@fastify/csrf - npm Package Compare versions

Comparing version 7.1.1 to 8.0.0

test/polyfill.js

index.js

		@@ -341,8 +341,6 @@ 'use strict'

		fnBody.push('const base62 = \'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\'.split(\'\');')
		fnBody.push('return function () {')
		fnBody.push('const base62 = \'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\'.split(\'\');', 'return function () {')
		const salt = []
		for (let i = 0; i < saltLength; ++i) salt.push('base62[(62 * Math.random()) \| 0]')
		fnBody.push('return ' + salt.join('+'))
		fnBody.push('}')
		fnBody.push('return ' + salt.join('+'), '}')
		return new Function(fnBody.join(''))() // eslint-disable-line no-new-func
		@@ -349,0 +347,0 @@ }

package.json

		{
		"name": "@fastify/csrf",
		"description": "primary logic behind csrf tokens",
		"version": "7.1.1",
		"version": "8.0.0",
		"author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
		@@ -46,3 +46,3 @@ "main": "index.js",
		"test": "npm run test:unit && npm run test:typescript",
		"test:unit": "tap",
		"test:unit": "c8 --100 node --test",
		"test:typescript": "tsd"
		@@ -54,5 +54,5 @@ },
		"benchmark": "^2.1.4",
		"c8": "^10.1.3",
		"eslint": "^9.17.0",
		"neostandard": "^0.12.0",
		"tap": "^18.7.1",
		"tsd": "^0.31.0"
		@@ -59,0 +59,0 @@ },

test/constructor.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')
		@@ -8,3 +8,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ saltLength: 'bogus' }), new TypeError('option saltLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ saltLength: 'bogus' }), new TypeError('option saltLength must be finite number > 1'))
		})
		@@ -14,3 +14,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ saltLength: NaN }), new TypeError('option saltLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ saltLength: NaN }), new TypeError('option saltLength must be finite number > 1'))
		})
		@@ -20,3 +20,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ saltLength: Infinity }), new TypeError('option saltLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ saltLength: Infinity }), new TypeError('option saltLength must be finite number > 1'))
		})
		@@ -26,3 +26,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ secretLength: 'bogus' }), new TypeError('option secretLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ secretLength: 'bogus' }), new TypeError('option secretLength must be finite number > 1'))
		})
		@@ -32,3 +32,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ secretLength: NaN }), new TypeError('option secretLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ secretLength: NaN }), new TypeError('option secretLength must be finite number > 1'))
		})
		@@ -38,3 +38,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ secretLength: Infinity }), new TypeError('option secretLength must be finite number > 1'))
		t.assert.throws(() => new Tokens({ secretLength: Infinity }), new TypeError('option secretLength must be finite number > 1'))
		})
		@@ -44,3 +44,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ validity: 'bogus' }), new TypeError('option validity must be finite number > 0'))
		t.assert.throws(() => new Tokens({ validity: 'bogus' }), new TypeError('option validity must be finite number > 0'))
		})
		@@ -50,3 +50,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ validity: NaN }), new TypeError('option validity must be finite number > 0'))
		t.assert.throws(() => new Tokens({ validity: NaN }), new TypeError('option validity must be finite number > 0'))
		})
		@@ -56,3 +56,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ validity: Infinity }), new TypeError('option validity must be finite number > 0'))
		t.assert.throws(() => new Tokens({ validity: Infinity }), new TypeError('option validity must be finite number > 0'))
		})
		@@ -62,3 +62,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ userInfo: 'bogus' }), new TypeError('option userInfo must be a boolean'))
		t.assert.throws(() => new Tokens({ userInfo: 'bogus' }), new TypeError('option userInfo must be a boolean'))
		})
		@@ -68,3 +68,3 @@
		t.plan(1)
		t.ok(Tokens() instanceof Tokens, true)
		t.assert.ok(Tokens() instanceof Tokens, true)
		})
		@@ -74,3 +74,3 @@
		t.plan(1)
		t.throws(() => new Tokens({ algorithm: 'invalid' }), new TypeError('option algorithm must be a supported hash-algorithm'))
		t.assert.throws(() => new Tokens({ algorithm: 'invalid' }), new TypeError('option algorithm must be a supported hash-algorithm'))
		})

test/create.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')
		@@ -9,3 +9,3 @@

		t.throws(() => new Tokens().create(), new TypeError('argument secret is required'))
		t.assert.throws(() => new Tokens().create(), new TypeError('argument secret is required'))
		})
		@@ -16,3 +16,3 @@

		t.throws(() => new Tokens().create(42), new TypeError('argument secret is required'))
		t.assert.throws(() => new Tokens().create(42), new TypeError('argument secret is required'))
		})
		@@ -23,3 +23,3 @@

		t.throws(() => new Tokens().create(''), new TypeError('argument secret is required'))
		t.assert.throws(() => new Tokens().create(''), new TypeError('argument secret is required'))
		})
		@@ -31,3 +31,3 @@
		const secret = new Tokens().secretSync()
		t.type(new Tokens().create(secret), 'string')
		t.assert.ok(typeof new Tokens().create(secret) === 'string')
		})
		@@ -41,6 +41,6 @@

		t.equal(tokenLength, 52)
		t.assert.deepStrictEqual(tokenLength, 52)

		for (let i = 0; i < 1000; i++) {
		t.equal(new Tokens().create(secret).length, tokenLength)
		t.assert.deepStrictEqual(new Tokens().create(secret).length, tokenLength)
		}
		@@ -54,6 +54,6 @@ })
		const token = new Tokens().create(new Tokens().secretSync())
		t.not(token.includes('/'))
		t.not(token.includes('+'))
		t.not(token.includes('='))
		t.ok(token.split('-').length - 1 >= 1, token)
		t.assert.ok(!token.includes('/'))
		t.assert.ok(!token.includes('+'))
		t.assert.ok(!token.includes('='))
		t.assert.ok(token.split('-').length - 1 >= 1, token)
		}
		@@ -67,6 +67,6 @@ })
		const token = new Tokens({ userInfo: true }).create(new Tokens().secretSync(), 'foo')
		t.not(token.includes('/'))
		t.not(token.includes('+'))
		t.not(token.includes('='))
		t.ok(token.split('-').length - 1 >= 2, token)
		t.assert.ok(!token.includes('/'))
		t.assert.ok(!token.includes('+'))
		t.assert.ok(!token.includes('='))
		t.assert.ok(token.split('-').length - 1 >= 2, token)
		}
		@@ -80,6 +80,6 @@ })
		const token = new Tokens({ validity: 3600 }).create(new Tokens().secretSync())
		t.not(token.includes('/'))
		t.not(token.includes('+'))
		t.not(token.includes('='))
		t.ok(token.split('-').length - 1 >= 2, token)
		t.assert.ok(!token.includes('/'))
		t.assert.ok(!token.includes('+'))
		t.assert.ok(!token.includes('='))
		t.assert.ok(token.split('-').length - 1 >= 2, token)
		}
		@@ -93,6 +93,6 @@ })
		const token = new Tokens({ validity: 3600, userInfo: true }).create(new Tokens().secretSync(), 'foo')
		t.not(token.includes('/'))
		t.not(token.includes('+'))
		t.not(token.includes('='))
		t.ok(token.split('-').length - 1 >= 3, token)
		t.assert.ok(!token.includes('/'))
		t.assert.ok(!token.includes('+'))
		t.assert.ok(!token.includes('='))
		t.assert.ok(token.split('-').length - 1 >= 3, token)
		}
		@@ -108,3 +108,3 @@ })
		const token = new Tokens().create(new Tokens().secretSync())
		t.not(tokenSet.has(token))
		t.assert.ok(!tokenSet.has(token))
		tokenSet.add(token)
		@@ -119,3 +119,3 @@ }

		t.throws(() => new Tokens({ userInfo: true }).create(secret), new Error('argument userInfo is required to be a string'))
		t.assert.throws(() => new Tokens({ userInfo: true }).create(secret), new TypeError('argument userInfo is required to be a string'))
		})

test/hmac.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')

		require('./polyfill')

		test('Tokens.constructor: instantiating Tokens with a non string hmacKey should throw', t => {
		t.plan(1)
		t.throws(() => new Tokens({ hmacKey: 123 }), new TypeError('option hmacKey must be a supported hmac key'))
		t.assert.throws(() => new Tokens({ hmacKey: 123 }), new TypeError('option hmacKey must be a supported hmac key'))
		})
		@@ -14,7 +16,13 @@

		const { promise, resolve } = Promise.withResolvers()

		new Tokens({ hmacKey: 'foo' }).secret(function (err, secret) {
		t.error(err)
		t.type(secret, 'string')
		t.equal(secret.length, 24)
		t.assert.ifError(err)
		t.assert.ok(typeof secret === 'string')
		t.assert.deepStrictEqual(secret.length, 24)

		resolve()
		})

		return promise
		})
		@@ -28,3 +36,3 @@

		t.equal(new Tokens({ hmacKey: 'foo' }).verify(secret, token), true)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(secret, token), true)
		})
		@@ -38,7 +46,7 @@

		t.equal(new Tokens({ hmacKey: 'foo' }).verify(new Tokens().secretSync(), token), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify('invalid', token), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify(), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify([]), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify('invalid'), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(new Tokens().secretSync(), token), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify('invalid', token), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify([]), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify('invalid'), false)
		})
		@@ -52,6 +60,6 @@

		t.equal(new Tokens({ hmacKey: 'foo' }).verify('invalid', token), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify(secret, undefined), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify(secret, []), false)
		t.equal(new Tokens({ hmacKey: 'foo' }).verify(secret, 'hi'), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify('invalid', token), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(secret, undefined), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(secret, []), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(secret, 'hi'), false)
		})
		@@ -65,4 +73,4 @@

		t.equal(new Tokens({ hmacKey: 'foo' }).verify(secret, token), true)
		t.equal(new Tokens({ hmacKey: 'bar' }).verify(secret, token), false)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'foo' }).verify(secret, token), true)
		t.assert.deepStrictEqual(new Tokens({ hmacKey: 'bar' }).verify(secret, token), false)
		})

test/integration.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')
		@@ -12,3 +12,3 @@

		t.equal(new Tokens({ validity: 3600 }).verify(secret, token), true)
		t.assert.deepStrictEqual(new Tokens({ validity: 3600 }).verify(secret, token), true)
		})
		@@ -21,3 +21,3 @@
		const now = Date.now()
		t.teardown(() => { Date.now = fn })
		t.after(() => { Date.now = fn })

		@@ -29,3 +29,3 @@ const secret = new Tokens().secretSync()
		Date.now = function () { return now + 3601 }
		t.equal(new Tokens({ validity: 3600 }).verify(secret, token), false)
		t.assert.deepStrictEqual(new Tokens({ validity: 3600 }).verify(secret, token), false)
		})
		@@ -38,3 +38,3 @@
		const now = Date.now()
		t.teardown(() => { Date.now = fn })
		t.after(() => { Date.now = fn })

		@@ -46,3 +46,3 @@ Date.now = function () { return now }

		t.equal(new Tokens({ validity: 3600 }).verify(secret, token), true, { secret, token, now })
		t.assert.deepStrictEqual(new Tokens({ validity: 3600 }).verify(secret, token), true, { secret, token, now })
		})
		@@ -56,3 +56,3 @@

		t.equal(new Tokens({ validity: 3600 }).verify(secret, token), false)
		t.assert.deepStrictEqual(new Tokens({ validity: 3600 }).verify(secret, token), false)
		})
		@@ -66,3 +66,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, 'foobar'), true)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, 'foobar'), true)
		})
		@@ -76,3 +76,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, 'foobar'), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, 'foobar'), false)
		})
		@@ -86,3 +86,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token), false)
		})
		@@ -96,3 +96,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, {}), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, {}), false)
		})
		@@ -106,3 +106,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		})
		@@ -116,3 +116,3 @@

		t.equal(new Tokens({ validity: 3600 }).verify(secret, token), false)
		t.assert.deepStrictEqual(new Tokens({ validity: 3600 }).verify(secret, token), false)
		})
		@@ -126,3 +126,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		})
		@@ -136,3 +136,3 @@

		t.equal(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true }).verify(secret, token, 'foo'), false)
		})
		@@ -146,4 +146,4 @@

		t.equal(token.length, 96)
		t.equal(new Tokens({ userInfo: true, algorithm: 'sha256' }).verify(secret, token, 'foobar'), true)
		t.assert.deepStrictEqual(token.length, 96)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true, algorithm: 'sha256' }).verify(secret, token, 'foobar'), true)
		})
		@@ -157,4 +157,4 @@

		t.equal(token.length, 64)
		t.equal(new Tokens({ userInfo: true, algorithm: 'sha1' }).verify(secret, token, 'foobar'), true)
		t.assert.deepStrictEqual(token.length, 64)
		t.assert.deepStrictEqual(new Tokens({ userInfo: true, algorithm: 'sha1' }).verify(secret, token, 'foobar'), true)
		})

