Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
tmp - npm Package Compare versions
+24
-9
@@ -529,12 +529,22 @@ /*! | ||
| /** | ||
| * Check the prefix and postfix options | ||
| * Check the prefix, postfix, and template options. | ||
| * | ||
| * Rejects non-string inputs so that a non-string `.includes('..')` cannot evade | ||
| * the substring check (e.g. an Array whose `.includes('..')` is element-wise, | ||
| * or a duck-typed object with a custom `.includes`), and so that the value is | ||
| * not later coerced to a string with traversal sequences via `Array.prototype.join` | ||
| * or `path.join`. | ||
| * | ||
| * @private | ||
| */ | ||
| function _assertPath(path) { | ||
| if (path.includes("..")) { | ||
| function _assertPath(option, value) { | ||
| if (typeof value !== 'string') { | ||
| throw new Error(`${option} option must be a string, got "${typeof value}".`); | ||
| } | ||
| if (value.includes("..")) { | ||
| throw new Error("Relative value not allowed"); | ||
| } | ||
| return path; | ||
| return value; | ||
| } | ||
@@ -562,4 +572,9 @@ | ||
| /* istanbul ignore else */ | ||
| if (!_isUndefined(options.template) && !options.template.match(TEMPLATE_PATTERN)) { | ||
| throw new Error(`Invalid template, found "${options.template}".`); | ||
| if (!_isUndefined(options.template)) { | ||
| if (typeof options.template !== 'string') { | ||
| throw new Error(`template option must be a string, got "${typeof options.template}".`); | ||
| } | ||
| if (!options.template.match(TEMPLATE_PATTERN)) { | ||
| throw new Error(`Invalid template, found "${options.template}".`); | ||
| } | ||
| } | ||
@@ -580,5 +595,5 @@ | ||
| // for completeness' sake only, also keep (multiple) blanks if the user, purportedly sane, requests us to | ||
| options.prefix = _isUndefined(options.prefix) ? '' : _assertPath(options.prefix); | ||
| options.postfix = _isUndefined(options.postfix) ? '' : _assertPath(options.postfix); | ||
| options.template = _isUndefined(options.template) ? undefined : _assertPath(options.template); | ||
| options.prefix = _isUndefined(options.prefix) ? '' : _assertPath('prefix', options.prefix); | ||
| options.postfix = _isUndefined(options.postfix) ? '' : _assertPath('postfix', options.postfix); | ||
| options.template = _isUndefined(options.template) ? undefined : _assertPath('template', options.template); | ||
| } | ||
@@ -585,0 +600,0 @@ |
+4
-16
| { | ||
| "name": "tmp", | ||
| "version": "0.2.6", | ||
| "version": "0.2.7", | ||
| "description": "Temporary file and directory creator", | ||
| "author": "KARASZI István <github@spam.raszi.hu>", | ||
| "contributors": [ | ||
| "Carsten Klein <trancesilken@gmail.com> (https://github.com/silkentrance)" | ||
| ], | ||
| "keywords": [ | ||
| "temporary", | ||
| "tmp", | ||
| "temp", | ||
| "tempdir", | ||
| "tempfile", | ||
| "tmpdir", | ||
| "tmpfile" | ||
| ], | ||
| "contributors": ["Carsten Klein <trancesilken@gmail.com> (https://github.com/silkentrance)"], | ||
| "keywords": ["temporary", "tmp", "temp", "tempdir", "tempfile", "tmpdir", "tmpfile"], | ||
| "license": "MIT", | ||
@@ -36,5 +26,3 @@ "repository": "https://github.com/raszi/node-tmp.git", | ||
| "main": "lib/tmp.js", | ||
| "files": [ | ||
| "lib/" | ||
| ], | ||
| "files": ["lib/"], | ||
| "changelog": { | ||
@@ -41,0 +29,0 @@ "labels": { |
No alert changes
Improved metrics
- Total package byte prevSize
40248
1.62%- Lines of code
754
1.89%No dependency changes