@fastify/compress - npm Package Compare versions

Comparing version 6.0.0 to 6.1.0

index.js

@@ -11,8 +11,6 @@ 'use strict'
 const pumpify = require('pumpify')
-const isGzip = require('is-gzip')
-const isDeflate = require('is-deflate')
 const encodingNegotiator = require('encoding-negotiator')
 const { inherits, format } = require('util')
 
-const { isStream } = require('./lib/utils')
+const { isStream, isGzip, isDeflate } = require('./lib/utils')
 
@@ -19,0 +17,0 @@ const InvalidRequestEncodingError = createError('FST_CP_ERR_INVALID_CONTENT_ENCODING', 'Unsupported Content-Encoding: %s', 415)

lib/utils.js

 'use strict'
 
+// https://datatracker.ietf.org/doc/html/rfc1950#section-2
+function isDeflate (buffer) {
+  return (
+    typeof buffer === 'object' &&
+    buffer !== null &&
+    buffer.length > 1 &&
+    // CM = 8 denotes the "deflate" compression method
+    (buffer[0] & 0x0f) === 0x08 &&
+    // CINFO Values of above 7 are not allowed by RFC 1950
+    (buffer[0] & 0x80) === 0 &&
+    // The FCHECK value must be such that CMF and FLG, when viewed as
+    // a 16-bit unsigned integer stored in MSB order (CMF*256 + FLG),
+    // is a multiple of 31.
+    (((buffer[0] << 8) + buffer[1]) % 31) === 0
+  )
+}
+
+// https://datatracker.ietf.org/doc/html/rfc1952#page-6
+function isGzip (buffer) {
+  return (
+    typeof buffer === 'object' &&
+    buffer !== null &&
+    buffer.length > 2 &&
+    // ID1
+    buffer[0] === 0x1f &&
+    // ID2
+    buffer[1] === 0x8b &&
+    buffer[2] === 0x08
+  )
+}
+
 function isStream (stream) {
@@ -7,2 +38,2 @@ return stream !== null && typeof stream === 'object' && typeof stream.pipe === 'function'
 
-module.exports = { isStream }
+module.exports = { isGzip, isDeflate, isStream }

package.json

 {
   "name": "@fastify/compress",
-  "version": "6.0.0",
+  "version": "6.1.0",
   "description": "Fastify compression utils",
@@ -11,5 +11,2 @@ "main": "index.js",
     "into-stream": "^6.0.0",
-    "is-deflate": "^1.0.0",
-    "is-gzip": "^2.0.0",
-    "is-zip": "^1.0.0",
     "mime-db": "^1.51.0",
@@ -19,4 +16,3 @@ "minipass": "^3.1.6",
     "pump": "^3.0.0",
-    "pumpify": "^2.0.1",
-    "string-to-stream": "^3.0.1"
+    "pumpify": "^2.0.1"
   },
@@ -33,3 +29,3 @@ "devDependencies": {
     "tap": "^16.0.0",
-    "tsd": "^0.20.0",
+    "tsd": "^0.21.0",
     "typescript": "^4.5.4"
@@ -67,5 +63,2 @@ },
   },
-  "engines": {
-    "node": ">=10.16"
-  },
   "tsd": {
@@ -72,0 +65,0 @@ "directory": "test/types"

README.md

@@ -5,3 +5,2 @@ # @fastify/compress
 [![NPM version](https://img.shields.io/npm/v/@fastify/compress.svg?style=flat)](https://www.npmjs.com/package/@fastify/compress)
-[![Known Vulnerabilities](https://snyk.io/test/github/fastify/fastify-compress/badge.svg)](https://snyk.io/test/github/fastify/fastify-compress)
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
@@ -8,0 +7,0 @@

test/utils.test.js

@@ -7,3 +7,3 @@ 'use strict'
 const { test } = require('tap')
-const { isStream } = require('../lib/utils')
+const { isStream, isDeflate, isGzip } = require('../lib/utils')
 
@@ -29,1 +29,37 @@ test('isStream() utility should be able to detect Streams', async (t) => {
 })
+
+test('isDeflate() utility should be able to detect deflate compressed Buffer', async (t) => {
+  t.plan(14)
+
+  t.equal(isDeflate(Buffer.alloc(0)), false)
+  t.equal(isDeflate(Buffer.alloc(0)), false)
+  t.equal(isDeflate(Buffer.from([0x78])), false)
+  t.equal(isDeflate(Buffer.from([0x78, 0x00])), false)
+  t.equal(isDeflate(Buffer.from([0x7a, 0x01])), false)
+  t.equal(isDeflate(Buffer.from([0x88, 0x01])), false)
+  t.equal(isDeflate(Buffer.from([0x78, 0x11])), false)
+  t.equal(isDeflate(Buffer.from([0x78, 0x01])), true)
+  t.equal(isDeflate(Buffer.from([0x78, 0x9c])), true)
+  t.equal(isDeflate(Buffer.from([0x78, 0xda])), true)
+
+  t.equal(isDeflate({}), false)
+  t.equal(isDeflate(null), false)
+  t.equal(isDeflate(undefined), false)
+  t.equal(isDeflate(''), false)
+})
+
+test('isGzip() utility should be able to detect gzip compressed Buffer', async (t) => {
+  t.plan(10)
+
+  t.equal(isGzip(Buffer.alloc(0)), false)
+  t.equal(isGzip(Buffer.alloc(1)), false)
+  t.equal(isGzip(Buffer.alloc(2)), false)
+  t.equal(isGzip(Buffer.from([0x1f, 0x8b])), false)
+  t.equal(isGzip(Buffer.from([0x1f, 0x8b, 0x00])), false)
+  t.equal(isGzip(Buffer.from([0x1f, 0x8b, 0x08])), true)
+
+  t.equal(isGzip({}), false)
+  t.equal(isGzip(null), false)
+  t.equal(isGzip(undefined), false)
+  t.equal(isGzip(''), false)
+})

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

160103

increased by0.73%

Dependency count

8

decreased by-33.33%

Lines of code

4236

increased by1.36%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Number of lines in readme file

308

decreased by-0.32%

Dependency changes

• - Removedis-deflate@^1.0.0

• - Removedis-gzip@^2.0.0

• - Removedis-zip@^1.0.0

• - Removedstring-to-stream@^3.0.1

• - Removedis-deflate@1.0.0(transitive)

• - Removedis-gzip@2.0.0(transitive)

• - Removedis-zip@1.0.0(transitive)

• - Removedstring-to-stream@3.0.1(transitive)