117

test/secret.test.js

		'use strict'

		const { test, mockRequire } = require('tap')
		const { test } = require('node:test')
		const Tokens = require('..')

		require('./polyfill')

		test('Tokens.secret: should reject bad callback', t => {
		t.plan(1)

		t.throws(() => new Tokens().secret(42), new TypeError('argument callback must be a function'))
		t.assert.throws(() => new Tokens().secret(42), new TypeError('argument callback must be a function'))
		})
		@@ -15,16 +17,22 @@

		const { promise, resolve } = Promise.withResolvers()

		new Tokens().secret(function (err, secret) {
		t.error(err)
		t.type(secret, 'string')
		t.equal(secret.length, 24)
		t.assert.ifError(err)
		t.assert.ok(typeof secret === 'string')
		t.assert.deepStrictEqual(secret.length, 24)

		resolve()
		})

		return promise
		})

		test('Tokens.secret: with global Promise', t => {
		test('Tokens.secret: with global Promise', async t => {
		t.plan(2)

		new Tokens().secret().then(function (secret) {
		t.type(secret, 'string')
		t.equal(secret.length, 24)
		})
		const secret = await new Tokens().secret()

		t.assert.ok(typeof secret === 'string')
		t.assert.deepStrictEqual(secret.length, 24)
		})
		@@ -37,5 +45,5 @@
		global.Promise = undefined
		t.teardown(() => { global.Promise = promise })
		t.after(() => { global.Promise = promise })

		t.throws(() => new Tokens().secret(), new TypeError('argument callback is required'))
		t.assert.throws(() => new Tokens().secret(), new TypeError('argument callback is required'))
		})
		@@ -48,47 +56,61 @@
		global.Promise = undefined
		t.teardown(() => { global.Promise = promise })
		t.throws(() => new Tokens().secret(42), new TypeError('argument callback must be a function'))
		t.after(() => { global.Promise = promise })
		t.assert.throws(() => new Tokens().secret(42), new TypeError('argument callback must be a function'))
		})

		test('Tokens.secret: should not contain /, +, or =, Promise', t => {
		test('Tokens.secret: should not contain /, +, or =, Promise', async t => {
		t.plan(3000)

		for (let i = 0; i < 1000; i++) {
		new Tokens().secret().then(function (secret) {
		t.not(secret.includes('/'))
		t.not(secret.includes('+'))
		t.not(secret.includes('='))
		})
		const secret = await new Tokens().secret()
		t.assert.ok(!secret.includes('/'))
		t.assert.ok(!secret.includes('+'))
		t.assert.ok(!secret.includes('='))
		}
		})

		test('Tokens.secret: should not contain /, +, or =, callback', t => {
		test('Tokens.secret: should not contain /, +, or =, callback', async t => {
		t.plan(4000)

		for (let i = 0; i < 1000; i++) {
		const { promise, resolve } = Promise.withResolvers()

		new Tokens().secret(function (err, secret) {
		t.error(err)
		t.not(secret.includes('/'))
		t.not(secret.includes('+'))
		t.not(secret.includes('='))
		t.assert.ifError(err)
		t.assert.ok(!secret.includes('/'))
		t.assert.ok(!secret.includes('+'))
		t.assert.ok(!secret.includes('='))

		resolve()
		})

		await promise
		}
		})

		test('Tokens.secret: should handle error, Promise', t => {
		t.plan(2)

		const Tokens = mockRequire('..', {
		'node:crypto': {
		randomBytes: (_size, cb) => {
		cb(new Error('oh no'))
		},
		createHash: require('node:crypto').createHash
		const mockRandomBytes = (t) => {
		const crypto = require('node:crypto')
		let oldCrypto
		t.before(() => {
		oldCrypto = crypto.randomBytes.bind(crypto)
		crypto.randomBytes = (_size, cb) => {
		cb(new Error('oh no'))
		}
		})
		t.after(() => {
		crypto.randomBytes = oldCrypto
		})
		}

