Underscore.js offers functional programming utilities in JavaScript, appealing to developers seeking concise and readable code. Comparing versions 1.10.0 and 1.9.2 reveals key updates. Both share the same core functionality and MIT license, ensuring freedom in usage. The repository and author remain consistent, indicating continued maintenance by Jeremy Ashkenas.
Significant differences emerge in development dependencies. Version 1.10.0 introduces husky for Git hook management, enhancing code quality with automated checks, rollup for modern module bundling, improving performance, and eslint-plugin-import for better ES module handling, reducing import errors. Furthermore, the update to eslint from 1.10.x to ^6.8.0 offers enhanced linting capabilities.
The dist object exposes substantial updates. Version 1.10.0 sees an increase in fileCount from 6 to 11 and unpackedSize nearly triples, reflecting added features, improvements of existing methods and potentially more comprehensive documentation and tests. The releaseDate also highlights a more recent release (March 2020) compared to version 1.9.2 (January 2020).
These upgrades showcase Underscore's commitment to modern development practices, code quality, and performance optimization. When deciding which version to use, developers should consider the benefits of the newer dependencies, especially if they desire enhanced module bundling, pre-commit hooks and standardized code.
All the vulnerabilities related to the version 1.10.0 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
