | ||
let error = null | ||
// Add inputs to `locals` i.e. the execution's local scope | ||
@@ -64,2 +76,12 @@ let locals = {} | ||
// Transform the code | ||
if (this.options.transform) { | ||
try { | ||
code = buble.transform(code).code | ||
} catch (e) { | ||
// Catch a syntax error | ||
error = e | ||
} | ||
} | ||
// Generate a function body | ||
@@ -76,7 +98,6 @@ let body = 'with(globals){ with(locals){\n' | ||
let func = null | ||
let error = null | ||
try { | ||
func = Function('locals', 'globals', body) // eslint-disable-line no-new-func | ||
func = Function('require', 'locals', 'globals', body) // eslint-disable-line no-new-func | ||
} catch (e) { | ||
// Catch a syntax error | ||
// Catch a syntax error (not caught above if no transformation) | ||
error = e | ||
@@ -89,3 +110,3 @@ } | ||
try { | ||
output = func(locals, this.globals) | ||
output = func(require_, locals, this.globals) | ||
} catch (e) { | ||
@@ -92,0 +113,0 @@ // Catch any errors |
@@ -6,2 +6,14 @@ const {pack} = require('../src/packing') | ||
test('JsSession can be constructed with options', t => { | ||
let s1 = new JsSession() | ||
let s2 = new JsSession({ | ||
transform: true | ||
}) | ||
t.equal(s1.options.transform, typeof window !== 'undefined', 'transform defaults to true in browser, false otherwise') | ||
t.equal(s2.options.transform, true) | ||
t.end() | ||
}) | ||
test('JsSession.execute with no inputs, no errors and no output', function (t) { | ||
@@ -57,1 +69,21 @@ let s = new JsSession() | ||
}) | ||
test('JsSession will transform code to ES2015(ES6)', function (t) { | ||
let s = new JsSession({ | ||
transform: true | ||
}) | ||
t.deepEqual(s.execute('Math.max(...[1,3,2])'), {errors: {}, output: pack(3)}) | ||
t.end() | ||
}) | ||
if (typeof window !== 'undefined') { | ||
test('JsSession can dynamically require NPM modules', t => { | ||
let s = new JsSession() | ||
t.deepEqual(s.execute('let isNumber = require("is-number")\nisNumber(1)'), {errors: {}, output: pack(true)}) | ||
t.end() | ||
}) | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
High entropy strings
Supply chain riskContains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
1067347
19
30215
83
2
10
17
7
+ Addedbuble@^0.15.2
+ Addedacorn@3.3.0(transitive)
+ Addedacorn-jsx@3.0.1(transitive)
+ Addedacorn-object-spread@1.0.0(transitive)
+ Addedansi-regex@2.1.1(transitive)
+ Addedansi-styles@2.2.1(transitive)
+ Addedbuble@0.15.2(transitive)
+ Addedchalk@1.1.3(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedhas-ansi@2.0.0(transitive)
+ Addedmagic-string@0.14.0(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedos-homedir@1.0.2(transitive)
+ Addedstrip-ansi@3.0.1(transitive)
+ Addedsupports-color@2.0.0(transitive)
+ Addedvlq@0.2.3(transitive)