node-bunyan-lite/package.json
Martin Gausby c0ca774238 Defend against throwing defined props in stringify
If an object has a defined property, that is enumerable, and this
property throws an error, it will make JSON stringify throw an
error, and potentially bring down the program.

The solution so far is to try-catch with the usual json stringifyer,
that guards against circular references. If this throws an error
we will attempt to guard against defined properties; and return
[Throws] if a property throws an error when accesed.

The following examples illustrate the problem:

```js
var obj = {};
obj.__defineGetter__('foo', function() { throw new Error('ouch!'); });

JSON.stringify(obj.foo); // error thrown
```

And using `Object.defineProperty`:
```js
var obj = {};
Object.defineProperty(obj, 'foo', {
    get: function() { throw new Error('ouch!'); }
    enumerable: true // enumerable is false by default
});

JSON.stringify(obj.foo); // error thrown
```

The cases we have seen in production is third party modules that
has enumerable getters that try to access properties on undefined
objects.

Fixes #182.
2015-01-18 23:27:06 -08:00

35 lines
846 B
JSON

{
"name": "bunyan",
"version": "1.3.2",
"description": "a JSON logging library for node.js services",
"author": "Trent Mick <trentm@gmail.com> (http://trentm.com)",
"main": "./lib/bunyan.js",
"bin": {
"bunyan": "./bin/bunyan"
},
"repository": {
"type": "git",
"url": "git://github.com/trentm/node-bunyan.git"
},
"engines": ["node >=0.8.0"],
"keywords": ["log", "logging", "log4j", "json", "bunyan"],
"// comment1": "'dtrace-provider' required for dtrace features",
"// comment2": "'mv' required for RotatingFileStream",
"optionalDependencies": {
"dtrace-provider": "~0.3 >0.3.0",
"mv": "~2",
"safe-json-stringify": "1.0.1"
},
"devDependencies": {
"nodeunit": "0.9.*",
"ben": "0.0.0",
"verror": "1.3.3",
"vasync": "1.4.3"
},
"scripts": {
"test": "make test"
}
}