sveltejs
diff --git a/‎.github/workflows/ci.yml
Lines changed: 32 additions & 0 deletions b/‎.github/workflows/ci.yml
Lines changed: 32 additions & 0 deletions
diff --git a/‎.travis.yml
Lines changed: 0 additions & 7 deletions b/‎.travis.yml
Lines changed: 0 additions & 7 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 16 additions & 10 deletions b/‎CHANGELOG.md
Lines changed: 16 additions & 10 deletions
diff --git a/‎README.md
Lines changed: 30 additions & 29 deletions b/‎README.md
Lines changed: 30 additions & 29 deletions
diff --git a/‎appveyor.yml
Lines changed: 0 additions & 30 deletions b/‎appveyor.yml
Lines changed: 0 additions & 30 deletions
@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+# cancel in-progress runs on new commits to same PR (gitub.event.number)
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  Tests:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [16]
+        os: [ubuntu-latest]
+    steps:
+      - run: git config --global core.autocrlf false
+      - uses: actions/checkout@v3
+      - uses: pnpm/[email protected]
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm test
@@ -1,38 +1,44 @@
 # devalue changelog
 
+## 3.0.0
+
+- Convert to ESM
+- Change `import devalue` to `import { devalue }`
+- Support `BigInt`
+
 ## 2.0.1
 
-* Prevent regex XSS vulnerability in non-Node environments
+- Prevent regex XSS vulnerability in non-Node environments
 
 ## 2.0.0
 
-* Change license to MIT
+- Change license to MIT
 
 ## 1.1.1
 
-* Prevent object key XSS vulnerability ([#19](https://github.com/Rich-Harris/devalue/issues/19))
+- Prevent object key XSS vulnerability ([#19](https://github.com/Rich-Harris/devalue/issues/19))
 
 ## 1.1.0
 
-* Escape lone surrogates ([#13](https://github.com/Rich-Harris/devalue/issues/13))
+- Escape lone surrogates ([#13](https://github.com/Rich-Harris/devalue/issues/13))
 
 ## 1.0.4
 
-* Smaller output ([#10](https://github.com/Rich-Harris/devalue/pull/10))
+- Smaller output ([#10](https://github.com/Rich-Harris/devalue/pull/10))
 
 ## 1.0.3
 
-* Detect POJOs cross-realm ([#7](https://github.com/Rich-Harris/devalue/pull/7))
-* Error on symbolic keys ([#7](https://github.com/Rich-Harris/devalue/pull/7))
+- Detect POJOs cross-realm ([#7](https://github.com/Rich-Harris/devalue/pull/7))
+- Error on symbolic keys ([#7](https://github.com/Rich-Harris/devalue/pull/7))
 
 ## 1.0.2
 
-* Fix global name for UMD build
+- Fix global name for UMD build
 
 ## 1.0.1
 
-* XSS mitigation ([#1](https://github.com/Rich-Harris/devalue/issues/1))
+- XSS mitigation ([#1](https://github.com/Rich-Harris/devalue/issues/1))
 
 ## 1.0.0
 
-* First release
+- First release
@@ -2,32 +2,31 @@
 
 Like `JSON.stringify`, but handles
 
-* cyclical references (`obj.self = obj`)
-* repeated references (`[value, value]`)
-* `undefined`, `Infinity`, `NaN`, `-0`
-* regular expressions
-* dates
-* `Map` and `Set`
+- cyclical references (`obj.self = obj`)
+- repeated references (`[value, value]`)
+- `undefined`, `Infinity`, `NaN`, `-0`
+- regular expressions
+- dates
+- `Map` and `Set`
+- `BigInt`
 
 Try it out on [runkit.com](https://npm.runkit.com/devalue).
 
