Everything is included in the bundle when using default entry "node.js".

index.js

import { delay, noop } from "licia";
delay(noop, 666);

rollup.config.js

import resolve from "rollup-plugin-node-resolve";
import commonjs from "rollup-plugin-commonjs";
export default {
  input: "index.js",
  output: { format: "iife", file: "bundle.js" },
  plugins: [resolve(), commonjs()]
}

If the only needed modules are imported, the bundle would contain extra wrapper code for commonjs.

index.js:

import delay from "licia/delay";
import noop from "licia/noop";

delay(noop, 666);

bundle.js:

(function () { 'use strict';

	function createCommonjsModule(fn, module) {
		return module = { exports: {} }, fn(module, module.exports), module.exports;
	}

	var restArgs = createCommonjsModule(function (module, exports) {
	exports = function(fn, startIdx) {
	    startIdx = startIdx == null ? fn.length - 1 : +startIdx;
	    return function() {
	        var len = Math.max(arguments.length - startIdx, 0);
	        var rest = new Array(len);
	        var i;

	        for (i = 0; i < len; i++) {
	            rest[i] = arguments[i + startIdx];
	        }

	        switch (startIdx) {
	            case 0:
	                return fn.call(this, rest);

	            case 1:
	                return fn.call(this, arguments[0], rest);

	            case 2:
	                return fn.call(this, arguments[0], arguments[1], rest);
	        }

	        var args = new Array(startIdx + 1);

	        for (i = 0; i < startIdx; i++) {
	            args[i] = arguments[i];
	        }

	        args[startIdx] = rest;
	        return fn.apply(this, args);
	    };
	};

	module.exports = exports;
	});

	var delay = createCommonjsModule(function (module, exports) {
	exports = restArgs(function(fn, wait, args) {
	    return setTimeout(function() {
	        return fn.apply(null, args);
	    }, wait);
	});

	module.exports = exports;
	});

	var noop = createCommonjsModule(function (module, exports) {
	exports = function() {};

	module.exports = exports;
	});

	delay(noop, 666);

}))

Not a big deal, but it could be better to support ESModule.

Hi @surunzi, I have reported a ReDoS issue in huntr
https://www.huntr.dev/bounties/7b9ef50a-3d1d-490a-8fa4-f1ec5e3d3bbf/

Please validate and let us know your opinion on this. Thank you.

无法使用$('selector')的形式获取dom节点;

我这里是用的webpack进行打包webpack-dev-server运行在浏览器端,用licia来选择元素,

选择元素:

使用licia方法:es6或者commonjs都不行

报错:

请问是什么原因啊?是不是我的使用方法不对啊?

// -> false should be // -> true

https://licia.liriliri.io/docs.html#matcher

current example in docs:

const objects = [
    {a: 1, b: 2, c: 3 },
    {a: 4, b: 5, c: 6 }
];
// filter(objects, matcher({a: 4, c: 6 }));

should be:

const objects = [
    {a: 1, b: 2, c: 3 },
    {a: 4, b: 5, c: 6 }
];
filter(objects, matcher({a: 4, c: 6 })); // ->{a:4, b:5, c:6}

current repl boilerplate:

// You can't require modules that are supposed to run in browsers only.

var matcher = require("licia/matcher");

const objects = [
    {a: 1, b: 2, c: 3 },
    {a: 4, b: 5, c: 6 }
];
// filter(objects, matcher({a: 4, c: 6 }));

should be:

// You can't require modules that are supposed to run in browsers only.

var matcher = require("licia/matcher");
var filter = require("licia/filter");

const objects = [
    {a: 1, b: 2, c: 3 },
    {a: 4, b: 5, c: 6 }
];
filter(objects, matcher({a: 4, c: 6 }));

虽然可以通过webpack配置忽略掉node全局对象 😄

  (function() {
     isArgs(arguments); // -> true
 })();

it returns undefined, not true in repl.

in run kit it can do without IIFE

isArgs(arguments); // -> true

works

https://licia.liriliri.io/docs.html#format
format('%s_%s', 'foo', 'bar'); // -> 'foo bar'
output should be 'foo_bar'

const now = new Date().getTime();
timeAgo(now - 1000 * 6); // -> right now
timeAgo(now + 1000 * 15); // -> in 15 minutes
timeAgo(now - 1000 * 60 * 60 * 5, now); // -> 5 hours ago

should be:

const now = new Date().getTime();
timeAgo(now - 1000 * 6); // -> 6 seconds ago
timeAgo(now + 1000 * 60 * 15); // -> in 15 minutes
timeAgo(now - 1000 * 60 * 60 * 5, now); // -> 5 hours ago

The function extendDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

POC

const licia = require('licia');
const payload = '{"__proto__":{"a0":true}}'

function check() {
    licia.extendDeep({}, JSON.parse(payload));
    if (({})[`a0`] === true) {
          console.log(`Vulnerable to Prototype Pollution via ${payload}`)
  }
}

check();

Details

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

还没找到哪里可以下载完整包，懒得自己编译了，在线builder是否能提供一个全选，方便下载完整包使用？

如题

In some cases I do not want a Promise polyfill so that minimal bundle size is kept. I can make sure that my environment has Promise polyfill correctly. So far I have to make use of build tools to ban the Promise module in licia.

Please avoid using insertAdjacentHTML function here:

It causes your project Eruda unable to load on websites with Trusted Types API enabled.

如图 https://www.lodashjs.com/

src/prefix.js 最下面的几行代码，应该是冗余代码，没有用处。主要是用了createElement 这个小程序中没有的方法，使用 $ 会导致运行错误

const prefixes = ['O', 'ms', 'Moz', 'Webkit'];
const regPrefixes = /^(O)|(ms)|(Moz)|(Webkit)|(-o-)|(-ms-)|(-moz-)|(-webkit-)/g;
const style = document.createElement('p').style;

我们有的移动端项目没有使用requirejs后者ES6，也没有使用gulp、gunt、webpack，不知是否提供但js文件引用？

第二个函数的cb从哪里来的？