Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@astrojs/node

Package Overview
Dependencies
Maintainers
4
Versions
112
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@astrojs/node - npm Package Compare versions

Comparing version 0.0.0-loaders-20230222215040 to 0.0.0-middleware-20230405160200

test/bad-urls.test.js

27

CHANGELOG.md
# @astrojs/node
## 0.0.0-loaders-20230222215040
## 0.0.0-middleware-20230405160200
### Patch Changes
- [#6746](https://github.com/withastro/astro/pull/6746) [`4cc1bf61b`](https://github.com/withastro/astro/commit/4cc1bf61b832dba9aab1916b56f5260ceac2d97d) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Fix malformed URLs crashing the server in certain cases
- Updated dependencies [[`a1a4f45b5`](https://github.com/withastro/astro/commit/a1a4f45b51a80215fa7598da83bd0d9c5acd20d2), [`f42bbb677`](https://github.com/withastro/astro/commit/f42bbb677394520c5acb2ea0ae98dfa758c6f5db), [`d54cbe413`](https://github.com/withastro/astro/commit/d54cbe41349e55f8544212ad9320705f07325920), [`4c347ab51`](https://github.com/withastro/astro/commit/4c347ab51e46f2319d614f8577fe502e3dc816e2), [`2f2e572e9`](https://github.com/withastro/astro/commit/2f2e572e937fd25451bbc78a05d55b7caa1ca3ec)]:
- astro@0.0.0-middleware-20230405160200
## 5.1.0
### Minor Changes
- [#6213](https://github.com/withastro/astro/pull/6213) [`afbbc4d5b`](https://github.com/withastro/astro/commit/afbbc4d5bfafc1779bac00b41c2a1cb1c90f2808) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Updated compilation settings to disable downlevelling for Node 14
### Patch Changes
- Updated dependencies [[`fec583909`](https://github.com/withastro/astro/commit/fec583909ab62829dc0c1600e2387979365f2b94), [`b087b83fe`](https://github.com/withastro/astro/commit/b087b83fe266c431fe34a07d5c2293cc4ab011c6), [`694918a56`](https://github.com/withastro/astro/commit/694918a56b01104831296be0c25456135a63c784), [`a20610609`](https://github.com/withastro/astro/commit/a20610609863ae3b48afe96819b8f11ae4f414d5), [`a4a74ab70`](https://github.com/withastro/astro/commit/a4a74ab70cd2aa0d812a1f6b202c4e240a8913bf), [`75921b3cd`](https://github.com/withastro/astro/commit/75921b3cd916d439f6392c487c21532fde35ed13), [`afbbc4d5b`](https://github.com/withastro/astro/commit/afbbc4d5bfafc1779bac00b41c2a1cb1c90f2808)]:
- astro@2.1.0
- @astrojs/webapi@2.1.0
## 5.0.4
### Patch Changes
- [#6323](https://github.com/withastro/astro/pull/6323) [`5e26bc891`](https://github.com/withastro/astro/commit/5e26bc891cbebb3598acfa760c135a25c548d624) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Updated Undici to 5.20.0. This fixes a security issue and handling of cookies in certain cases in dev
- Updated dependencies [[`5e26bc891`](https://github.com/withastro/astro/commit/5e26bc891cbebb3598acfa760c135a25c548d624), [`a156ecbb7`](https://github.com/withastro/astro/commit/a156ecbb7f4df6a46124a9a12eb712f9163db2ed), [`ccd72e6bb`](https://github.com/withastro/astro/commit/ccd72e6bb41e570d42b1b158e8124c8e04a1943d), [`63dda6ded`](https://github.com/withastro/astro/commit/63dda6dedd4c6ea1d5ce72e9cf3fe5f88339a927)]:
- astro@0.0.0-loaders-20230222215040
- Updated dependencies [[`5e26bc891`](https://github.com/withastro/astro/commit/5e26bc891cbebb3598acfa760c135a25c548d624), [`a156ecbb7`](https://github.com/withastro/astro/commit/a156ecbb7f4df6a46124a9a12eb712f9163db2ed), [`ccd72e6bb`](https://github.com/withastro/astro/commit/ccd72e6bb41e570d42b1b158e8124c8e04a1943d), [`504c7bacb`](https://github.com/withastro/astro/commit/504c7bacb8c1f2308a31e6c412825ba34983ba33), [`63dda6ded`](https://github.com/withastro/astro/commit/63dda6dedd4c6ea1d5ce72e9cf3fe5f88339a927), [`f91a7f376`](https://github.com/withastro/astro/commit/f91a7f376c223f18b4d8fbed81f95f6bea1cef8d)]:
- astro@2.0.15

