Merge pull request #5 from commenthol/warning

docu: Add warning on infinite loop
commenthol · May 15, 2019 · ba69286 · ba69286
2 parents ad2e7d3 + 8255b8a
commit ba69286
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,9 @@ Especially when it comes to passing `context` props.
 Use [clones][] to wrap-up the methods you like to allow.
 Checkout the "harmful context" tests section.
 
-> **Warning:** The `saferEval` function may be harmful - so you are warned!
+![warning](https://raw.githubusercontent.com/commenthol/safer-eval/master/warning.png)
+
+**Warning:** The `saferEval` function may be harmful - so you are warned!
 
 In node the `vm` module is used to sandbox the evaluation of `code`.
 
@@ -37,6 +39,14 @@ Runs on node and in modern browsers:
 npm install --save safer-eval
 ```
 
+## Implementation recommendations
+
+Be aware that a `saferEval('function(){while(true){}}()')` may run
+infinitely. Consider using the module from within a worker thread which is terminated
+after timeout.
+
+Avoid passing context props while deserializing data from hostile environments.
+
 ## Usage
 
 `context` allows the definition of passed in Objects into the sandbox.

diff --git a/package.json b/package.json
@@ -37,27 +37,27 @@
     "clones": "^1.2.0"
   },
   "devDependencies": {
-    "@babel/cli": "^7.2.3",
-    "@babel/core": "^7.2.2",
-    "@babel/preset-env": "^7.2.3",
-    "babel-loader": "^8.0.4",
-    "eslint": "^5.15.1",
+    "@babel/cli": "^7.4.4",
+    "@babel/core": "^7.4.4",
+    "@babel/preset-env": "^7.4.4",
+    "babel-loader": "^8.0.6",
+    "eslint": "^5.16.0",
     "eslint-config-standard": "^12.0.0",
-    "eslint-plugin-import": "^2.14.0",
-    "eslint-plugin-node": "^8.0.0",
-    "eslint-plugin-promise": "^4.0.1",
+    "eslint-plugin-import": "^2.17.2",
+    "eslint-plugin-node": "^9.0.1",
+    "eslint-plugin-promise": "^4.1.1",
     "eslint-plugin-standard": "^4.0.0",
-    "karma": "^4.0.1",
-    "karma-chrome-launcher": "^2.0.0",
-    "karma-firefox-launcher": "^1.0.0",
+    "karma": "^4.1.0",
+    "karma-chrome-launcher": "^2.2.0",
+    "karma-firefox-launcher": "^1.1.0",
     "karma-mocha": "^1.3.0",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-spec-reporter": "~0.0.32",
     "karma-webpack": "^3.0.5",
-    "mocha": "^6.0.2",
-    "nyc": "^13.1.0",
-    "rimraf": "^2.5.4",
-    "webpack": "^4.29.6"
+    "mocha": "^6.1.4",
+    "nyc": "^14.1.1",
+    "rimraf": "^2.6.3",
+    "webpack": "^4.31.0"
   },
   "_devDependencies": {
     "zuul": "^3.11.1"

diff --git a/warning.png b/warning.png
diff --git a/warning.svg b/warning.svg