I just checked multiple libraries that used the noAssert argument in the Node.js Buffer module.
It seems like the code here duplicates a old Node.js modules version and contains that argument. I highly recommend to remove that one as it allows undefined behavior and there are more issues about coercing the input.
I am not sure if the native module is used at all. If that is the case, please remove the noAssert argument there since the upcoming Node.js version 10.x dropped support for it.
I just checked multiple libraries that used the
noAssert
argument in the Node.js Buffer module.It seems like the code here duplicates a old Node.js modules version and contains that argument. I highly recommend to remove that one as it allows undefined behavior and there are more issues about coercing the input.
I am not sure if the native module is used at all. If that is the case, please remove the
noAssert
argument there since the upcoming Node.js version 10.x dropped support for it.Refs: https://github.com/nodejs/node/pull/18395