Fix native prototype pollution in library mode

gevorg / htpasswd

Node.js package for HTTP Basic Authentication password file utility.

MIT License

57 stars 10 forks source link

Fix native prototype pollution in library mode #3

Closed Slayer95 closed 9 years ago

Slayer95 commented 9 years ago

Since processor has the package colors as an upstream dependency, String' s prototype would get unexpectedly modified. This commit fixes that issue by only loading processor if really needed.

gevorg commented 9 years ago

Thank you for pull request and I don't mind merging it, but could you please describe what is the problem caused by modifications?

Slayer95 commented 9 years ago

When calling require('htpasswd'), String.prototype acquires some additional methods, including but not limited to the ones highlighted here https://github.com/Marak/colors.js/blob/dfb15b55382772ba4fd34fc21922a2d83e9d34d3/lib/styles.js#L30-L68

This crashed my application some time back from a conflict with sugar.

gevorg commented 9 years ago

Thanks, merged and published to NPM.