@asymmetrik/yadda-secret - npm Package Compare versions

Comparing version 0.0.10 to 0.0.11

package.json

 {
   "name": "@asymmetrik/yadda-secret",
   "description": "Client secret library",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "main": "index.js",
@@ -6,0 +6,0 @@ "author": "contributors",

src/lib/secretstore.js

@@ -6,2 +6,3 @@ 'use strict';
 const secretGen = require('./secretGen');
+const AWS = require('aws-sdk');
 
@@ -18,15 +19,33 @@ class SecretStore {
 
-        const cacheBuster = options.cacheBuster;
-        delete options.cacheBuster;
+        // check the cache buster key every minute
+        if(options.cacheBuster){
+            const dynamoDB = new AWS.DynamoDB.DocumentClient({
+                region: options.awsOpts.region
+            });
+            const params = {
+                TableName: options.table,
+                Limit: 1,
+                ConsistentRead: true,
+                KeyConditionExpression: '#name = :name',
+                ExpressionAttributeNames: {
+                    '#name': 'name'
+                },
+                ExpressionAttributeValues: {
+                    ':name': secretGen(options.cacheBuster)
+                }
+            };
+            setInterval(() => {
+                dynamoDB.query(params, (err, obj) => {
+                    if(err)
+                        return void console.error(err);
+                    if(obj && obj.Items && obj.Items.length && obj.Items[0].contents)
+                        this.cacheRefreshTime = Number(obj.Items[0].contents);
+                });
+            }, 60000).unref();
+            delete options.cacheBuster;
+        }
+
         this.options = options;
         this.store = new Credstash(options);
         this.cache = {};
-
-        // check the cache buster key every minute
-        if(cacheBuster) {
-            const cacheBusterKey = secretGen(cacheBuster);
-            setInterval(() => {
-                this.store.getSecret({name: cacheBusterKey}).then(secret => this.cacheRefreshTime = Number(secret));
-            }, 60000);
-        }
     }
@@ -45,3 +64,3 @@
 
-            if(key in this.cache) {
+            if(key in this.cache){
                 // doing a less than comparison for a time to a null/undefined value will be false
@@ -48,0 +67,0 @@ if(this.cache[key].timestamp < this.cacheRefreshTime)

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16709

increased by10.91%

Number of package files

12

increased by20%

Lines of code

249

increased by8.26%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes