locutusjs/locutus v3.0.1
on GitHub

3 hours ago

Released: 2026-03-03. Diff.

Security

Hardened php/funchand/call_user_func_array callback resolution to avoid eval / new Function fallback paths for dynamic callback lookup.
Added a custom regression test to block code-injection payloads in array callback method names (test/custom/call_user_func_array-eval-injection.vitest.ts).

Infrastructure

Modernized browser playground/tests:
- Replaced legacy browserify/budo flow with Vitest browser mode + Playwright.
- Added yarn browser:install, yarn browser:test, and a new yarn browser:watch flow.
- CI now installs Chromium and runs browser smoke tests.

Expansion

Added initial Tcl support with 10 string commands:
- tcl/string/first
- tcl/string/last
- tcl/string/length
- tcl/string/repeat
- tcl/string/reverse
- tcl/string/tolower
- tcl/string/toupper
- tcl/string/trim
- tcl/string/trimleft
- tcl/string/trimright
Added 10 Perl core functions:
- perl/core/abs
- perl/core/chomp
- perl/core/chop
- perl/core/chr
- perl/core/hex
- perl/core/int
- perl/core/lcfirst
- perl/core/ord
- perl/core/quotemeta
- perl/core/ucfirst
Added initial PowerShell support with 10 string commands:
- powershell/string/contains
- powershell/string/endswith
- powershell/string/indexof
- powershell/string/lastindexof
- powershell/string/length
- powershell/string/replace
- powershell/string/startswith
- powershell/string/tolower
- powershell/string/toupper
- powershell/string/trim
Added initial Rust support with 10 str methods:
- rust/str/contains
- rust/str/ends_with
- rust/str/find
- rust/str/len
- rust/str/replace
- rust/str/rfind
- rust/str/starts_with
- rust/str/to_lowercase
- rust/str/to_uppercase
- rust/str/trim

Full changelog: https://github.com/locutusjs/locutus/blob/main/CHANGELOG.md

Check out latest releases or
releases around locutusjs/locutus v3.0.1

Don't miss a new locutus release

NewReleases is sending notifications on new releases.

Get notifications