@fastify/csrf-protection - npm Package Compare versions

Comparing version 4.0.0 to 4.0.1

index.d.ts

@@ -0,0 +0,0 @@ /// <reference types="node" />

index.js

@@ -130,4 +130,4 @@ 'use strict'
 module.exports = fp(csrfPlugin, {
-  fastify: '4.x',
-  name: '@fastify/csrf-protection'
+  fastify: '3.x',
+  name: 'fastify-csrf'
 })

package.json

 {
   "name": "@fastify/csrf-protection",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "description": "A plugin for adding CSRF protection to Fastify.",
@@ -37,8 +37,8 @@ "main": "index.js",
     "@types/node": "^17.0.0",
-    "fastify": "^4.0.0-rc.2",
-    "@fastify/cookie": "^7.0.0",
-    "@fastify/secure-session": "^5.0.0",
-    "@fastify/session": "^9.0.0",
+    "fastify": "^3.29.0",
+    "@fastify/cookie": "^6.0.0",
+    "@fastify/secure-session": "^4.0.0",
+    "@fastify/session": "^8.0.0",
     "proxyquire": "^2.1.3",
-    "sinon": "^13.0.0",
+    "sinon": "^14.0.0",
     "standard": "^17.0.0",
@@ -45,0 +45,0 @@ "tap": "^16.0.0",

README.md

 # @fastify/csrf-protection
 
-![CI](https://github.com/fastify/fastify-csrf/workflows/CI/badge.svg)
-[![NPM version](https://img.shields.io/npm/v/fastify-csrf.svg?style=flat)](https://www.npmjs.com/package/fastify-csrf)
-[![Known Vulnerabilities](https://snyk.io/test/github/fastify/fastify-csrf/badge.svg)](https://snyk.io/test/github/fastify/fastify-csrf)
+![CI](https://github.com/fastify/csrf-protection/workflows/CI/badge.svg)
+[![NPM version](https://img.shields.io/npm/v/@fastify/csrf-protection.svg?style=flat)](https://www.npmjs.com/package/@fastify/csrf-protection)
+[![Known Vulnerabilities](https://snyk.io/test/github/fastify/csrf-protection/badge.svg)](https://snyk.io/test/github/fastify/csrf-protection)
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
@@ -16,4 +16,4 @@
 We do not claim that this module is able to protect an application without a clear study of CSRF, its impact and the needed mitigations.
-fastify-csrf provides a series of utilities that developers can use to secure their application.
-We recommend using [fastify-helmet](https://github.com/fastify/fastify-helmet) to implement some of those mitigations.
+@fastify/csrf-protection provides a series of utilities that developers can use to secure their application.
+We recommend using [@fastify/helmet](https://github.com/fastify/fastify-helmet) to implement some of those mitigations.
 
@@ -35,3 +35,3 @@ Security is always a tradeoff between risk mitigation, functionality, and developer experience.
 
-If you use `fastify-csrf` with `@fastify/cookie`, the CSRF secret will be added to the response cookies.
+If you use `@fastify/csrf-protection` with `@fastify/cookie`, the CSRF secret will be added to the response cookies.
 By default, the cookie used will be named `_csrf`, but you can rename it via the `cookieKey` option.
@@ -42,7 +42,7 @@ When `cookieOpts` are provided, they **override** the default options. Make sure you restore any of the default options which provide sensible and secure defaults.
 fastify.register(require('@fastify/cookie'))
-fastify.register(require('fastify-csrf'))
+fastify.register(require('@fastify/csrf-protection'))
 
 // if you want to sign cookies:
 fastify.register(require('@fastify/cookie'), { secret }) // See following section to ensure security
-fastify.register(require('fastify-csrf'), { cookieOpts: { signed: true } })
+fastify.register(require('@fastify/csrf-protection'), { cookieOpts: { signed: true } })
 
@@ -100,10 +100,10 @@ // generate a token
 
-### Use with [`fastify-secure-session`](https://github.com/fastify/fastify-secure-session)
+### Use with [`@fastify/secure-session`](https://github.com/fastify/fastify-secure-session)
 
-If you use `fastify-csrf` with `fastify-secure-session`, the CSRF secret will be added to the session.
+If you use `@fastify/csrf-protection` with `@fastify/secure-session`, the CSRF secret will be added to the session.
 By default, the key used will be named `_csrf`, but you can rename it via the `sessionKey` option.
 
 ```js
-fastify.register(require('fastify-secure-session'))
-fastify.register(require('fastify-csrf'), { sessionPlugin: 'fastify-secure-session' })
+fastify.register(require('@fastify/secure-session'))
+fastify.register(require('@fastify/csrf-protection'), { sessionPlugin: '@fastify/secure-session' })
 
@@ -110,0 +110,0 @@ // generate a token

test/basic.test.js

@@ -0,0 +0,0 @@ 'use strict'

test/index.test-d.ts

@@ -0,0 +0,0 @@ import Fastify from 'fastify'

test/user-info.test.js

@@ -0,0 +0,0 @@ 'use strict'

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29997

increased by3.66%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes