@atproto-labs/fetch-node - npm Package Compare versions

Comparing version 0.1.5 to 0.1.6

CHANGELOG.md

		# @atproto-labs/fetch-node

		## 0.1.6

		### Patch Changes

		- [#3379](https://github.com/bluesky-social/atproto/pull/3379) [`9c0128193`](https://github.com/bluesky-social/atproto/commit/9c01281931a371304bcfa465005d7363c003bc5f) Thanks [@devinivy](https://github.com/devinivy)! - Unicast checks should permit PSL domains.

		## 0.1.5
		@@ -4,0 +10,0 @@

dist/unicast.js

		@@ -111,3 +111,3 @@ "use strict";
		function unicastLookup(hostname, options, callback) {
		if (!(0, psl_1.isValid)(hostname)) {
		if (!isValidDomain(hostname)) {
		callback(new Error('Hostname is not a public domain'), '');
		@@ -133,2 +133,9 @@ return;
		}
		// see lupomontero/psl#258 for context on psl usage.
		// in short, this ensures a structurally valid domain
		// plus a "listed" tld.
		function isValidDomain(domain) {
		const parsed = (0, psl_1.parse)(domain);
		return !parsed.error && parsed.listed;
		}
		function isNotUnicast(ip) {
		@@ -135,0 +142,0 @@ return ip.range() !== 'unicast';

package.json

		{
		"name": "@atproto-labs/fetch-node",
		"version": "0.1.5",
		"version": "0.1.6",
		"license": "MIT",
		@@ -5,0 +5,0 @@ "description": "SSRF protection for fetch() in Node.js",

src/unicast.ts

		@@ -12,3 +12,3 @@ import dns, { LookupAddress } from 'node:dns'
		import ipaddr from 'ipaddr.js'
		import { isValid as isValidDomain } from 'psl'
		import { parse as pslParse } from 'psl'
		import { Agent, Client } from 'undici'
		@@ -189,2 +189,10 @@

		// see lupomontero/psl#258 for context on psl usage.
		// in short, this ensures a structurally valid domain
		// plus a "listed" tld.
		function isValidDomain(domain: string) {
		const parsed = pslParse(domain)
		return !parsed.error && parsed.listed
		}

		function isNotUnicast(ip: ipaddr.IPv4 \| ipaddr.IPv6): boolean {
		@@ -191,0 +199,0 @@ return ip.range() !== 'unicast'

dist/unicast.js.map

Sorry, the diff of this file is not supported yet

Improved metrics