qs 6.4.1 → 6.5.0

package/.editorconfig

@@ -7,14 +7,12 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
-max_line_length = 160
-quote_type = single
+max_line_length = 140
 
 [test/*]
 max_line_length = off
 
 [*.md]
-indent_size = off
 max_line_length = off
 
 [*.json]
@@ -30,15 +28,3 @@ indent_size = 2
 [LICENSE]
 indent_size = 2
 max_line_length = off
-
-[coverage/**/*]
-indent_size = off
-indent_style = off
-indent = off
-max_line_length = off
-
-[dist/*]
-max_line_length = off
-
-[.nycrc]
-indent_style = tab

package/.eslintignore

@@ -0,0 +1 @@
+dist

package/.eslintrc

@@ -3,35 +3,16 @@
 
     "extends": "@ljharb",
 
-    "ignorePatterns": [
-        "dist/",
-    ],
-
     "rules": {
-        "complexity": [2, 29],
+        "complexity": [2, 28],
         "consistent-return": 1,
-        "func-name-matching": 0,
         "id-length": [2, { "min": 1, "max": 25, "properties": "never" }],
         "indent": [2, 4],
-        "max-lines-per-function": 0,
         "max-params": [2, 12],
         "max-statements": [2, 45],
-        "multiline-comment-style": 0,
         "no-continue": 1,
         "no-magic-numbers": 0,
-        "no-param-reassign": 1,
         "no-restricted-syntax": [2, "BreakStatement", "DebuggerStatement", "ForInStatement", "LabeledStatement", "WithStatement"],
-    },
-
-    "overrides": [
-        {
-            "files": "test/**",
-            "rules": {
-                "max-lines-per-function": 0,
-                "max-statements": 0,
-                "no-extend-native": 0,
-                "function-paren-newline": 0,
-            },
-        },
-    ],
+        "operator-linebreak": [2, "before"],
+    }
 }

package/CHANGELOG.md

@@ -1,23 +1,14 @@
-## **6.4.1**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Fix] use `safer-buffer` instead of `Buffer` constructor
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Fix]` `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [meta] add FUNDING.yml
-- [actions] backport actions from main
-- [Tests] remove nonexistent tape option
-- [Dev Deps] backport from main
+## **6.5.0**
+- [New] add `utils.assign`
+- [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
+- [New] `parse`/`stringify`: add `ignoreQueryPrefix`/`addQueryPrefix` options, respectively (#213)
+- [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
+- [Fix] do not mutate `options` argument (#207)
+- [Refactor] `parse`: cache index to reuse in else statement (#182)
+- [Docs] add various badges to readme (#208)
+- [Dev Deps] update `eslint`, `browserify`, `iconv-lite`, `tape`
+- [Tests] up to `node` `v8.1`, `v7.10`, `v6.11`; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
+- [Tests] add `editorconfig-tools`
 
 ## **6.4.0**
 - [New] `qs.stringify`: add `encodeValuesOnly` option
@@ -28,6 +19,13 @@
 - [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
 - [eslint] reduce warnings
 
+## **6.3.2**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Dev Deps] update `eslint`
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
 ## **6.3.1**
 - [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties (thanks, @snyk!)
 - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `iconv-lite`, `qs-iconv`, `tape`
@@ -54,6 +52,12 @@
 - [Tests] skip Object.create tests when null objects are not available
 - [Tests] Turn on eslint for test files (#175)
 
+## **6.2.3**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
 ## **6.2.2**
 - [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
 
@@ -69,6 +73,12 @@
 - [New] add "encoder" and "decoder" options, for custom param encoding/decoding (#160)
 - [Fix] fix compacting of nested sparse arrays (#150)
 
+## **6.1.2
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
 ## **6.1.1**
 - [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
 
@@ -77,6 +87,12 @@
 - [Fix] "sort" option should work at a depth of 3 or more (#151)
 - [Fix] Restore `dist` directory; will be removed in v7 (#148)
 
+## **6.0.4**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
 ## **6.0.3**
 - [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
 - [Fix] Restore `dist` directory; will be removed in v7 (#148)

package/LICENSE

@@ -0,0 +1,28 @@
+Copyright (c) 2014 Nathan LaFreniere and other contributors.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * The names of any contributors may not be used to endorse or promote
+      products derived from this software without specific prior written
+      permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+                                  *   *   *
+
+The complete list of contributors can be found at: https://github.com/hapijs/qs/graphs/contributors

package/README.md

@@ -1,18 +1,15 @@
 # qs <sup>[![Version Badge][2]][1]</sup>
 
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![dependency status][deps-svg]][deps-url]
-[![dev dependency status][dev-deps-svg]][dev-deps-url]
+[![Build Status][3]][4]
+[![dependency status][5]][6]
+[![dev dependency status][7]][8]
 [![License][license-image]][license-url]
 [![Downloads][downloads-image]][downloads-url]
 
-[![npm badge][npm-badge-png]][package-url]
+[![npm badge][11]][1]
 
 A querystring parsing and stringifying library with some added security.
 