 ## Goals:
 
-* Performance
-* Security (see [XSS mitigation](#xss-mitigation))
-* Compact output
-
+- Performance
+- Security (see [XSS mitigation](#xss-mitigation))
+- Compact output
 
 ## Non-goals:
 
-* Human-readable output
-* Stringifying functions or non-POJOs
-
+- Human-readable output
+- Stringifying functions or non-POJOs
 
 ## Usage
 
 ```js
-import devalue from 'devalue';
+import { devalue } from 'devalue';
 
 let obj = { a: 1, b: 2 };
 obj.c = 3;
@@ -40,7 +39,6 @@ devalue(obj); // '(function(a){a.a=1;a.b=2;a.c=3;a.self=a;return a}({}))'
 
 If `devalue` encounters a function or a non-POJO, it will throw an error.
 
-
 ## XSS mitigation
 
 Say you're server-rendering a page and want to serialize some state, which could include user input. `JSON.stringify` doesn't protect against XSS attacks:
@@ -62,7 +60,10 @@ Which would result in this:
 ```html
 <script>
   // NEVER DO THIS
-  var preloaded = {"userinput":"</script><script src='https://evil.com/mwahaha.js'>"};
+  var preloaded = {"userinput":"
+</script>
+<script src="https://evil.com/mwahaha.js">
+  "};
 </script>
 ```
 
@@ -77,43 +78,43 @@ const template = `
 
 ```html
 <script>
-  var preloaded = {userinput:"\\u003C\\u002Fscript\\u003E\\u003Cscript src=\'https:\\u002F\\u002Fevil.com\\u002Fmwahaha.js\'\\u003E"};
+  var preloaded = {
+    userinput:
+      "\\u003C\\u002Fscript\\u003E\\u003Cscript src='https:\\u002F\\u002Fevil.com\\u002Fmwahaha.js'\\u003E"
+  };
 </script>
 ```
 
 This, along with the fact that `devalue` bails on functions and non-POJOs, stops attackers from executing arbitrary code. Strings generated by `devalue` can be safely deserialized with `eval` or `new Function`:
 
 ```js
-const value = (0,eval)('(' + str + ')');
+const value = (0, eval)('(' + str + ')');
 ```
 
-
 ## Other security considerations
 
 While `devalue` prevents the XSS vulnerability shown above, meaning you can use it to send data from server to client, **you should not send user data from client to server** using the same method. Since it has to be evaluated, an attacker that successfully submitted data that bypassed `devalue` would have access to your system.
 
-When using `eval`, ensure that you call it *indirectly* so that the evaluated code doesn't have access to the surrounding scope:
+When using `eval`, ensure that you call it _indirectly_ so that the evaluated code doesn't have access to the surrounding scope:
 
 ```js
 {
   const sensitiveData = 'Setec Astronomy';
   eval('sendToEvilServer(sensitiveData)'); // pwned :(
-  (0,eval)('sendToEvilServer(sensitiveData)'); // nice try, evildoer!
+  (0, eval)('sendToEvilServer(sensitiveData)'); // nice try, evildoer!
 }
 ```
 
 Using `new Function(code)` is akin to using indirect eval.
 
-
 ## See also
 
-* [lave](https://github.com/jed/lave) by Jed Schmidt
-* [arson](https://github.com/benjamn/arson) by Ben Newman
-* [tosource](https://github.com/marcello3d/node-tosource) by Marcello Bastéa-Forte
-* [serialize-javascript](https://github.com/yahoo/serialize-javascript) by Eric Ferraiuolo
-* [jsesc](https://github.com/mathiasbynens/jsesc) by Mathias Bynens
-* [superjson](https://github.com/blitz-js/superjson) by Blitz
-
+- [lave](https://github.com/jed/lave) by Jed Schmidt
+- [arson](https://github.com/benjamn/arson) by Ben Newman
+- [tosource](https://github.com/marcello3d/node-tosource) by Marcello Bastéa-Forte
+- [serialize-javascript](https://github.com/yahoo/serialize-javascript) by Eric Ferraiuolo
+- [jsesc](https://github.com/mathiasbynens/jsesc) by Mathias Bynens
+- [superjson](https://github.com/blitz-js/superjson) by Blitz
 
 ## License