terser - npm Package Compare versions

Comparing version 5.16.6 to 5.16.8

CHANGELOG.md

 # Changelog
 
+## v5.16.8
+
+ - Become even less conservative around function definitions for `reduce_vars`
+ - Fix parsing context of `import.meta` expressions such that method calls are allowed
+
 ## v5.16.7
@@ -4,0 +9,0 @@

lib/compress/reduce-vars.js

@@ -74,2 +74,3 @@ /***********************************************************************
     AST_PropAccess,
+    AST_Scope,
     AST_Sequence,
@@ -95,2 +96,3 @@ AST_SimpleStatement,
     walk,
+    walk_abort,
     walk_body,
@@ -452,5 +454,3 @@
     clear_flag(this, INLINED);
-
     push(tw);
-
     reset_variables(tw, compressor, this);
@@ -490,5 +490,82 @@
 
+    handle_defined_after_hoist(this);
+
     return true;
 }
 
+/**
+ * It's possible for a hoisted function to use something that's not defined yet. Example:
+ *
+ * hoisted();
+ * var defined_after = true;
+ * function hoisted() {
+ *   // use defined_after
+ * }
+ *
+ * This function is called on the parent to handle this issue.
+ */
+function handle_defined_after_hoist(parent) {
+    const defuns = [];
+    walk(parent, node => {
+        if (node === parent) return;
+        if (node instanceof AST_Defun) defuns.push(node);
+        if (
+            node instanceof AST_Scope
+            || node instanceof AST_SimpleStatement
+        ) return true;
+    });
+
+    for (const defun of defuns) {
+        const fname_def = defun.name.definition();
+        const found_self_ref_in_other_defuns = defuns.some(
+            d => d !== defun && d.enclosed.indexOf(fname_def) !== -1
+        );
+
+        for (const def of defun.enclosed) {
+            if (
+                def.fixed === false
+                || def === fname_def
+                || def.scope.get_defun_scope() !== parent
+            ) {
+                continue;
+            }
+
+            // defun is hoisted, so always safe
+            if (
+                def.assignments === 0
+                && def.orig.length === 1
+                && def.orig[0] instanceof AST_SymbolDefun
+            ) {
+                continue;
+            }
+
+            if (found_self_ref_in_other_defuns) {
+                def.fixed = false;
+                continue;
+            }
+
+            // Detect `call_defun(); var used_in_defun = ...`
+            // Because `used_in_defun` can no longer be fixed
+            let found_defun = false;
+            let found_def_after_defun = false;
+            walk(parent, node => {
+                if (node === defun) return true;
+
+                if (node instanceof AST_Symbol) {
+                    if (!found_defun && node.thedef === fname_def) {
+                        found_defun = true;
+                    } else if (found_defun && node.thedef === def) {
+                        found_def_after_defun = true;
+                        return walk_abort;
+                    }
+                }
+            });
+
+            if (found_def_after_defun) {
+                def.fixed = false;
+            }
+        }
+    }
+}
+
 def_reduce_vars(AST_Lambda, mark_lambda);
@@ -614,2 +691,5 @@
     reset_variables(tw, compressor, this);
+    descend();
+    handle_defined_after_hoist(this);
+    return true;
 });
@@ -616,0 +696,0 @@

package.json

@@ -7,3 +7,3 @@ {
   "license": "BSD-2-Clause",
-  "version": "5.16.6",
+  "version": "5.16.8",
   "engines": {
@@ -10,0 +10,0 @@ "node": ">=10"

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2073635

increased by0.21%

Number of package files

42

increased by2.44%

Lines of code

59057

increased by0.22%

Worsened metrics

Number of low supply chain risk alerts

7

increased by16.67%

No dependency changes