I just checked multiple libraries that used the noAssert argument in the Node.js Buffer module.
It seems like the code here duplicates a old Node.js modules version and contains that argument. I highly recommend to remove that one as it allows undefined behavior and there are more issues about coercing the input.
I am not sure if the native module is used at all. If that is the case, please remove the noAssert argument there since the upcoming Node.js version 10.x dropped support for it.
BridgeAR
commented
6 years ago
I just checked multiple libraries that used the
noAssertargument in the Node.js Buffer module.It seems like the code here duplicates a old Node.js modules version and contains that argument. I highly recommend to remove that one as it allows undefined behavior and there are more issues about coercing the input.
I am not sure if the native module is used at all. If that is the case, please remove the
noAssertargument there since the upcoming Node.js version 10.x dropped support for it.Refs: https://github.com/nodejs/node/pull/18395