@rhinostone/swig 1.4.4 → 1.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.changes/v1.4.5.md +10 -0
- package/.changes/v1.4.6.md +6 -0
- package/HISTORY.md +18 -0
- package/README.md +2 -2
- package/ROADMAP.md +43 -0
- package/bin/swig.js +8 -6
- package/dist/swig.js +1 -1
- package/lib/swig.js +2 -2
- package/package.json +3 -7
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
[1.4.5](https://github.com/gina-io/swig/tree/v1.4.5) / 2026-04-10
|
|
2
|
+
-----------------------------------------------------------------
|
|
3
|
+
|
|
4
|
+
* **Added** GitHub Actions CI workflow (lint + test on PRs and pushes)
|
|
5
|
+
|
|
6
|
+
* **Added** Public roadmap (`ROADMAP.md`)
|
|
7
|
+
|
|
8
|
+
* **Changed** Clean up legacy `paularmstrong` references in documentation
|
|
9
|
+
|
|
10
|
+
* **Security** Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
[1.4.6](https://github.com/gina-io/swig/tree/v1.4.6) / 2026-04-10
|
|
2
|
+
-----------------------------------------------------------------
|
|
3
|
+
|
|
4
|
+
* **Changed** Exclude `.github/` from npm tarball
|
|
5
|
+
|
|
6
|
+
* **Changed** Replace `uglify-js` with `terser` in CLI (`--minify` flag), removing the last Snyk-flagged runtime dependency (ReDoS, CVE in uglify-js@2.4)
|
package/HISTORY.md
CHANGED
|
@@ -1,3 +1,21 @@
|
|
|
1
|
+
[1.4.6](https://github.com/gina-io/swig/tree/v1.4.6) / 2026-04-10
|
|
2
|
+
-----------------------------------------------------------------
|
|
3
|
+
|
|
4
|
+
* **Changed** Exclude `.github/` from npm tarball
|
|
5
|
+
|
|
6
|
+
* **Changed** Replace `uglify-js` with `terser` in CLI (`--minify` flag), removing the last Snyk-flagged runtime dependency (ReDoS, CVE in uglify-js@2.4)
|
|
7
|
+
|
|
8
|
+
[1.4.5](https://github.com/gina-io/swig/tree/v1.4.5) / 2026-04-10
|
|
9
|
+
-----------------------------------------------------------------
|
|
10
|
+
|
|
11
|
+
* **Added** GitHub Actions CI workflow (lint + test on PRs and pushes)
|
|
12
|
+
|
|
13
|
+
* **Added** Public roadmap (`ROADMAP.md`)
|
|
14
|
+
|
|
15
|
+
* **Changed** Clean up legacy `paularmstrong` references in documentation
|
|
16
|
+
|
|
17
|
+
* **Security** Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
|
|
18
|
+
|
|
1
19
|
[1.4.4](https://github.com/gina-io/swig/tree/v1.4.4) / 2026-04-10
|
|
2
20
|
-----------------------------------------------------------------
|
|
3
21
|
|
package/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Swig
|
|
2
2
|
====
|
|
3
3
|
|
|
4
|
-
[](https://www.npmjs.org/package/@rhinostone/swig) [](https://www.npmjs.org/package/@rhinostone/swig)
|
|
4
|
+
[](https://github.com/gina-io/swig/actions/workflows/ci.yml) [](https://www.npmjs.org/package/@rhinostone/swig) [](https://www.npmjs.org/package/@rhinostone/swig)
|
|
5
5
|
|
|
6
6
|
> **Maintained fork.** This is [gina-io/swig](https://github.com/gina-io/swig), a maintained fork of the abandoned [paularmstrong/swig](https://github.com/paularmstrong/swig). Security fixes and critical bug fixes land here; no new features are planned. The original project has not had a release since 2014.
|
|
7
7
|
|
|
@@ -33,7 +33,7 @@ Installation
|
|
|
33
33
|
Documentation
|
|
34
34
|
-------------
|
|
35
35
|
|
|
36
|
-
API reference is generated from [JSDoc](
|
|
36
|
+
API reference is generated from [JSDoc](https://jsdoc.app) comments inline in `lib/swig.js`, `lib/filters.js`, `lib/tags/`, and `lib/loaders/`. Run `make docs` to build and preview the static documentation site locally.