-[![Build Status](https://api.travis-ci.org/ljharb/qs.svg)](http://travis-ci.org/ljharb/qs)
-
 Lead Maintainer: [Jordan Harband](https://github.com/ljharb)
 
 The **qs** module was originally created and maintained by [TJ Holowaychuk](https://github.com/visionmedia/node-querystring).
@@ -42,9 +39,9 @@ For example, the string `'foo[bar]=baz'` converts to:
 
 ```javascript
 assert.deepEqual(qs.parse('foo[bar]=baz'), {
-  foo: {
-    bar: 'baz'
-  }
+    foo: {
+        bar: 'baz'
+    }
 });
 ```
 
@@ -66,7 +63,7 @@ URI encoded strings work too:
 
 ```javascript
 assert.deepEqual(qs.parse('a%5Bb%5D=c'), {
-  a: { b: 'c' }
+    a: { b: 'c' }
 });
 ```
 
@@ -74,11 +71,11 @@ You can also nest your objects, like `'foo[bar][baz]=foobarbaz'`:
 
 ```javascript
 assert.deepEqual(qs.parse('foo[bar][baz]=foobarbaz'), {
-  foo: {
-    bar: {
-      baz: 'foobarbaz'
+    foo: {
+        bar: {
+            baz: 'foobarbaz'
+        }
     }
-  }
 });
 ```
 
@@ -87,19 +84,19 @@ By default, when nesting objects **qs** will only parse up to 5 children deep. T
 
 ```javascript
 var expected = {
-  a: {
-    b: {
-      c: {
-        d: {
-          e: {
-            f: {
-              '[g][h][i]': 'j'
+    a: {
+        b: {
+            c: {
+                d: {
+                    e: {
+                        f: {
+                            '[g][h][i]': 'j'
+                        }
+                    }
+                }
             }
-          }
         }
-      }
     }
-  }
 };
 var string = 'a[b][c][d][e][f][g][h][i]=j';
 assert.deepEqual(qs.parse(string), expected);
@@ -121,6 +118,13 @@ var limited = qs.parse('a=b&c=d', { parameterLimit: 1 });
 assert.deepEqual(limited, { a: 'b' });
 ```
 
+To bypass the leading question mark, use `ignoreQueryPrefix`:
+
+```javascript
+var prefixed = qs.parse('?a=b&c=d', { ignoreQueryPrefix: true });
+assert.deepEqual(prefixed, { a: 'b', c: 'd' });
+```
+
 An optional delimiter can also be passed:
 
 ```javascript
@@ -178,7 +182,7 @@ assert.deepEqual(withIndexedEmptyString, { a: ['b', '', 'c'] });
 ```
 
 **qs** will also limit specifying indices in an array to a maximum index of `20`. Any array members with an index of greater than `20` will
-instead be converted to an object with the index as the key. This is needed to handle cases when someone sent, for example, `a[999999999]` and it will take significant time to iterate over this huge array.
+instead be converted to an object with the index as the key:
 
 ```javascript
 var withMaxIndex = qs.parse('a[100]=b');
@@ -236,10 +240,10 @@ assert.equal(unencoded, 'a[b]=c');
 
 Encoding can be disabled for keys by setting the `encodeValuesOnly` option to `true`:
 ```javascript
-var encodedValues  = qs.stringify(
-  { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
-  { encodeValuesOnly: true }
-)
+var encodedValues = qs.stringify(
+    { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
+    { encodeValuesOnly: true }
+);
 assert.equal(encodedValues,'a=b&c[0]=d&c[1]=e%3Df&f[0][0]=g&f[1][0]=h');
 ```
 
@@ -247,8 +251,8 @@ This encoding can also be replaced by a custom encoding method set as `encoder`
 
 ```javascript
 var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str) {
-  // Passed in values `a`, `b`, `c`
-  return // Return encoded string
+    // Passed in values `a`, `b`, `c`
+    return // Return encoded string
 }})
 ```
 
@@ -258,32 +262,8 @@ Analogue to the `encoder` there is a `decoder` option for `parse` to override de
 
