Hoek is a general-purpose Node.js utility library designed to simplify common programming tasks. Examining versions 6.1.3 and 6.1.2 reveals subtle but potentially important differences for developers. Both versions share identical core metadata: descriptive name and purpose, a BSD-3-Clause license, and the same development dependencies, "code" and "lab," suggesting a consistent testing and quality assurance approach. They also utilize the same Git repository.
The key distinction lies in the "dist" object, where unpackedSize and releaseDate diverge noticeably. Version 6.1.3, released on March 27, 2019, has an unpacked size of 31095 bytes, slightly larger than version 6.1.2 (released December 1, 2018) at 30873 bytes. This ~200 byte increase might indicate bug fixes, minor feature additions, or even just changes in code formatting. While the fileCount remains consistent at 8, developers should be aware of the more recent release date, implying that v6.1.3 benefits from the latest bug fixes and potentially security patches. Developers should always prioritize the latest stable version for projects to ensure compatibility, improved functionality, and security, even if the changes appear incremental. Consider reviewing the changelog for more detailed information regarding the specific changes between the two versions.
All the vulnerabilities related to the version 6.1.3 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
