Terser 4.0.0 represents a significant update to the JavaScript parsing, mangling, compression, and beautification toolkit, building upon the foundation laid by version 3.17.0. Both versions maintain the core functionality of Terser, offering robust capabilities for ES6+ JavaScript code manipulation. The primary dependencies, including commander, source-map, and source-map-support, remain consistent between the two releases, ensuring continuity in essential features.
However, a notable difference surfaces in the development dependencies. Terser 4.0.0 seemingly drops the cross-env dependency, present in version 3.17.0. While seemingly minor, the removal of cross-env might suggest changes in the build or testing processes, possibly indicating a shift towards environment-agnostic scripts or a different approach to handling environment variables during development.
Furthermore, the dist object reveals subtle differences. While both versions have the same number of files, Terser 4.0.0 exhibits a slightly smaller unpacked size (3976184 bytes) compared to 3.17.0 (3989944 bytes). This reduction could stem from optimizations in the code, updated dependencies, or changes in how the package is bundled. The release date also highlights the recency of version 4.0.0, released in May 2019, in contrast to the March 2019 release of 3.17.0. For developers, these changes indicate ongoing maintenance and potential improvements in Terser's performance or codebase structure. While the core functionality remains the same, these subtler updates might influence build processes and overall package size.
All the vulnerabilities related to the version 4.0.0 of the package
Terser insecure use of regular expressions leads to ReDoS
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
