npm - msgpackr - Versions diffs - 1.10.0 → 1.10.2 - Mend

msgpackr 1.10.0 → 1.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +1 -0
package/dist/index-no-eval.cjs +41 -19
package/dist/index-no-eval.cjs.map +1 -1
package/dist/index-no-eval.min.js +1 -1
package/dist/index-no-eval.min.js.map +1 -1
package/dist/index.js +41 -19
package/dist/index.js.map +1 -1
package/dist/index.min.js +1 -1
package/dist/index.min.js.map +1 -1
package/dist/node.cjs +41 -19
package/dist/node.cjs.map +1 -1
package/dist/test.js +75 -20
package/dist/test.js.map +1 -1
package/dist/unpack-no-eval.cjs +21 -4
package/dist/unpack-no-eval.cjs.map +1 -1
package/index.d.cts +1 -0
package/index.d.ts +1 -0
package/pack.js +20 -15
package/package.json +1 -1
package/unpack.js +21 -4

package/dist/node.cjs CHANGED Viewed

@@ -914,7 +914,7 @@ function readKey() {
 			return readFixedString(length)
 	} else { // not cacheable, go back and do a standard read
 		position$1--;
-		return read().toString()
+		return asSafeString(read())
 	}
 	let key = ((length << 5) ^ (length > 1 ? dataView.getUint16(position$1) : length > 0 ? src[position$1] : 0)) & 0xfff;
 	let entry = keyCache[key];
@@ -966,9 +966,17 @@ function readKey() {
 	return entry.string = readFixedString(length)
 }
+function asSafeString(property) {
+	// protect against expensive (DoS) string conversions
+	if (typeof property === 'string') return property;
+	if (typeof property === 'number' || typeof property === 'boolean' || typeof property === 'bigint') return property.toString();
+	if (property == null) return property + '';
+	throw new Error('Invalid property type for record', typeof property);
+}
 // the registration of the record definition extension (as "r")
 const recordDefinition = (id, highByte) => {
-	let structure = read().map(property => property.toString()); // ensure that all keys are strings and that the array is mutable
+	let structure = read().map(asSafeString); // ensure that all keys are strings and
+	// that the array is mutable
 	let firstByte = id;
 	if (highByte !== undefined) {
 		id = id < 32 ? -((highByte << 5) + id) : ((highByte << 5) + id);
@@ -1002,11 +1010,12 @@ currentExtensions[0x42] = (data) => {
 let errors = { Error, TypeError, ReferenceError };
 currentExtensions[0x65] = () => {
 	let data = read();
-	return (errors[data[0]] || Error)(data[1])
+	return (errors[data[0]] || Error)(data[1], { cause: data[2] })
 };
 currentExtensions[0x69] = (data) => {
 	// id extension (for structured clones)
+	if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 	let id = dataView.getUint32(position$1 - 4);
 	if (!referenceMap)
 		referenceMap = new Map();
@@ -1030,6 +1039,7 @@ currentExtensions[0x69] = (data) => {
 currentExtensions[0x70] = (data) => {
 	// pointer extension (for structured clones)
+	if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 	let id = dataView.getUint32(position$1 - 4);
 	let refEntry = referenceMap.get(id);
 	refEntry.used = true;
@@ -1044,8 +1054,15 @@ let glbl = typeof globalThis === 'object' ? globalThis : window;
 currentExtensions[0x74] = (data) => {
 	let typeCode = data[0];
 	let typedArrayName = typedArrays[typeCode];
-	if (!typedArrayName)
+	if (!typedArrayName) {
+		if (typeCode === 16) {
+			let ab = new ArrayBuffer(data.length - 1);
+			let u8 = new Uint8Array(ab);
+			u8.set(data.subarray(1));
+			return ab;
+		}
 		throw new Error('Could not find typed array for code ' + typeCode)
+	}
 	// we have to always slice/copy here to get a new ArrayBuffer that is word/byte aligned
 	return new glbl[typedArrayName](Uint8Array.prototype.slice.call(data, 1).buffer)
 };
@@ -1352,10 +1369,14 @@ class Packr extends Unpackr {
 								return packr.pack(value, encodeOptions)
 							}
 							packr.lastNamedStructuresLength = sharedLength;
+							// don't keep large buffers around
+							if (target.length > 0x40000000) target = null;
 							return returnBuffer
 						}
 					}
 				}
+				// don't keep large buffers around, they take too much memory and cause problems (limit at 1GB)
+				if (target.length > 0x40000000) target = null;
 				if (encodeOptions & RESET_BUFFER_MODE)
 					position = start;
 			}
@@ -1578,7 +1599,7 @@ class Packr extends Unpackr {
 					}
 					let constructor = value.constructor;
 					if (constructor === Object) {
-						writeObject(value, true);
+						writeObject(value);
 					} else if (constructor === Array) {
 						packArray(value);
