Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@fastify/csrf
Advanced tools
@fastify/csrf - npm Package Compare versions
Comparing version 6.0.0 to 6.1.0
| { | ||
| "name": "@fastify/csrf", | ||
| "description": "primary logic behind csrf tokens", | ||
| "version": "6.0.0", | ||
| "version": "6.1.0", | ||
| "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)", | ||
@@ -33,3 +33,3 @@ "main": "index.js", | ||
| "tap": "^16.3.0", | ||
| "tsd": "^0.24.1" | ||
| "tsd": "^0.25.0" | ||
| }, | ||
@@ -36,0 +36,0 @@ "keywords": [ |
@@ -1,84 +0,89 @@ | ||
| interface TokensBase { | ||
| /** | ||
| * Create a new secret key. | ||
| */ | ||
| secret(callback: SecretCallback): void; | ||
| secret(): Promise<string>; | ||
| interface TokensConstructor { | ||
| (options?: Tokens.Options & { userInfo: true}): Tokens.TokensUserinfo; | ||
| (options?: Tokens.Options): Tokens.TokensSimple; | ||
| /** | ||
| * Create a new secret key synchronously. | ||
| */ | ||
| secretSync(): string; | ||
| new(options?: Tokens.Options & { userInfo: true}): Tokens.TokensUserinfo; | ||
| new(options?: Tokens.Options): Tokens.TokensSimple; | ||
| } | ||
| interface TokensSimple extends TokensBase { | ||
| /** | ||
| * Create a new CSRF token. | ||
| */ | ||
| create(secret: string): string; | ||
| declare namespace Tokens { | ||
| interface TokensBase { | ||
| /** | ||
| * Create a new secret key. | ||
| */ | ||
| secret(callback: SecretCallback): void; | ||
| secret(): Promise<string>; | ||
| /** | ||
| * Create a new secret key synchronously. | ||
| */ | ||
| secretSync(): string; | ||
| } | ||
| export interface TokensSimple extends TokensBase { | ||
| /** | ||
| * Create a new CSRF token. | ||
| */ | ||
| create(secret: string): string; | ||
| /** | ||
| * Verify if a given token is valid for a given secret. | ||
| */ | ||
| verify(secret: string, token: string): boolean; | ||
| } | ||
| export interface TokensUserinfo extends TokensBase { | ||
| /** | ||
| * Create a new CSRF token. | ||
| */ | ||
| create(secret: string, userInfo: string): string; | ||
| /** | ||
| * Verify if a given token is valid for a given secret. | ||
| */ | ||
| verify(secret: string, token: string, userInfo: string): boolean; | ||
| } | ||
| export type SecretCallback = (err: Error | null, secret: string) => void; | ||
| export interface Options { | ||
| /** | ||
| * The algorithm used to generate the token | ||
| * @default sha256 | ||
| */ | ||
| algorithm?: string; | ||
| /** | ||
| * The string length of the salt | ||
| * | ||
| * @default 8 | ||
| */ | ||
| saltLength?: number; | ||
| /** | ||
| * The byte length of the secret key | ||
| * | ||
| * @default 18 | ||
| */ | ||
| secretLength?: number; | ||
| /** | ||
| * The maximum milliseconds of validity of this token. 0 disables the check. | ||
| * | ||
| * @default 0 | ||
| */ | ||
| validity?: number; | ||
| /** | ||
| * Require userInfo on create() and verify() | ||
| * | ||
| * @default false | ||
| */ | ||
| userInfo?: boolean; | ||
| } | ||
| /** | ||
| * Verify if a given token is valid for a given secret. | ||
| */ | ||
| verify(secret: string, token: string): boolean; | ||
| export const Tokens: TokensConstructor | ||
| export { Tokens as default } | ||
| } | ||
| interface TokensUserinfo extends TokensBase { | ||
| /** | ||
| * Create a new CSRF token. | ||
| */ | ||
| create(secret: string, userInfo: string): string; | ||
| /** | ||
| * Verify if a given token is valid for a given secret. | ||
| */ | ||
| verify(secret: string, token: string, userInfo: string): boolean; | ||
| } | ||
| export type SecretCallback = (err: Error | null, secret: string) => void; | ||
| export interface Options { | ||
| /** | ||
| * The algorithm used to generate the token | ||
| * @default sha256 | ||
| */ | ||
| algorithm?: string; | ||
| /** | ||
| * The string length of the salt | ||
| * | ||
| * @default 8 | ||
| */ | ||
| saltLength?: number; | ||
| /** | ||
| * The byte length of the secret key | ||
| * | ||
| * @default 18 | ||
| */ | ||
| secretLength?: number; | ||
| /** | ||
| * The maximum milliseconds of validity of this token. 0 disables the check. | ||
| * | ||
| * @default 0 | ||
| */ | ||
| validity?: number; | ||
| /** | ||
| * Require userInfo on create() and verify() | ||
| * | ||
| * @default false | ||
| */ | ||
| userInfo?: boolean; | ||
| } | ||
| export const Tokens: TokensConstructor; | ||
| export default Tokens; | ||
| export interface TokensConstructor { | ||
| (options?: Options & { userInfo: true}): TokensUserinfo; | ||
| (options?: Options): TokensSimple; | ||
| new(options?: Options & { userInfo: true}): TokensUserinfo; | ||
| new(options?: Options): TokensSimple; | ||
| } | ||
| declare function Tokens(...params: Parameters<TokensConstructor>): ReturnType<TokensConstructor> | ||
| export = Tokens |
| import { expectError, expectType } from "tsd"; | ||
| import { Tokens } from "."; | ||
| import { Tokens } from ".."; | ||
@@ -4,0 +4,0 @@ Tokens(); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.96%
38258
- Lines of code
- increased by0.56%
905
- Number of medium supply chain risk alerts
- decreased by-33.33%
2
No dependency changes