@daisy/epub-utils - npm Package Compare versions

Comparing version 1.2.0-beta.4 to 1.2.0-beta.5

lib/epub-parse.js

@@ -13,2 +13,3 @@ // input: unzipped book directory
 
+const fileUrl = require('file-url');
 const DOMParser = require('xmldom-alpha').DOMParser;
@@ -104,3 +105,3 @@ const XMLSerializer = require('xmldom-alpha').XMLSerializer;
   select('//opf:link[not(@refines)]', doc).forEach(link => {
-    addLink(link.getAttribute('rel'), link.getAttribute('href'), result);
+    addLink(link.getAttribute('rel'), decodeURI(link.getAttribute('href')), result);
   });
@@ -149,6 +150,10 @@ return result;
         var spineItem = new SpineItem();
-        spineItem.relpath = manifestItem[0].getAttribute('href');
+        spineItem.relpath = decodeURI(manifestItem[0].getAttribute('href'));
         spineItem.filepath = path.join(path.dirname(packageDocPath), spineItem.relpath);
         spineItem.title = this.parseContentDocTitle(spineItem.filepath);
-        spineItem.url = "file://" + spineItem.filepath;
+
+        // does encodeURI() as per https://tools.ietf.org/html/rfc3986#section-3.3 in a nutshell: encodeURI(`file://${tmpFile}`).replace(/[?#]/g, encodeURIComponent)
+        spineItem.url = fileUrl(spineItem.filepath);
+        // spineItem.url = "file://" + encodeURI(spineItem.filepath);
+
         this.contentDocs.push(spineItem);
@@ -164,3 +169,3 @@ } else if (!this.hasSVGContentDocuments && 'image/svg+xml' === contentType) {
   if (navDocRef.length > 0) {
-    const navDocPath = navDocRef[0].nodeValue;
+    const navDocPath = decodeURI(navDocRef[0].nodeValue);
     const navDocFullPath = path.join(path.dirname(packageDocPath), navDocPath);
@@ -195,3 +200,3 @@ this.navDoc = parseNavDoc(navDocFullPath, epubDir);
   if (rootfiles.length > 0) {
-    return path.join(epubDir, rootfiles[0].nodeValue);
+    return path.join(epubDir, decodeURI(rootfiles[0].nodeValue));
   }
@@ -198,0 +203,0 @@ return '';

lib/epub.js

 'use strict';
 
 const epubParse = require('./epub-parse.js');
+const StreamZip = require('node-stream-zip');
 const extractZip = require('extract-zip');
@@ -12,12 +13,59 @@ const tmp = require('tmp');
 
-async function unzip(path) {
-  const tmpdir = tmp.dirSync({ unsafeCleanup: true }).name;
+const LOG_DEBUG_URLS = process.env.LOG_DEBUG_URLS === "1";
+
+async function unzip(path, useLegacyZipLib) {
+  const tmpdir = tmp.dirSync({ unsafeCleanup: true, keep: LOG_DEBUG_URLS }).name;
+  if (LOG_DEBUG_URLS) {
+    console.log(">>>>>> LOG_DEBUG_URLS");
+    console.log(path);
+    console.log(tmpdir);
+  }
   return new Promise((resolve, reject) => {
-    extractZip(path, { dir: tmpdir }, err => {
-      if (err) {
+    if (useLegacyZipLib) {
+      extractZip(path, { dir: tmpdir }, err => {
+        if (err) {
+          if (LOG_DEBUG_URLS) {
+            console.log(err);
+          }
+          reject(err);
+        } else {
+          resolve(tmpdir);
+        }
+      });
+    } else {
+      const zip = new StreamZip({
+        file: path,
+        storeEntries: true // zip.entries() zip.entriesCount (necessary for zip.extract())
+      });
+      zip.on('error', err => {
+        if (LOG_DEBUG_URLS) {
+          console.log(err);
+        }
         reject(err);
-      } else {
-        resolve(tmpdir);
+      });
+      zip.on('ready', () => {
+        zip.extract(null, tmpdir, (err, count) => {
+          if (LOG_DEBUG_URLS) {
+            console.log(`ZIP COUNT ${count}`);
+          }
+          zip.close();
+          if (err) {
+            if (LOG_DEBUG_URLS) {
+              console.log(err);
+            }
+            reject(err);
+          } else {
+            resolve(tmpdir);
+          }
+        });
+      });
+      if (LOG_DEBUG_URLS) {
+        zip.on('extract', (entry, file) => {
+          console.log(`ZIP EXTRACT ${entry.name} to ${file}`);
+        });
+        zip.on('entry', entry => {
+          console.log(`ZIP ENTRY ${entry.name}`);
+        });
       }
-    });
+    }
   });
@@ -52,3 +100,3 @@ }
       fs.truncateSync(tmpEPUB, truncatedSize);
-      const res = await unzip(tmpEPUB);
+      const res = await unzip(tmpEPUB, true);
       if (needsDelete) {
@@ -97,8 +145,14 @@ process.nextTick(() => {
       } catch (error) {
-        winston.error('Failed to unzip EPUB (the ZIP archive may be corrupt).');
+        winston.error('Failed to unzip EPUB (the ZIP archive may be corrupt). TRYING LEGACY ZIP LIB ...');
         winston.debug(error);
         try {
-          unzippedDir = await retryUnzip(this, error);
+          unzippedDir = await unzip(this.path, true);
         } catch (error) {
-          throw error;
+          winston.error('Failed to unzip EPUB again (the ZIP archive may be corrupt). TRYING ZIP PATCH ...');
+          winston.debug(error);
+          try {
+            unzippedDir = await retryUnzip(this, error);
+          } catch (error) {
+            throw error;
+          }
         }
@@ -105,0 +159,0 @@ }

package.json

 {
   "name": "@daisy/epub-utils",
-  "version": "1.2.0-beta.4",
+  "version": "1.2.0-beta.5",
   "description": "EPUB parser and model, used by Ace",
@@ -22,3 +22,5 @@ "author": {
     "extract-zip": "^1.6.7",
+    "file-url": "^3.0.0",
     "fs-extra": "^8.1.0",
+    "node-stream-zip": "^1.8.2",
     "tmp": "^0.1.0",
@@ -25,0 +27,0 @@ "winston": "^3.2.1",

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13454

increased by17.48%

Lines of code

346

increased by19.31%

Worsened metrics

Dependency count

8

increased by33.33%

Number of low supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedfile-url@^3.0.0

• + Addednode-stream-zip@^1.8.2

• + Addedfile-url@3.0.0(transitive)

• + Addednode-stream-zip@1.15.0(transitive)