tv4 - npm Package Compare versions

Comparing version 1.0.11 to 1.0.13

package.json

 {
   "name": "tv4",
-  "version": "1.0.11",
+  "version": "1.0.13",
   "author": "Geraint Luff",
@@ -5,0 +5,0 @@ "description": "A public domain JSON Schema validator for JavaScript",

README.md

@@ -87,3 +87,3 @@ # Tiny Validator (for v4 JSON Schema)
 
-While they don't occur in proper JSON, JavaScript does support self-referencing objects. Any of the above calls support an optional final argument, checkRecursive. If true, tv4 will handle self-referencing objects properly - this slows down validation slightly, but that's better than a hanging script.
+While they don't occur in proper JSON, JavaScript does support self-referencing objects. Any of the above calls support an optional third argument: `checkRecursive`. If true, tv4 will handle self-referencing objects properly - this slows down validation slightly, but that's better than a hanging script.
 
@@ -102,10 +102,8 @@ Consider this data, notice how both `a` and `b` refer to each other:
 
-If the final checkRecursive argument were missing, this would throw a "too much recursion" error. 
+If the `checkRecursive` argument were missing, this would throw a "too much recursion" error. 
 
-To enable supprot for this pass `true` as additional argument to any of the regular validation methods: 
+To enable support for this, pass `true` as additional argument to any of the regular validation methods: 
 
 ```javascript
 tv4.validate(a, aSchema, true);
-tv4.validate(a, schema, asynchronousFunction, true);
-
 tv4.validateResult(data, aSchema, true); 
@@ -115,2 +113,14 @@ tv4.validateMultiple(data, aSchema, true);
 
+## The `banUnknownProperties` flag
+
+Sometimes, it is desirable to flag all unknown properties as an error.  This is especially useful during development, to catch typos and the like, even when extra custom-defined properties are allowed.
+
+As such, tv4 implements ["ban unknown properties" mode](https://github.com/json-schema/json-schema/wiki/ban-unknown-properties-mode-\(v5-proposal\)), enabled by a fourth-argument flag:
+
+```javascript
+tv4.validate(data, schema, checkRecursive, true);
+tv4.validateResult(data, schema, checkRecursive, true);
+tv4.validateMultiple(data, schema, checkRecursive, true);
+```
+
 ## API
@@ -234,3 +244,3 @@
 
-Add a custom format validator.
+Add a custom format validator. (There are no built-in format validators.)
 
@@ -237,0 +247,0 @@ * `format` is a string, corresponding to the `"format"` value in schemas.

tv4.js

@@ -135,3 +135,5 @@ /*
 		this.scannedFrozenSchemas = [];
-		this.key = 'tv4_validation_id';
+		this.scannedFrozenValidationErrors = [];
+		this.validatedSchemasKey = 'tv4_validation_id';
+		this.validationErrorsKey = 'tv4_validation_errors_id';
 	}
@@ -243,10 +245,10 @@ if (trackUnknownProperties) {
 ValidatorContext.prototype.searchSchemas = function (schema, url) {
-	if (typeof schema.id === "string") {
-		if (isTrustedUrl(url, schema.id)) {
-			if (this.schemas[schema.id] === undefined) {
-				this.schemas[schema.id] = schema;
+	if (schema && typeof schema === "object") {
+		if (typeof schema.id === "string") {
+			if (isTrustedUrl(url, schema.id)) {
+				if (this.schemas[schema.id] === undefined) {
+					this.schemas[schema.id] = schema;
+				}
 			}
 		}
-	}
-	if (typeof schema === "object") {
 		for (var key in schema) {
@@ -335,9 +337,22 @@ if (key !== "enum") {
 
+	var startErrorCount = this.errors.length;
