@connectedcars/jwtutils
Advanced tools
Comparing version 1.0.18 to 1.0.19
| { | ||
| "name": "@connectedcars/jwtutils", | ||
| "version": "1.0.18", | ||
| "version": "1.0.19", | ||
| "description": "Zero dependency JWT encoding/decoding for Node", | ||
@@ -14,4 +14,5 @@ "main": "src/index.js", | ||
| "scripts": { | ||
| "test": "nyc --reporter=lcov --reporter=text mocha \"src/**/*.test.js\" \"bin/*.test.js\"", | ||
| "coveralls": "nyc report --reporter=text-lcov | coveralls" | ||
| "test": "mocha \"src/**/*.test.js\" \"bin/*.test.js\"", | ||
| "cov": "nyc --reporter=lcov --reporter=text npm test", | ||
| "coveralls": "nyc report --reporter=text-lcov npm test | coveralls" | ||
| }, | ||
@@ -32,23 +33,33 @@ "repository": { | ||
| "devDependencies": { | ||
| "@types/mocha": "^5.2.0", | ||
| "@types/node": "^10.1.2", | ||
| "@types/mocha": "^5.2.5", | ||
| "@types/node": "^10.12.18", | ||
| "@types/tmp": "0.0.33", | ||
| "babel-eslint": "^8.2.3", | ||
| "babel-eslint": "^10.0.1", | ||
| "benchmark": "^2.1.4", | ||
| "coveralls": "^3.0.1", | ||
| "eslint": "^4.19.1", | ||
| "eslint-config-prettier": "^2.9.0", | ||
| "eslint-plugin-node": "^6.0.1", | ||
| "eslint-plugin-prettier": "^2.6.0", | ||
| "express": "^4.16.3", | ||
| "coveralls": "^3.0.2", | ||
| "eslint": "^5.11.1", | ||
| "eslint-config-prettier": "^3.3.0", | ||
| "eslint-plugin-node": "^8.0.0", | ||
| "eslint-plugin-prettier": "^3.0.1", | ||
| "express": "^4.16.4", | ||
| "microtime": "^2.1.8", | ||
| "mocha": "^5.2.0", | ||
| "nyc": "^11.8.0", | ||
| "prettier": "^1.12.1", | ||
| "nyc": "^13.1.0", | ||
| "prettier": "^1.15.3", | ||
| "r2": "^2.0.1", | ||
| "tmp": "0.0.33", | ||
| "typescript": "^2.8.3", | ||
| "unexpected": "^10.37.7" | ||
| "typescript": "^3.2.2", | ||
| "unexpected": "^10.40.2" | ||
| }, | ||
| "dependencies": {} | ||
| "dependencies": {}, | ||
| "nyc": { | ||
| "include": [ | ||
| "src/**", | ||
| "bin/**" | ||
| ], | ||
| "exclude": [ | ||
| "**/*.test.js" | ||
| ], | ||
| "all": true | ||
| } | ||
| } |
@@ -11,2 +11,3 @@ // @ts-check | ||
| const PubkeysHelper = require('./pubkeyshelper') | ||
| const JwkUtils = require('./jwkutils') | ||
@@ -18,2 +19,3 @@ module.exports = { | ||
| }, | ||
| JwkUtils, | ||
| PubkeysHelper, | ||
@@ -20,0 +22,0 @@ JwtAuthMiddleware, |
@@ -39,9 +39,2 @@ // SEQUENCE(OBJECT IDENTIFIER = 1.2.840.113549.1.1.1, NULL) - rsaEncryption | ||
| /** | ||
| * @deprecated since version 1.0.13 | ||
| */ | ||
| function jwtToPem(jwk) { | ||
| this.jwkToPem(jwk) | ||
| } | ||
| function jwkToPem(jwk) { | ||
@@ -192,4 +185,3 @@ switch (jwk.kty) { | ||
| ecPublicKeyJwkToPem, | ||
| jwkToPem, | ||
| jwtToPem // Fuckup with naming | ||
| jwkToPem | ||
| } | ||
@@ -196,0 +188,0 @@ |
@@ -47,2 +47,5 @@ const defaultHttpRequestHandler = require('./defaulthttprequesthandler') | ||
| function _fetchJwkKeys(httpRequestHandler, url, options) { | ||
| let defaultAlgorithms = options.defaultAlgorithms || [] | ||
| delete options.defaultAlgorithms | ||
| return httpRequestHandler('GET', url, {}, null).then(response => { | ||
@@ -64,8 +67,11 @@ let pubkeysResponse = JSON.parse( | ||
| let publicKeyPem = jwkUtils.jwkToPem(key) | ||
| pubKeys[`${key.kid}@${key.alg}`] = Object.assign( | ||
| { | ||
| publicKey: publicKeyPem | ||
| }, | ||
| options | ||
| ) | ||
| let algorithms = key.alg ? [key.alg] : defaultAlgorithms | ||
| for (let algorithm of algorithms) { | ||
| pubKeys[`${key.kid}@${algorithm}`] = Object.assign( | ||
| { | ||
| publicKey: publicKeyPem | ||
| }, | ||
| options | ||
| ) | ||
| } | ||
| } | ||
@@ -72,0 +78,0 @@ return pubKeys |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-83.33%
2
- Number of medium supply chain risk alerts
- decreased by-70%
3
Worsened metrics
- Total package byte prevSize
- decreased by-63.93%
46016
- Number of package files
- decreased by-59.09%
18
- Lines of code
- decreased by-64.84%
1181