New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
webdetta - npm Package Compare versions
Comparing version 0.0.70 to 0.0.71
| { | ||
| "name": "webdetta", | ||
| "version": "0.0.70", | ||
| "version": "0.0.71", | ||
| "author": "Fedot Kriutchenko <fodyadev@gmail.com>", | ||
@@ -5,0 +5,0 @@ "description": "", |
@@ -15,5 +15,5 @@ import { processCall } from '../rpc/proto.js'; | ||
| export const parseFn = val => { | ||
| const { rawArgs, body, isArrow } = parser.parse(val); | ||
| const { rawArgs, body, isArrow, isAsync } = parser.parse(val); | ||
| if (isArrow) throw new Error('Arrow functions are not allowed.'); | ||
| return { args: rawArgs, body }; | ||
| return { args: rawArgs, body, isAsync }; | ||
| } | ||
@@ -20,0 +20,0 @@ |
@@ -46,7 +46,10 @@ import { parseFn } from './common.js'; | ||
| const AsyncFunction = (async () => {}).constructor; | ||
| const Function_ = awaitResult => ({ | ||
| Client: NestedSdkEntry((func) => { | ||
| const { args, body } = parseFn(func); | ||
| const { args, body, isAsync } = parseFn(func); | ||
| return { | ||
| client: (handlerId) => localFunction(new Function(...args, body)), | ||
| client: (handlerId) => localFunction( | ||
| new (isAsync ? AsyncFunction : Function)(...args, body) | ||
| ), | ||
| server: (handlerId) => remoteFunction(handlerId, args, awaitResult), | ||
@@ -53,0 +56,0 @@ }; |
@@ -7,4 +7,8 @@ import { validateSdkEntry } from './defs.js'; | ||
| if (typeof obj == 'function') { | ||
| const { args, body } = parseFn(obj); | ||
| return `function (${args.join(',')}) {var ${vars.join(',')};${body.trim()}}`; | ||
| const { args, body, isAsync } = parseFn(obj); | ||
| return [ | ||
| `${isAsync ? 'async ' : ''}function`, | ||
| `(${args.join(',')})`, | ||
| `{var ${vars.join(',')};${body.trim()}}` | ||
| ].join(' '); | ||
| } | ||
@@ -11,0 +15,0 @@ if (Array.isArray(obj)) |
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.63%
31909
- Lines of code
- increased by0.75%
937
- Number of medium supply chain risk alerts
- decreased by-16.67%
5
No dependency changes