From cdba5d3a7accd661ffbc52e208153464bd0d9da6 Mon Sep 17 00:00:00 2001
From: Antony Garand <antonygarand@gmail.com>
Date: Thu, 21 Jan 2021 14:40:49 -0500
Subject: [PATCH] Replaced eval with JSON5.parse

---
 package.json   | 7 +++++--
 scripts/cli.js | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 8d78a6c..f42346b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "config-shield",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Store and retrieve data sensative in nature",
   "main": "./lib/index.js",
   "scripts": {
@@ -29,5 +29,8 @@
       "name": "asilvas",
       "email": "asilvas@godaddy.com"
     }
-  ]
+  ],
+  "dependencies": {
+    "json5": "^2.1.3"
+  }
 }
diff --git a/scripts/cli.js b/scripts/cli.js
index 60cb477..55f6ff6 100644
--- a/scripts/cli.js
+++ b/scripts/cli.js
@@ -1,4 +1,5 @@
 var readline = require('readline');
+var JSON5 = require('json5');
 
 var rl = readline.createInterface({
   input: process.stdin,
@@ -77,7 +78,7 @@ function cmdSet(key, val) {
   try {
     var strTest = /^[\'\"](.*?)[\'\"]$/.exec(val);
     if (!strTest || strTest.length !== 2) { // do not parse if explicitly a string
-      objVal = eval('(' + val + ')'); // attempt to parse
+      objVal = JSON5.parse(val); // attempt to parse
     } else {
       objVal = strTest[1];
     }