Class-transformer is a valuable npm package designed for streamlined object transformation, serialization, and deserialization in JavaScript and TypeScript projects, leveraging decorators for clean and efficient code. Comparing versions 0.1.8 and 0.1.7, developers will find that the core functionality remains consistent, focused on converting plain JavaScript objects to class instances and vice versa. While seemingly minor, the update from 0.1.7 to 0.1.8, released on October 3, 2017, from the version released on June 27, 2017, suggests bug fixes and incremental improvements aimed at enhancing stability and performance.
Both versions share identical development dependencies, indicating a consistent build and testing environment. This includes essential tools like TypeScript for type checking, TSLint for code linting, Gulp for task automation, and Mocha and Chai for robust unit testing. Developers already familiar with the 0.1.7 setup will find a seamless transition to 0.1.8 as the development workflow stays the same.
For those considering using class-transformer, it's important to note its reliance on reflect-metadata. Ensure this peer dependency is properly configured in your project. Choosing between version 0.1.7 and 0.1.8 primarily depends on prioritizing the latest bug fixes and minor enhancements. Given the similar feature set and development dependencies, opting for 0.1.8 ensures you're working with the most up-to-date and refined iteration of the package.
All the vulnerabilities related to the version 0.1.8 of the package
Prototype pollution in class-transformer
class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload.