@@ -12,0 +33,0 @@ ## 5.0.3

@@ -7,2 +7,10 @@ import fs from "fs";

import { fileURLToPath } from "url";
function parsePathname(pathname, host, port) {
try {
const urlPathname = new URL(pathname, `http://${host}:${port}`).pathname;
return decodeURI(encodeURI(urlPathname));
} catch (err) {
return void 0;
}
}
function createServer({ client, port, host, removeBase }, handler) {

@@ -13,4 +21,9 @@ const listener = (req, res) => {

pathname = pathname[0] === "/" ? pathname : "/" + pathname;
pathname = new URL(pathname, `http://${host}:${port}`).pathname;
const stream = send(req, encodeURI(decodeURI(pathname)), {
const encodedURI = parsePathname(pathname, host, port);
if (!encodedURI) {
res.writeHead(400);
res.end("Bad request.");
return res;
}
const stream = send(req, encodedURI, {
root: fileURLToPath(client),

@@ -17,0 +30,0 @@ dotfiles: pathname.startsWith("/.well-known/") ? "allow" : "deny"

@@ -27,2 +27,3 @@ import { Readable as NodeReadableStream } from "stream";

const iterator = {
//@ts-expect-error
next() {

@@ -29,0 +30,0 @@ return reader.read();

10

package.json
{
"name": "@astrojs/node",
"description": "Deploy your site to a Node.js server",
"version": "0.0.0-loaders-20230222215040",
"version": "0.0.0-middleware-20230405160200",
"type": "module",

@@ -27,3 +27,3 @@ "types": "./dist/index.d.ts",

"dependencies": {
"@astrojs/webapi": "^2.0.1",
"@astrojs/webapi": "^2.1.0",
"send": "^0.18.0",

@@ -33,3 +33,3 @@ "server-destroy": "^1.0.1"

"peerDependencies": {
"astro": "0.0.0-loaders-20230222215040"
"astro": "0.0.0-middleware-20230405160200"
},

@@ -39,4 +39,4 @@ "devDependencies": {

"@types/server-destroy": "^1.0.1",
"astro": "0.0.0-loaders-20230222215040",
"astro-scripts": "0.0.11",
"astro": "0.0.0-middleware-20230405160200",
"astro-scripts": "0.0.14",
"chai": "^4.3.6",

@@ -43,0 +43,0 @@ "cheerio": "^1.0.0-rc.11",

@@ -15,2 +15,11 @@ import fs from 'fs';

function parsePathname(pathname: string, host: string | undefined, port: number) {
try {
const urlPathname = new URL(pathname, `http://${host}:${port}`).pathname;
return decodeURI(encodeURI(urlPathname));
} catch (err) {
return undefined;
}
}
export function createServer(

@@ -22,6 +31,13 @@ { client, port, host, removeBase }: CreateServerOptions,

if (req.url) {
let pathname = removeBase(req.url);
let pathname: string | undefined = removeBase(req.url);
pathname = pathname[0] === '/' ? pathname : '/' + pathname;
pathname = new URL(pathname, `http://${host}:${port}`).pathname;
const stream = send(req, encodeURI(decodeURI(pathname)), {
const encodedURI = parsePathname(pathname, host, port);
if (!encodedURI) {
res.writeHead(400);
res.end('Bad request.');
return res;
}
const stream = send(req, encodedURI, {
root: fileURLToPath(client),

@@ -28,0 +44,0 @@ dotfiles: pathname.startsWith('/.well-known/') ? 'allow' : 'deny',

import type { CreatePreviewServer } from 'astro';
import http from 'http';
import type http from 'http';
import { fileURLToPath } from 'url';

@@ -4,0 +4,0 @@ import { createServer } from './http-server.js';

@@ -7,2 +7,3 @@ /**

import type { ReadableStreamDefaultReadResult } from 'node:stream/web';
import { Readable as NodeReadableStream } from 'stream';

@@ -67,2 +68,3 @@ import type { Response as NodeResponse } from 'undici';

const iterator: ReaderIterator<T> = {
//@ts-expect-error
next() {

@@ -75,3 +77,3 @@ return reader.read();

iterator[Symbol.asyncIterator] = function (): AsyncIterator<T> {
//@ts-ignore
//@ts-expect-error
return this;

@@ -78,0 +80,0 @@ };

@@ -6,6 +6,6 @@ {

"allowJs": true,
"module": "ES2020",
"module": "ES2022",
"outDir": "./dist",
"target": "ES2020"
"target": "ES2021"
}
}

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc