@contrast/agent-lib
Advanced tools
@contrast/agent-lib - npm Package Compare versions
Comparing version 8.2.0 to 8.2.1
@@ -91,3 +91,3 @@ /// <reference types="node" /> | ||
| export public type XssState = { | ||
| export type XssState = { | ||
| inputs: ArrayBuffer; | ||
@@ -124,3 +124,3 @@ state: ArrayBuffer; | ||
| */ | ||
| scoreAtom(rules: RuleBitMask, value: JsString, inputType: InputType, options?: EvalOptions): ScoreAtomFinding[]; | ||
| scoreAtom(rules: RuleBitMask, value: JsString, inputType: InputTypeId, options?: EvalOptions): ScoreAtomFinding[]; | ||
@@ -154,3 +154,3 @@ /** | ||
| */ | ||
| checkSqlInjectionSink(index: number, length: number, dbType: DbType, query: JsString): CheckInjectionResult; | ||
| checkSqlInjectionSink(index: number, length: number, dbType: DbTypeId, query: JsString): CheckInjectionResult; | ||
@@ -223,5 +223,3 @@ /** | ||
| */ | ||
| isXssWholeBodyAttack(body: JsString, inputs: string[]): boolean; | ||
| // legacy name | ||
| isXssAttack(body: JsString, inputs: JsString[]): boolean; | ||
| isXssAttackInWholeBody(body: JsString, inputs: string[]): boolean; | ||
@@ -257,5 +255,3 @@ /** | ||
| */ | ||
| isXssChunkedBodyAttack(chunk: JsString, state: XssState): boolean; | ||
| // legacy name | ||
| isXssAttackStateful(body: JsString, state: XssState): boolean; | ||
| isXssAttackInChunkedBody(chunk: JsString, state: XssState): boolean; | ||
@@ -274,5 +270,3 @@ /** | ||
| */ | ||
| isXssScriptOrIframeAttack(inputs: string[]): boolean; | ||
| // legacy name | ||
| isXssObviousAttack(inputs: string[]): boolean; | ||
| isXssScriptOrIframeInUserInput(inputs: string[]): boolean; | ||
@@ -302,6 +296,6 @@ /** | ||
| export type RuleName = keyof typeof constants.RuleType; | ||
| export type InputType = typeof constants.InputType[keyof typeof constants.InputType]; | ||
| export type InputTypeId = typeof constants.InputType[keyof typeof constants.InputType]; | ||
| export type InputTypeName = keyof typeof constants.InputType; | ||
| export type DbType = typeof constants.DbType[keyof typeof constants.DbType]; | ||
| export type DbTypeId = typeof constants.DbType[keyof typeof constants.DbType]; | ||
@@ -0,0 +0,0 @@ 'use strict'; |
| { | ||
| "name": "@contrast/agent-lib", | ||
| "version": "8.2.0", | ||
| "version": "8.2.1", | ||
| "description": "", | ||
@@ -41,3 +41,3 @@ "keywords": [], | ||
| "inquirer": "^8.2.0", | ||
| "mocha": "^9.2.0", | ||
| "mocha": "^11.0.1", | ||
| "semver": "^7.3.8" | ||
@@ -44,0 +44,0 @@ }, |
Sorry, the diff of this file is not supported yet
New alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 7 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Fixed alerts
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
Improved metrics
- Number of package files
- increased by454.55%
61
- Lines of code
- increased by792.48%
2847
- Number of medium quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased byInfinity%
50
Worsened metrics
- Total package byte prevSize
- decreased by-28.94%
21520443
- Number of medium maintenance alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased by1850%
39
- Number of medium supply chain risk alerts
- increased by28.57%
9