|
|
37
37
|
|
|
38
38
|
Basic Example
|
|
39
39
|
-------------
|
package/ROADMAP.md
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Roadmap
|
|
2
|
+
|
|
3
|
+
Planned work for `@rhinostone/swig`. Updated each release.
|
|
4
|
+
|
|
5
|
+
For bug reports and feature requests, file an issue at [gina-io/swig](https://github.com/gina-io/swig/issues).
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## v1.5.0 (next)
|
|
10
|
+
|
|
11
|
+
| Status | Item |
|
|
12
|
+
| --- | --- |
|
|
13
|
+
| Planned | Full security audit of dependency tree, template pipeline, and CLI argv flow |
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Completed
|
|
18
|
+
|
|
19
|
+
### v1.4.6 (April 2026)
|
|
20
|
+
|
|
21
|
+
- Replace `uglify-js` with `terser` in CLI (`--minify` flag), removing the last Snyk-flagged runtime dependency
|
|
22
|
+
- Exclude `.github/` from npm tarball
|
|
23
|
+
|
|
24
|
+
### v1.4.5 (April 2026)
|
|
25
|
+
|
|
26
|
+
- Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
|
|
27
|
+
- Clean up legacy `paularmstrong` references in documentation
|
|
28
|
+
- GitHub Actions CI workflow (lint + test on PRs and pushes)
|
|
29
|
+
- Public roadmap (`ROADMAP.md`)
|
|
30
|
+
|
|
31
|
+
### v1.4.4 (April 2026)
|
|
32
|
+
|
|
33
|
+
- Block `__proto__`/`constructor`/`prototype` in templates (CVE-2023-25345)
|
|
34
|
+
- Replace `nodelint` with ESLint v8
|
|
35
|
+
- Fix pre-commit hook (exit-code gates, mocha failure detection)
|
|
36
|
+
- Fix mocha `.bin` shim (silent on Node >= 18)
|
|
37
|
+
- Loosen `tests/bin/bin.test.js` fixtures for modern V8
|
|
38
|
+
- Replace `uglify-js` with `terser` in the Makefile build target
|
|
39
|
+
- Update install/require references to `@rhinostone/swig`
|
|
40
|
+
|
|
41
|
+
### v1.4.3 (April 2026)
|
|
42
|
+
|
|
43
|
+
- Pin `minimist` to `^1.2.8` via npm `overrides` (CVE-2021-44906)
|
package/bin/swig.js
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
/*jslint es5: true */
|
|
3
3
|
|
|
4
4
|
var swig = require('../index'),
|
|
5
|
-
|
|
5
|
+
yargs = require('yargs'),
|
|
6
6
|
fs = require('fs'),
|
|
7
7
|
path = require('path'),
|
|
8
8
|
filters = require('../lib/filters'),
|
|
9
9
|
utils = require('../lib/utils'),
|
|
10
|
-
|
|
10
|
+
terser = require('terser');
|
|
11
11
|
|
|
12
12
|
var command,
|
|
13
13
|
wrapstart = 'var tpl = ',
|
|
14
|
-
argv =
|
|
14
|
+
argv = yargs
|
|
15
15
|
.usage('\n Usage:\n' +
|
|
16
16
|
' $0 compile [files] [options]\n' +
|
|
17
17
|
' $0 run [files] [options]\n' +
|
|
@@ -23,7 +23,7 @@ var command,
|
|
|
23
23
|
h: 'Show this help screen.',
|
|
24
24
|
j: 'Variable context as a JSON file.',
|
|
25
25
|
c: 'Variable context as a CommonJS-style file. Used only if option `j` is not provided.',
|
|
26
|
-
m: 'Minify compiled functions with
|
|
26
|
+
m: 'Minify compiled functions with terser',
|
|
27
27
|
'filters': 'Custom filters as a CommonJS-style file',