+	var frozenIndex, scannedFrozenSchemaIndex = null, scannedSchemasIndex = null;
 	if (this.checkRecursive && (typeof data) === 'object') {
 		topLevel = !this.scanned.length;
-		if (data[this.key] && data[this.key].indexOf(schema) !== -1) { return null; }
-		var frozenIndex;
+		if (data[this.validatedSchemasKey]) {
+			var schemaIndex = data[this.validatedSchemasKey].indexOf(schema);
+			if (schemaIndex !== -1) {
+				this.errors = this.errors.concat(data[this.validationErrorsKey][schemaIndex]);
+				return null;
+			}
+		}
 		if (Object.isFrozen(data)) {
 			frozenIndex = this.scannedFrozen.indexOf(data);
-			if (frozenIndex !== -1 && this.scannedFrozenSchemas[frozenIndex].indexOf(schema) !== -1) { return null; }
+			if (frozenIndex !== -1) {
+				var frozenSchemaIndex = this.scannedFrozenSchemas[frozenIndex].indexOf(schema);
+				if (frozenSchemaIndex !== -1) {
+					this.errors = this.errors.concat(this.scannedFrozenValidationErrors[frozenIndex][frozenSchemaIndex]);
+					return null;
+				}
+			}
 		}
@@ -351,16 +366,25 @@ this.scanned.push(data);
 			}
-			this.scannedFrozenSchemas[frozenIndex].push(schema);
+			scannedFrozenSchemaIndex = this.scannedFrozenSchemas[frozenIndex].length;
+			this.scannedFrozenSchemas[frozenIndex][scannedFrozenSchemaIndex] = schema;
+			this.scannedFrozenValidationErrors[frozenIndex][scannedFrozenSchemaIndex] = [];
 		} else {
-			if (!data[this.key]) {
+			if (!data[this.validatedSchemasKey]) {
 				try {
-					Object.defineProperty(data, this.key, {
+					Object.defineProperty(data, this.validatedSchemasKey, {
 						value: [],
 						configurable: true
 					});
+					Object.defineProperty(data, this.validationErrorsKey, {
+						value: [],
+						configurable: true
+					});
 				} catch (e) {
 					//IE 7/8 workaround
-					data[this.key] = [];
+					data[this.validatedSchemasKey] = [];
+					data[this.validationErrorsKey] = [];
 				}
 			}
-			data[this.key].push(schema);
+			scannedSchemasIndex = data[this.validatedSchemasKey].length;
+			data[this.validatedSchemasKey][scannedSchemasIndex] = schema;
+			data[this.validationErrorsKey][scannedSchemasIndex] = [];
 		}
@@ -382,3 +406,3 @@ }
 			var item = this.scanned.pop();
-			delete item[this.key];
+			delete item[this.validatedSchemasKey];
 		}
@@ -399,2 +423,8 @@ this.scannedFrozen = [];
 	}
+	
+	if (scannedFrozenSchemaIndex !== null) {
+		this.scannedFrozenValidationErrors[frozenIndex][scannedFrozenSchemaIndex] = this.errors.slice(startErrorCount);
+	} else if (scannedSchemasIndex !== null) {
+		data[this.validationErrorsKey][scannedSchemasIndex] = this.errors.slice(startErrorCount);
+	}
 
@@ -1004,9 +1034,9 @@ return this.handleError(error);
 function normSchema(schema, baseUri) {
-	if (baseUri === undefined) {
-		baseUri = schema.id;
-	} else if (typeof schema.id === "string") {
-		baseUri = resolveUrl(baseUri, schema.id);
-		schema.id = baseUri;
-	}
-	if (typeof schema === "object") {
+	if (schema && typeof schema === "object") {
+		if (baseUri === undefined) {
+			baseUri = schema.id;
+		} else if (typeof schema.id === "string") {
+			baseUri = resolveUrl(baseUri, schema.id);
+			schema.id = baseUri;
+		}
 		if (Array.isArray(schema)) {
@@ -1013,0 +1043,0 @@ for (var i = 0; i < schema.length; i++) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

403

increased by2.54%

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

58669

decreased by-45.43%

Number of package files

6

decreased by-14.29%

Lines of code

1292

decreased by-19.25%

No dependency changes