 					} else if (constructor === Map) {
@@ -1674,8 +1695,8 @@ class Packr extends Unpackr {
 							if (type === 'function')
 								return pack(this.writeFunction && this.writeFunction(value));
-							// no extension found, write as object
-							writeObject(value, !value.hasOwnProperty); // if it doesn't have hasOwnProperty, don't do hasOwnProperty checks
+							// no extension found, write as plain object
+							writeObject(value);
 						}
 					}
 				}
@@ -1762,13 +1783,13 @@ class Packr extends Unpackr {
 				}
 			}
 		} :
-		(object, safePrototype) => {
+		(object) => {
 			target[position++] = 0xde; // always using map 16, so we can preallocate and set the length afterwards
 			let objectOffset = position - start;
 			position += 2;
 			let size = 0;
 			for (let key in object) {
-				if (safePrototype || object.hasOwnProperty(key)) {
+				if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 					pack(key);
 					pack(object[key]);
 					size++;
@@ -1780,12 +1801,12 @@ class Packr extends Unpackr {
 		const writeRecord = this.useRecords === false ? writePlainObject :
 		(options.progressiveRecords && !useTwoByteRecords) ?  // this is about 2% faster for highly stable structures, since it only requires one for-in loop (but much more expensive when new structure needs to be written)
-		(object, safePrototype) => {
+		(object) => {
 			let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 			let objectOffset = position++ - start;
 			let wroteKeys;
 			for (let key in object) {
-				if (safePrototype || object.hasOwnProperty(key)) {
+				if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 					nextTransition = transition[key];
 					if (nextTransition)
 						transition = nextTransition;
@@ -1824,10 +1845,10 @@ class Packr extends Unpackr {
 					insertNewRecord(transition, Object.keys(object), objectOffset, 0);
 			}
 		} :
-		(object, safePrototype) => {
+		(object) => {
 			let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 			let newTransitions = 0;
-			for (let key in object) if (safePrototype || object.hasOwnProperty(key)) {
+			for (let key in object) if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 				nextTransition = transition[key];
 				if (!nextTransition) {
 					nextTransition = transition[key] = Object.create(null);
@@ -1847,7 +1868,7 @@ class Packr extends Unpackr {
 			}
 			// now write the values
 			for (let key in object)
-				if (safePrototype || object.hasOwnProperty(key)) {
+				if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 					pack(object[key]);
 				}
 		};
@@ -1855,8 +1876,8 @@ class Packr extends Unpackr {
 		// craete reference to useRecords if useRecords is a function
 		const checkUseRecords = typeof this.useRecords == 'function' && this.useRecords;
-		const writeObject = checkUseRecords ? (object, safePrototype) => {
-			checkUseRecords(object) ? writeRecord(object,safePrototype) : writePlainObject(object,safePrototype);
+		const writeObject = checkUseRecords ? (object) => {
+			checkUseRecords(object) ? writeRecord(object) : writePlainObject(object);
 		} : writeRecord;
 		const makeRoom = (end) => {
@@ -1961,7 +1982,7 @@ class Packr extends Unpackr {
 				target[insertionOffset + start] = keysTarget[0];
 			}
 		};
-		const writeStruct = (object, safePrototype) => {
+		const writeStruct = (object) => {
 			let newPosition = writeStructSlots(object, target, start, position, structures, makeRoom, (value, newPosition, notifySharedUpdate) => {
 				if (notifySharedUpdate)
 					return hasSharedUpdate = true;
@@ -1975,7 +1996,7 @@ class Packr extends Unpackr {
 				return position;
 			}, this);
 			if (newPosition === 0) // bail and go to a msgpack object
-				return writeObject(object, true);
+				return writeObject(object);
 			position = newPosition;
 		};
 	}
@@ -2053,7 +2074,7 @@ extensions = [{
 			target[position++] = 0x65; // 'e' for error
 			target[position++] = 0;
 		}
-		pack([ error.name, error.message ]);
+		pack([ error.name, error.message, error.cause ]);
 	}
 }, {
 	pack(regex, allocateForWrite, pack) {
@@ -2106,6 +2127,7 @@ function writeExtBuffer(typedArray, type, allocateForWrite, encode) {
 	}
 	target[position++] = 0x74; // "t" for typed array
 	target[position++] = type;
+	if (!typedArray.buffer) typedArray = new Uint8Array(typedArray);
 	target.set(new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength), position);
 }
 function writeBuffer(buffer, allocateForWrite) {