@codefresh-io/cf-git-providers
Advanced tools
Comparing version
@@ -8,6 +8,5 @@ "use strict"; | ||
const plugin_retry_1 = require("@octokit/plugin-retry"); | ||
const https_proxy_agent_1 = require("https-proxy-agent"); | ||
const proxy_agent_1 = __importDefault(require("proxy-agent")); | ||
const lodash_1 = require("lodash"); | ||
const https_1 = require("https"); | ||
const url_1 = __importDefault(require("url")); | ||
const helpers_1 = require("../helpers"); | ||
@@ -32,15 +31,2 @@ // eslint-disable-next-line @typescript-eslint/no-var-requires | ||
}; | ||
const _getAgent = (insecure) => { | ||
const options = { keepAlive: true, maxSockets: 10, rejectUnauthorized: !insecure }; | ||
const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy; | ||
let agent; | ||
if (proxyUrl) { | ||
const proxy = url_1.default.parse(proxyUrl); | ||
agent = new https_proxy_agent_1.HttpsProxyAgent({ ...options, ...proxy }); | ||
} | ||
else { | ||
agent = new https_1.Agent(options); | ||
} | ||
return agent; | ||
}; | ||
const _cleanFilePath = (filepath) => { | ||
@@ -132,3 +118,9 @@ const prefix = './'; | ||
const pathPrefix = (opt.apiPathPrefix && opt.apiPathPrefix !== '/') ? opt.apiPathPrefix : ''; | ||
const agent = _getAgent(process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0' || lodash_1.get(opt, 'insecure', false)); | ||
const insecure = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0' || lodash_1.get(opt, 'insecure', false); | ||
const baseUrl = `https://${opt.apiHost || 'api.github.com'}${pathPrefix}`; | ||
const agentOptions = { keepAlive: true, maxSockets: 10, rejectUnauthorized: !insecure }; | ||
let agent = new https_1.Agent(agentOptions); | ||
if (process.env.HTTP_PROXY || process.env.HTTPS_PROXY) { | ||
agent = new proxy_agent_1.default(); | ||
} | ||
const GithubClient = rest_1.Octokit.plugin(plugin_retry_1.retry); | ||
@@ -146,3 +138,3 @@ this.githubClient = new GithubClient({ | ||
debug: true, | ||
baseUrl: `https://${opt.apiHost || 'api.github.com'}${pathPrefix}` | ||
baseUrl, | ||
}); | ||
@@ -149,0 +141,0 @@ } |
{ | ||
"name": "@codefresh-io/cf-git-providers", | ||
"version": "0.4.4-CR-10173", | ||
"version": "0.4.4-CR-10173-3", | ||
"description": "An NPM module/CLI for interacting with various git providers", | ||
@@ -23,3 +23,2 @@ "keywords": [ | ||
"debug": "^4.1.1", | ||
"https-proxy-agent": "^5.0.0", | ||
"lodash": "^4.17.21", | ||
@@ -26,0 +25,0 @@ "p-limit": "^3.0.2", |
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
12
-7.69%4
-33.33%220893
-0.22%3352
-0.24%- Removed