Comments (9)
The usage of eval
has already been removed from this module, so there wouldn't be any further changes to remove it as it no longer exists.
from nodejs-depd.
https://github.com/dougwilson/nodejs-depd/blob/master/History.md#200--2018-10-26
from nodejs-depd.
The official doc for eval() has a big fat yellow warning at the top, saying:
Warning: Executing JavaScript from a string is an enormous security risk. It is far too easy for a bad actor to run arbitrary code when you use eval(). See Never use eval()!, below.
There's a certain irony in the fact that the very module which warns other developers about deprecated code uses deprecated code itself. Not only that, but the most well-known deprecated function and kind-of the mother of all deprecated functions in JavaScript.
from nodejs-depd.
Hi @benbucksch you can view the current code for this module right here on GitHub... There is no eval()
usage. It was removed 3 years ago from this module.
from nodejs-depd.
Oh, right...
So, why does express depending explicitly on an outdated depd version, even in the latest version of express?
https://github.com/expressjs/express/blob/28db2c2c5cf992c897d1fbbc6b119ee02fe32ab1/package.json#L39
"depd": "~1.1.2",
The other deps are also "~" instead of "^". Are they just being silly?
from nodejs-depd.
Hi @benbucksch there are hundreds of modules that depend on this module. The downstream modules (like this one) do not have control over how others decide to use it. Of course, the removal of eval
was a major version change in this module, so perhaps there is some kind of incompatibility with it or something, I'm not sure off-hand. Even if it was ^1.1.2
it would still not pick up the 2.0.0 release in that version range.
from nodejs-depd.
@dougwilson : Yes, I understand that, but express is a rather popular module. I now tried to file a bug against express, but for some reason, I cannot ("You can't perform that action at this time."). I see that you made the most recent commits in express, so it's not a third party module from your perspective, but you're active in express as well. Could you see to it that this is fixed in express, please?
from nodejs-depd.
Hi @benbucksch sure, I will take a look in to it when I get some time. In the future, please try to keep issues to the respective issue tracker they belong in; perhaps GitHub is having an issue at the moment or something. I would move the issue, but issues cannot be moved across organizations.
This issue is closed, but mainly because there is no issue in this module as the usage of eval
has already been removed and published to npm as an update for dependent modules to upgrade to as they can.
from nodejs-depd.
Yup, sorry about that. I didn't realize that I was using an outdated dependency.
from nodejs-depd.
Related Issues (20)
- Fail gracefully in unsupported browsers HOT 15
- Drop eval usage HOT 21
- line info is not help HOT 8
- Cannot redefine property: callSiteToString HOT 2
- Call-site calculation does not fail gracefully when Stack information is unavailable HOT 14
- Call site calculation fails when importing an esm'ed package that imports sequelize internally HOT 14
- Respect --no-deprecation and process.noDeprecation HOT 17
- TypeError: eval is not a function HOT 8
- Why is this library overwriting Error type? HOT 5
- Turkish Language Problem HOT 2
- Incopatibile with --enable-source-maps node 12 option HOT 7
- (!) Use of eval is strongly discouraged, rollup HOT 1
- compatibility with Node.js' source-map implementation HOT 12
- please rewrite nodejs-depd with modern syntax HOT 1
- Compatibility with --disallow-code-generation-from-strings HOT 9
- Calling `process.cwd()` from index.js can be problematic HOT 4
- callSite.getFileName() is not Function HOT 5
- `callSite.getFileName` is not a function HOT 10
- NodeJS 20.11.0 fails when building snapshot.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodejs-depd.