		@@ -0,1 +1,9 @@
		v3.6.0 (2018-05-11)
		-------------------
		[new] Support for custom source extensions
		[new] WIP support for disallowing Promise
		[fix] Prevent slow unsafe alloc for Buffers
		[fix] Refactors around defaults
		[fix] Types definition update

		v3.5.2 (2017-10-04)
		@@ -2,0 +10,0 @@ -------------------

index.d.ts

		@@ -44,2 +44,5 @@ /**
		timeout?: number;

		/** File extensions that the internal module resolver should accept. */
		sourceExtensions?: string[]
		}
		@@ -69,3 +72,3 @@
		/** Runs the VMScript object */
		run(script: VMScript): any;
		run(script: VMScript, path?: string): any;

		@@ -120,3 +123,3 @@ /** Freezes the object inside VM making it read-only. Not available for primitive values. */
		export class VMScript {
		constructor(code: string, path: string);
		constructor(code: string, path?: string);
		/** Wraps the code */
		@@ -123,0 +126,0 @@ wrap(prefix: string, postfix: string): VMScript;

lib/contextify.js

		@@ -232,3 +232,3 @@ 'use strict'
		} else if (value instanceof WeakSet) { return Decontextify.instance(value, host.WeakSet, deepTraps, flags);
		} else if (value instanceof Promise) { return Decontextify.instance(value, host.Promise, deepTraps, flags);
		} else if (Promise && value instanceof Promise) { return Decontextify.instance(value, host.Promise, deepTraps, flags);
		} else {
		@@ -235,0 +235,0 @@ return Decontextify.object(value, traps, deepTraps, flags, mock);

lib/main.js

		@@ -62,5 +62,5 @@ const fs = require('fs');

		wrap(prefix, postfix) {
		wrap(prefix, suffix) {
		if (this._wrapped) return this;
		this.code = prefix + this.code + postfix;
		this.code = prefix + this.code + suffix;
		this._wrapped = true;
		@@ -115,5 +115,5 @@ return this;
		this.options = {
		timeout: options.timeout != null ? options.timeout : undefined,
		sandbox: options.sandbox != null ? options.sandbox : null,
		compiler: options.compiler != null ? options.compiler : 'javascript'
		timeout: options.timeout,
		sandbox: options.sandbox,
		compiler: options.compiler \|\| 'javascript'
		};
		@@ -248,9 +248,10 @@
		this.options = {
		sandbox: options.sandbox != null ? options.sandbox : null,
		console: options.console != null ? options.console : 'inherit',
		require: options.require != null ? options.require : false,
		compiler: options.compiler != null ? options.compiler : 'javascript',
		require: options.require != null ? options.require : false,
		nesting: options.nesting != null ? options.nesting : false,
		wrapper: options.wrapper != null ? options.wrapper : 'commonjs'
		sandbox: options.sandbox,
		console: options.console \|\| 'inherit',
		require: options.require \|\| false,
		compiler: options.compiler \|\| 'javascript',
		require: options.require \|\| false,
		nesting: options.nesting \|\| false,
		wrapper: options.wrapper \|\| 'commonjs',
		sourceExtensions: options.sourceExtensions \|\| ['js']
		};
		@@ -257,0 +258,0 @@

lib/sandbox.js

		@@ -39,4 +39,10 @@ const {Script} = host.require('vm');
		}
		},
		[".js"](module, filename, dirname) {
		}
		};


		for (var i = 0; i < vm.options.sourceExtensions.length; i++) {
		var ext = vm.options.sourceExtensions[i];

		EXTENSIONS["." + ext] = (module, filename, dirname) => {
		if (vm.options.require.context !== 'sandbox') {
		@@ -76,3 +82,3 @@ try {
		}
		};
		}

		@@ -93,4 +99,6 @@ /**
		// load as file

		if (fs.existsSync(`${path}.js`)) return `${path}.js`;
		for (var i = 0; i < vm.options.sourceExtensions.length; i++) {
		var ext = vm.options.sourceExtensions[i];
		if (fs.existsSync(`${path}.${ext}`)) return `${path}.${ext}`;
		}
		if (fs.existsSync(`${path}.node`)) return `${path}.node`;
		@@ -112,3 +120,7 @@ if (fs.existsSync(`${path}.json`)) return `${path}.json`;

		if (fs.existsSync(`${path}/index.js`)) return `${path}/index.js`;
		for (var i = 0; i < vm.options.sourceExtensions.length; i++) {
		var ext = vm.options.sourceExtensions[i];
		if (fs.existsSync(`${path}/index.${ext}`)) return `${path}/index.${ext}`;
		}

		if (fs.existsSync(`${path}/index.node`)) return `${path}/index.node`;
		@@ -260,3 +272,2 @@
		// lookup extensions

		if (EXTENSIONS[extname]) {
		@@ -263,0 +274,0 @@ EXTENSIONS[extname](module, filename, dirname);

package.json

		@@ -16,3 +16,3 @@ {
		],
		"version": "3.5.2",
		"version": "3.6.0",
		"main": "index.js",
		@@ -19,0 +19,0 @@ "repository": {

README.md

		@@ -96,3 +96,3 @@ # vm2 [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Package Quality][quality-image]][quality-url] [![Travis CI][travis-image]][travis-url]

		IMPORTANT: Timeout is only effective on code you run through `run`. Timeout is NOT effective on any method returned by VM.
		IMPORTANT: Timeout is only effective on synchronous code you run through `run`. Timeout is NOT effective on any method returned by VM.

		@@ -127,2 +127,3 @@ ```javascript
		* `compiler` - `javascript` (default) or `coffeescript` or custom compiler function (which receives the code, and it's filepath). The library expects you to have coffee-script pre-installed if the compiler is set to `coffeescript`.
		* `sourceExtensions` - Array of file extensions to treat as source code (default: `['js']`).
		* `require` - `true` or object to enable `require` method (default: `false`).
		@@ -268,3 +269,3 @@ * `require.external` - `true` or an array of allowed external modules (default: `false`).

		## Protected objects (experimental)
		## Protected objects (experimental)

		@@ -327,2 +328,9 @@ Unlike `freeze`, this method allows sandboxed script to add/modify/delete properties on object with one exception - it is not possible to attach functions. Sandboxed script is therefore not able to modify methods like `toJSON`, `toString` or `inspect`.

		## Deployment

		1. Update the CHANGELOG
		2. Update the `package.json` version number
		3. Commit the changes
		4. Run `npm publish`

		## Sponsors
		@@ -334,3 +342,3 @@

		Copyright (c) 2014-2017 Patrik Simek
		Copyright (c) 2014-2018 Patrik Simek

		@@ -337,0 +345,0 @@ The MIT License

vm2 - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics