npm - socket-function - Versions diffs - 0.145.0 → 0.146.0 - Mend

socket-function 0.145.0 → 0.146.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/require/RequireController.ts +1 -5

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "socket-function",
-	"version": "0.145.0",
+	"version": "0.146.0",
 	"main": "index.js",
 	"license": "MIT",
 	"dependencies": {

package/require/RequireController.ts CHANGED Viewed

@@ -419,11 +419,7 @@ async function compressCached(bufferKey: string, buffer: () => Buffer): Promise<
 }
 export function getIsAllowClient(module: NodeJS.Module) {
-    // TODO: Support blacklisting private modules.
-    if (module.filename.includes("node_modules")) {
-        // The packages are public anyway, so we might as well allow serving them client-side. They still need to be included server side, so this doesn't create any vulnerabilities.
-        return true;
-    }
+    // IMPORTANT! We do not allow everything in node modules by default, as most things in node modules, you don't want to import client-side, and it will break if you import it client-side. Many of these are imported, but will never end up being called client-side, so it's fine to exclude them.
     return module.allowclient && !module.serveronly;
 }