		new Tokens().secret().catch(err => {
		t.ok(err instanceof Error)
		t.ok(err.message === 'oh no')
		})
		test('Tokens.secret: should handle error, Promise', async t => {
		t.plan(2)

		mockRandomBytes(t)

		try {
		await new Tokens().secret()
		} catch (err) {
		t.assert.ok(err instanceof Error)
		t.assert.ok(err.message === 'oh no')
		}
		})
		@@ -99,15 +121,14 @@

		const Tokens = mockRequire('..', {
		'node:crypto': {
		randomBytes: (size, cb) => {
		cb(new Error('oh no'))
		},
		createHash: require('node:crypto').createHash
		}
		})
		mockRandomBytes(t)

		const { promise, resolve } = Promise.withResolvers()

		new Tokens().secret(function (err, _secret) {
		t.ok(err instanceof Error)
		t.ok(err.message === 'oh no')
		t.assert.ok(err instanceof Error)
		t.assert.ok(err.message === 'oh no')

		resolve()
		})

		return promise
		})

test/secretSync.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')
		@@ -11,4 +11,4 @@
		// 4 bytes = 6 base-64 characters
		t.equal(new Tokens({ secretLength: 3 }).secretSync().length, 4)
		t.equal(new Tokens({ secretLength: 4 }).secretSync().length, 6)
		t.assert.deepStrictEqual(new Tokens({ secretLength: 3 }).secretSync().length, 4)
		t.assert.deepStrictEqual(new Tokens({ secretLength: 4 }).secretSync().length, 6)
		})
		@@ -20,4 +20,4 @@
		const secret = new Tokens().secretSync()
		t.type(secret, 'string')
		t.equal(secret.length, 24)
		t.assert.ok(typeof secret === 'string')
		t.assert.deepStrictEqual(secret.length, 24)
		})
		@@ -29,6 +29,6 @@
		for (let i = 0; i < 1000; i++) {
		t.not(new Tokens().secretSync().includes('/'))
		t.not(new Tokens().secretSync().includes('+'))
		t.not(new Tokens().secretSync().includes('='))
		t.assert.ok(!new Tokens().secretSync().includes('/'))
		t.assert.ok(!new Tokens().secretSync().includes('+'))
		t.assert.ok(!new Tokens().secretSync().includes('='))
		}
		})

test/verify.test.js

		'use strict'

		const test = require('tap').test
		const { test } = require('node:test')
		const Tokens = require('..')
		@@ -12,3 +12,3 @@

		t.equal(new Tokens().verify(secret, token), true)
		t.assert.deepStrictEqual(new Tokens().verify(secret, token), true)
		})
		@@ -22,7 +22,7 @@

		t.equal(new Tokens().verify(new Tokens().secretSync(), token), false)
		t.equal(new Tokens().verify('invalid', token), false)
		t.equal(new Tokens().verify(), false)
		t.equal(new Tokens().verify([]), false)
		t.equal(new Tokens().verify('invalid'), false)
		t.assert.deepStrictEqual(new Tokens().verify(new Tokens().secretSync(), token), false)
		t.assert.deepStrictEqual(new Tokens().verify('invalid', token), false)
		t.assert.deepStrictEqual(new Tokens().verify(), false)
		t.assert.deepStrictEqual(new Tokens().verify([]), false)
		t.assert.deepStrictEqual(new Tokens().verify('invalid'), false)
		})
		@@ -36,6 +36,6 @@

		t.equal(new Tokens().verify('invalid', token), false)
		t.equal(new Tokens().verify(secret, undefined), false)
		t.equal(new Tokens().verify(secret, []), false)
		t.equal(new Tokens().verify(secret, 'hi'), false)
		t.assert.deepStrictEqual(new Tokens().verify('invalid', token), false)
		t.assert.deepStrictEqual(new Tokens().verify(secret, undefined), false)
		t.assert.deepStrictEqual(new Tokens().verify(secret, []), false)
		t.assert.deepStrictEqual(new Tokens().verify(secret, 'hi'), false)
		})

.taprc

.github/workflows/ci.yml

Sorry, the diff of this file is not supported yet

@fastify/csrf - npm Package Compare versions

Fixed alerts

Improved metrics