Word-wrap is a lightweight npm package designed to wrap words to a specified length, ideal for formatting text in terminals, generating user interfaces, or any situation needing text to fit within defined boundaries. Comparing version 1.1.0 and the prior stable version 1.0.3 reveals several key updates. While both versions share the same fundamental functionality and MIT license, indicating permissive usage, there are differences in the development dependencies and repository URL structure.
Specifically, version 1.0.3 uses specific versions of the dev dependencies mocha and should, specifying the version using ^ notation which allow patch and minor upgrades, while version 1.1.0 uses a more open ended mocha version, likely aiming for broader compatibility. Looking at the repository URL, version 1.0.3 uses the older git:// protocol instead of git+https://, suggesting a move towards more secured connections for the repository. The author's URL also transitions from a simple HTTP to HTTPS, reflecting a general shift towards secure web practices. Finally, the release dates between the two version show that version 1.1.0 was released approximately three months after version 1.0.3, hinting at bug fixes, enhancement, or dependency updates that motivated the newer version. For developers, these subtle changes could influence dependency resolution and security considerations when choosing a version for their project.
All the vulnerabilities related to the version 1.1.0 of the package
word-wrap vulnerable to Regular Expression Denial of Service
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
