Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Compile time with
for strict mode JavaScript
$ npm install with
var addWith = require('with')
addWith('obj', 'console.log(a)')
// => ';(function (console, a) {
// console.log(a)
// }("console" in obj ? obj.console :
// typeof console!=="undefined" ? console : undefined,
// "a" in obj ? obj.a :
// typeof a !== "undefined" ? a : undefined));'
addWith('obj', 'console.log(a)', ['console'])
// => ';(function (console, a) {
// console.log(a)
// }("a" in obj ? obj.a :
// typeof a !== "undefined" ? a : undefined));'
The idea is that this is roughly equivallent to:
with (obj) {
src
}
There are a few differences though. For starters, assignments to variables will always remain contained within the with block.
e.g.
var foo = 'foo'
with ({}) {
foo = 'bar'
}
assert(foo === 'bar')// => This fails for compile time with but passes for native with
var obj = {foo: 'foo'}
with ({}) {
foo = 'bar'
}
assert(obj.foo === 'bar')// => This fails for compile time with but passes for native with
It also makes everything be declared, so you can always do:
if (foo === undefined)
instead of
if (typeof foo === 'undefined')
This is not the case if foo is in exclude
. If a variable is excluded, we ignore it entirely. This is useful if you know a variable will be global as it can lead to efficiency improvements.
It is also safe to use in strict mode (unlike with
) and it minifies properly (with
disables virtually all minification).
MIT
FAQs
Compile time `with` for strict mode JavaScript
The npm package with receives a total of 565,361 weekly downloads. As such, with popularity was classified as popular.
We found that with demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.