|
|
28
28
|
'tags': 'Custom tags as a CommonJS-style file',
|
|
29
29
|
'options': 'Customize Swig\'s Options from a CommonJS-style file',
|
|
@@ -43,7 +43,7 @@ var command,
|
|
|
43
43
|
.default('method-name', 'tpl')
|
|
44
44
|
.check(function (argv) {
|
|
45
45
|
if (argv.v) {
|
|
46
|
-
return;
|
|
46
|
+
return true;
|
|
47
47
|
}
|
|
48
48
|
|
|
49
49
|
if (!argv._.length) {
|
|
@@ -62,6 +62,8 @@ var command,
|
|
|
62
62
|
if (argv['method-name'] !== 'tpl') {
|
|
63
63
|
argv['wrap-start'] = 'var ' + argv['method-name'] + ' = ';
|
|
64
64
|
}
|
|
65
|
+
|
|
66
|
+
return true;
|
|
65
67
|
})
|
|
66
68
|
.argv,
|
|
67
69
|
ctx = {},
|
|
@@ -132,7 +134,7 @@ case 'compile':
|
|
|
132
134
|
r = argv['wrap-start'] + r + argv['wrap-end'];
|
|
133
135
|
|
|
134
136
|
if (argv.m) {
|
|
135
|
-
r =
|
|
137
|
+
r = terser.minify_sync(r).code;
|
|
136
138
|
}
|
|
137
139
|
|
|
138
140
|
out(file, r);
|
package/dist/swig.js
CHANGED
|
@@ -2290,7 +2290,7 @@ exports.setDefaultTZOffset = function (offset) {
|
|
|
2290
2290
|
* Create a new, separate Swig compile/render environment.
|
|
2291
2291
|
*
|
|
2292
2292
|
* @example
|
|
2293
|
-
* var swig = require('swig');
|
|
2293
|
+
* var swig = require('@rhinostone/swig');
|
|
2294
2294
|
* var myswig = new swig.Swig({varControls: ['<%=', '%>']});
|
|
2295
2295
|
* myswig.render('Tacos are <%= tacos =>!', { locals: { tacos: 'delicious' }});
|
|
2296
2296
|
* // => Tacos are delicious!
|
package/lib/swig.js
CHANGED
|
@@ -8,11 +8,11 @@ var utils = require('./utils'),
|
|
|
8
8
|
/**
|
|
9
9
|
* Swig version number as a string.
|
|
10
10
|
* @example
|
|
11
|
-
* if (swig.version === "1.4.
|
|
11
|
+
* if (swig.version === "1.4.6") { ... }
|
|
12
12
|
*
|
|
13
13
|
* @type {String}
|
|
14
14
|
*/
|
|
15
|
-
exports.version = "1.4.
|
|
15
|
+
exports.version = "1.4.6";
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
18
|
* Swig Options Object. This object can be passed to many of the API-level Swig methods to control various aspects of the engine. All keys are optional.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rhinostone/swig",
|
|
3
|
-
"version": "1.4.
|
|
3
|
+
"version": "1.4.6",
|
|
4
4
|
"description": "A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"template",
|
|
@@ -21,11 +21,8 @@
|
|
|
21
21
|
"Rhinostone <contact@gina.io>"
|
|
22
22
|
],
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"
|
|
25
|
-
"
|
|
26
|
-
},
|
|
27
|
-
"overrides": {
|
|
28
|
-
"minimist": "^1.2.8"
|
|
24
|
+
"terser": "^5.46.1",
|
|
25
|
+
"yargs": "~3.32"
|
|
29
26
|
},
|
|
30
27
|
"devDependencies": {
|
|
31
28
|
"blanket": "~1.1",
|
|
@@ -41,7 +38,6 @@
|
|
|
41
38
|
"mocha-phantomjs": "~3.1",
|
|
42
39
|
"phantomjs": "~1.9.1",
|
|
43
40
|
"still": "0.0.7",
|
|
44
|
-
"terser": "^5.46.1",
|
|
45
41
|
"travis-cov": "~0.2"
|
|
46
42
|
},
|
|
47
43
|
"license": "MIT",
|