Hoek is a general-purpose Node.js utility library, offering a suite of helpful functions for everyday development tasks such as object cloning, deep property access, type checking, and array manipulation. Comparing versions 6.0.3 and 6.0.2, while both share the same core functionality and development dependencies (code for testing and lab for behavioral testing), subtle differences exist that might interest developers.
The primary distinction lies in the release dates, with version 6.0.3 being released on November 11, 2018, subsequent to version 6.0.2's release on November 6, 2018. This suggests that 6.0.3 likely includes bug fixes, minor enhancements, or performance improvements addressing issues identified or refined in the preceding version. Although the devDependencies remained the same, suggesting no major changes in the testing methodologies, the unpacked size of the library varies slightly, with 6.0.3 weighing in at 28585 bytes compared to 6.0.2's 29235 bytes. This indicates potential compressions or optimizations in the newer version. As a developer, favoring 6.0.3 ensures you're leveraging the most up-to-date and potentially refined iteration of the Hoek utility library, benefiting from any subtle under-the-hood improvements. Hoek is released under the permissive BSD-3-Clause license, which makes it easy to integrate into a wide variety of projects.
All the vulnerabilities related to the version 6.0.3 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
