🚀. Socket Launch Week Day 2:Introducing Manifest Alerts.Learn more
Sign In

typebox

Package Overview
Dependencies
Maintainers
1
Versions
146
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

typebox - npm Package Compare versions

Comparing version
1.1.36
 to
1.1.37
+3
-1
build/guard/guard.d.mts

@@ -52,2 +52,4 @@ /** Returns true if this value is an array */

export declare function TakeLeft<T, True extends (left: T, right: T[]) => unknown, False extends () => unknown>(array: T[], true_: True, false_: False): ReturnType<True> | ReturnType<False>;
/** Returns true if the PropertyKey is Unsafe (ref: prototype-pollution). */
export declare function IsUnsafePropertyKey(key: PropertyKey): boolean;
/** Returns true if this value has this property key */

@@ -61,3 +63,3 @@ export declare function HasPropertyKey<Key extends PropertyKey>(value: object, key: Key): value is {

export declare function Entries<Value extends unknown = unknown>(value: Record<PropertyKey, Value>): [string, Value][];
/** Returns the property keys for this object via `Object.getOwnPropertyKeys({ ... })` */
/** Returns property keys for this object via `Object.getOwnPropertyKeys({ ... })` */
export declare function Keys(value: Record<PropertyKey, unknown>): string[];

@@ -64,0 +66,0 @@ /** Returns the property keys for this object via `Object.getOwnPropertyKeys({ ... })` */

+6
-3
build/guard/guard.mjs

@@ -172,6 +172,9 @@ import * as String from './string.mjs';

// --------------------------------------------------------------------------
/** Returns true if the PropertyKey is Unsafe (ref: prototype-pollution). */
export function IsUnsafePropertyKey(key) {
return IsEqual(key, '__proto__') || IsEqual(key, 'constructor') || IsEqual(key, 'prototype');
}
/** Returns true if this value has this property key */
export function HasPropertyKey(value, key) {
const isProtoField = IsEqual(key, '__proto__') || IsEqual(key, 'constructor');
return isProtoField ? Object.prototype.hasOwnProperty.call(value, key) : key in value;
return IsUnsafePropertyKey(key) ? Object.prototype.hasOwnProperty.call(value, key) : key in value;
}

@@ -186,3 +189,3 @@ /** Returns object entries as `[RegExp, Value][]` */

}
/** Returns the property keys for this object via `Object.getOwnPropertyKeys({ ... })` */
/** Returns property keys for this object via `Object.getOwnPropertyKeys({ ... })` */
export function Keys(value) {

@@ -189,0 +192,0 @@ return Object.getOwnPropertyNames(value);

+11
-1
build/schema/pointer/pointer.mjs

@@ -14,2 +14,10 @@ // deno-fmt-ignore-file

}
function AssertIndex(index) {
if (Guard.IsUnsafePropertyKey(index))
throw Error('Pointer contains unsafe property key');
}
function AssertIndices(indices) {
for (const index of indices)
AssertIndex(index);
}
// ------------------------------------------------------------------

@@ -31,3 +39,3 @@ // Indices

function GetIndex(index, value) {
return Guard.IsObject(value) ? value[index] : undefined;
return Guard.IsObject(value) && !Guard.IsUnsafePropertyKey(index) ? value[index] : undefined;
}

@@ -75,2 +83,3 @@ function GetIndices(indices, value) {

AssertNotRoot(indices);
AssertIndices(indices);
const [head, index] = TakeIndexRight(indices);

@@ -89,2 +98,3 @@ const parent = GetIndices(head, value);

AssertNotRoot(indices);
AssertIndices(indices);
const [head, index] = TakeIndexRight(indices);

@@ -91,0 +101,0 @@ const parent = GetIndices(head, value);

+4
-3
build/value/clone/clone.mjs

@@ -21,6 +21,8 @@ // deno-fmt-ignore-file

const result = {};
for (const key of Object.getOwnPropertyNames(value)) {
for (const key of Guard.Keys(value)) {
if (Guard.IsUnsafePropertyKey(key))
continue; // (ignore: prototype-pollution)
result[key] = Clone(value[key]);
}
for (const key of Object.getOwnPropertySymbols(value)) {
for (const key of Guard.Symbols(value)) {
result[key] = Clone(value[key]);

@@ -30,3 +32,2 @@ }

}
Object.create({});
// ------------------------------------------------------------------

@@ -33,0 +34,0 @@ // Object

+6
-0
build/value/delta/diff.mjs

@@ -40,2 +40,4 @@ // deno-fmt-ignore-file

continue;
if (Guard.IsUnsafePropertyKey(key))
continue;
yield CreateInsert(`${path}/${key}`, right[key]);

@@ -49,2 +51,4 @@ }

continue;
if (Guard.IsUnsafePropertyKey(key))
continue;
if (Equal(left, right))

@@ -60,2 +64,4 @@ continue;

continue;
if (Guard.IsUnsafePropertyKey(key))
continue;
yield CreateDelete(`${path}/${key}`);

@@ -62,0 +68,0 @@ }

+13
-0
build/value/mutate/from_object.mjs

@@ -6,2 +6,12 @@ // deno-fmt-ignore-file

import { FromValue } from './from_value.mjs';
// ------------------------------------------------------------------
// AssertKey
// ------------------------------------------------------------------
function AssertKey(key) {
if (Guard.IsUnsafePropertyKey(key))
throw Error('Attempted to Mutate with unsafe property key');
}
// ------------------------------------------------------------------
// AssertKey
// ------------------------------------------------------------------
export function FromObject(root, path, current, next) {

@@ -15,2 +25,3 @@ if (!Guard.IsObjectNotArray(current)) {

for (const currentKey of currentKeys) {
AssertKey(currentKey);
if (!nextKeys.includes(currentKey)) {

@@ -21,2 +32,3 @@ delete current[currentKey];

for (const nextKey of nextKeys) {
AssertKey(nextKey);
if (!currentKeys.includes(nextKey)) {

@@ -27,2 +39,3 @@ current[nextKey] = next[nextKey];

for (const nextKey of nextKeys) {
AssertKey(nextKey);
FromValue(root, `${path}/${nextKey}`, current[nextKey], next[nextKey]);

@@ -29,0 +42,0 @@ }

+1
-1
package.json
{
"name": "typebox",
"description": "Json Schema Type Builder with Static Type Resolution for TypeScript",
"version": "1.1.36",
"version": "1.1.37",
"keywords": [

@@ -6,0 +6,0 @@ "typescript",