stream: refactor duplexify to be less suceptible to prototype pollution by aduh95 · Pull Request #62559 · nodejs/node
Navigation Menu
{{ message }}
- Notifications You must be signed in to change notification settings
- Fork 35.2k
Open
aduh95 wants to merge 1 commit intonodejs:mainfrom
Open
stream: refactor duplexify to be less suceptible to prototype pollution#62559
aduh95 wants to merge 1 commit intonodejs:mainfrom
stream: refactor duplexify to be less suceptible to prototype pollution#62559
aduh95 wants to merge 1 commit intonodejs:mainfrom
Conversation
Copy link Copy Markdown
Contributor
aduh95
commented
Apr 2, 2026
aduh95
commented
With the __proto__: null, the JS engine has to look into e.g. %Object.prototype%.then when trying to resolve the promise
Copy link Copy Markdown
Collaborator
nodejs-github-bot
commented
Apr 2, 2026
nodejs-github-bot commented
Apr 2, 2026Review requested:
- @nodejs/streams
nodejs-github-bot
added
needs-ci
labels
Apr 2, 2026mcollina approved these changes Apr 2, 2026
Copy link Copy Markdown
Member
mcollina
left a comment
mcollina
left a comment
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
targos approved these changes Apr 2, 2026
aduh95
added
author ready
labels
Apr 2, 2026
github-actions
bot
removed
the
request-ci
label
Apr 2, 2026
Copy link Copy Markdown
Collaborator
nodejs-github-bot
commented
Apr 2, 2026
nodejs-github-bot commented
Apr 2, 2026
Copy link Copy Markdown
Codecov Report
❌ Patch coverage is 87.50000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 89.71%. Comparing base (0dfdec9) to head (7930c68).
⚠️ Report is 5 commits behind head on main.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| lib/internal/streams/duplexify.js | 87.50% | 1 Missing ⚠️ |
Additional details and impacted files
@@ Coverage Diff @@ ## main #62559 +/- ## ========================================== - Coverage 89.71% 89.71% -0.01% ========================================== Files 695 695 Lines 214154 214154 Branches 41009 41006 -3 ========================================== - Hits 192132 192118 -14 - Misses 14075 14083 +8 - Partials 7947 7953 +6
| Files with missing lines | Coverage Δ | |
|---|---|---|
| lib/internal/streams/duplexify.js | 96.56% <87.50%> (ø) |
🚀 New features to boost your workflow:
- ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
ljharb approved these changes Apr 2, 2026
Copy link Copy Markdown
Collaborator
nodejs-github-bot
commented
Apr 2, 2026
nodejs-github-bot commented
Apr 2, 2026marco-ippolito approved these changes Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6 participants