 ```javascript
 var decoded = qs.parse('x=z', { decoder: function (str) {
-  // Passed in values `x`, `z`
-  return // Return decoded string
-}})
-```
-
-You can encode keys and values using different logic by using the type argument provided to the encoder:
-
-```javascript
-var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str, defaultEncoder, charset, type) {
-    if (type === 'key') {
-        return // Encoded key
-    } else if (type === 'value') {
-        return // Encoded value
-    }
-}})
-```
-
-The type argument is also provided to the decoder:
-
-```javascript
-var decoded = qs.parse('x=z', { decoder: function (str, defaultDecoder, charset, type) {
-    if (type === 'key') {
-        return // Decoded key
-    } else if (type === 'value') {
-        return // Decoded value
-    }
+    // Passed in values `x`, `z`
+    return // Return decoded string
 }})
 ```
 
@@ -350,6 +330,12 @@ Properties that are set to `undefined` will be omitted entirely:
 assert.equal(qs.stringify({ a: null, b: undefined }), 'a=');
 ```
 
+The query string may optionally be prepended with a question mark:
+
+```javascript
+assert.equal(qs.stringify({ a: 'b', c: 'd' }, { addQueryPrefix: true }), '?a=b&c=d');
+```
+
 The delimiter may be overridden with stringify as well:
 
 ```javascript
@@ -371,7 +357,7 @@ You may use the `sort` option to affect the order of parameter keys:
 
 ```javascript
 function alphabeticalSort(a, b) {
-  return a.localeCompare(b);
+    return a.localeCompare(b);
 }
 assert.equal(qs.stringify({ a: 'c', z: 'y', b : 'f' }, { sort: alphabeticalSort }), 'a=c&b=f&z=y');
 ```
@@ -382,17 +368,17 @@ pass an array, it will be used to select properties and array indices for string
 
 ```javascript
 function filterFunc(prefix, value) {
-  if (prefix == 'b') {
-    // Return an `undefined` value to omit a property.
-    return;
-  }
-  if (prefix == 'e[f]') {
-    return value.getTime();
-  }
-  if (prefix == 'e[g][0]') {
-    return value * 2;
-  }
-  return value;
+    if (prefix == 'b') {
+        // Return an `undefined` value to omit a property.
+        return;
+    }
+    if (prefix == 'e[f]') {
+        return value.getTime();
+    }
+    if (prefix == 'e[g][0]') {
+        return value * 2;
+    }
+    return value;
 }
 qs.stringify({ a: 'b', c: 'd', e: { f: new Date(123), g: [2] } }, { filter: filterFunc });
 // 'a=b&c=d&e[f]=123&e[g][0]=4'
@@ -472,28 +458,18 @@ assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC3986' }), 'a=b%20c');
 assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC1738' }), 'a=b+c');
 ```
 
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-## qs for enterprise
-
-Available as part of the Tidelift Subscription
-
-The maintainers of qs and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/npm-qs?utm_source=npm-qs&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
-
-[package-url]: https://npmjs.org/package/qs
-[npm-version-svg]: https://versionbadg.es/ljharb/qs.svg
-[deps-svg]: https://david-dm.org/ljharb/qs.svg
-[deps-url]: https://david-dm.org/ljharb/qs
-[dev-deps-svg]: https://david-dm.org/ljharb/qs/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/qs#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/qs.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/qs.svg
+[1]: https://npmjs.org/package/qs
+[2]: http://versionbadg.es/ljharb/qs.svg
+[3]: https://api.travis-ci.org/ljharb/qs.svg
+[4]: https://travis-ci.org/ljharb/qs
+[5]: https://david-dm.org/ljharb/qs.svg
+[6]: https://david-dm.org/ljharb/qs
+[7]: https://david-dm.org/ljharb/qs/dev-status.svg
+[8]: https://david-dm.org/ljharb/qs?type=dev
+[9]: https://ci.testling.com/ljharb/qs.png
+[10]: https://ci.testling.com/ljharb/qs
+[11]: https://nodei.co/npm/qs.png?downloads=true&stars=true
+[license-image]: http://img.shields.io/npm/l/qs.svg
 [license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/qs.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=qs
-[codecov-image]: https://codecov.io/gh/ljharb/qs/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/qs/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/qs
-[actions-url]: https://github.com/ljharb/qs/actions
+[downloads-image]: http://img.shields.io/npm/dm/qs.svg
+[downloads-url]: http://npm-stat.com/charts.html?package=qs