New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
webdetta - npm Package Compare versions
Comparing version 0.0.68 to 0.0.69
| { | ||
| "name": "webdetta", | ||
| "version": "0.0.68", | ||
| "version": "0.0.69", | ||
| "author": "Fedot Kriutchenko <fodyadev@gmail.com>", | ||
@@ -5,0 +5,0 @@ "description": "", |
@@ -6,9 +6,14 @@ import { processCall } from '../rpc/proto.js'; | ||
| const parser = FunctionParser(); | ||
| parser.use((self) => (node, result) => { | ||
| if (!Array.isArray(node.params)) return; | ||
| result.rawArgs = []; | ||
| for (const [param, i] of node.params.map((d, i) => [d, i])) { | ||
| const { start, end } = param.loc; | ||
| result.rawArgs[i] = result.value.slice(start.index, end.index); | ||
| } | ||
| }); | ||
| export const parseFn = val => { | ||
| const { args, defaults, body, isArrow, isAsync } = parser.parse(val); | ||
| const { rawArgs, body, isArrow } = parser.parse(val); | ||
| if (isArrow) throw new Error('Arrow functions are not allowed.'); | ||
| const args_ = args | ||
| .map(d => defaults[d] ? d + '=' + defaults[d] : d) | ||
| .join(', '); | ||
| return { args: args_, body, isAsync }; | ||
| return { args: rawArgs, body }; | ||
| } | ||
@@ -15,0 +20,0 @@ |
@@ -46,10 +46,7 @@ import { parseFn } from './common.js'; | ||
| const AsyncFunction = Object.getPrototypeOf(async function(){}).constructor; | ||
| const Function_ = awaitResult => ({ | ||
| Client: NestedSdkEntry((func) => { | ||
| const { args, body, isAsync } = parseFn(func); | ||
| const { args, body } = parseFn(func); | ||
| return { | ||
| client: (handlerId) => localFunction( | ||
| new (isAsync ? AsyncFunction : Function)(...args, body) | ||
| ), | ||
| client: (handlerId) => localFunction(new Function(...args, body)), | ||
| server: (handlerId) => remoteFunction(handlerId, args, awaitResult), | ||
@@ -68,3 +65,3 @@ }; | ||
| export const Func = Function_(true); | ||
| export const Event = Function_(false); | ||
| export const Proc = Function_(false); | ||
@@ -75,5 +72,5 @@ export const validateSdkEntry = (entry) => { | ||
| 'SDK entries must be decorated with one of the following functions: ', | ||
| 'Func, Event, State.' | ||
| 'Func, Proc, State.' | ||
| ].join('')); | ||
| } | ||
| } |
@@ -7,7 +7,5 @@ import { validateSdkEntry } from './defs.js'; | ||
| if (typeof obj == 'function') { | ||
| const { args, body, isAsync } = parseFn(obj); | ||
| return ( | ||
| `${isAsync ? 'async' : ''} function (${args})` + | ||
| `{var ${vars.join(',')};${body.trim()}}` | ||
| ); | ||
| const { args, body } = parseFn(obj); | ||
| return | ||
| `function (${args.join(',')}) {var ${vars.join(',')};${body.trim()}}`; | ||
| } | ||
@@ -29,3 +27,3 @@ if (Array.isArray(obj)) | ||
| const clientCode = rpcURL => clientCodeCache[rpcURL] ??= [ | ||
| `import SDK from 'webdetta/sdk/client';`, | ||
| `import SDK from "webdetta/sdk/client";`, | ||
| `export default SDK.WS("${rpcURL}", ${obj2code(clientEntries, ['SDK'])});` | ||
@@ -83,3 +81,3 @@ ].join('\n'); | ||
| res.contentType('text/javascript'); | ||
| res.send(clientCode(url)); | ||
| res.send(clientCode(url, transport)); | ||
| } |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.01%
31715
Worsened metrics
- Number of medium supply chain risk alerts
- increased by20%
6
No dependency changes