@hapi/statehood - npm Package Compare versions

Comparing version 7.0.3 to 7.0.4

lib/index.js

@@ -60,5 +60,2 @@ 'use strict';
 
-//                      1: name                2: quoted  3: value
-internals.parseRx = /\s*([^=\s]*)\s*=\s*(?:(?:"([^\"]*)")|([^\;]*))(?:(?:;\s*)|$)/g;
-
 internals.validateRx = {
@@ -109,7 +106,4 @@ nameRx: {
         const names = [];
-        const verify = cookies.replace(internals.parseRx, ($0, $1, $2, $3) => {
+        const verify = internals.parsePairs(cookies, (name, value) => {
 
-            const name = $1;
-            const value = $2 || $3 || '';
-
             if (name === '__proto__') {
@@ -130,4 +124,2 @@ throw Boom.badRequest('Invalid cookie header');
             }
-
-            return '';
         });
@@ -139,3 +131,3 @@
 
-        if (verify !== '') {
+        if (verify !== null) {
             if (!this.settings.ignoreErrors) {
@@ -356,2 +348,30 @@ throw Boom.badRequest('Invalid cookie header');
 
+internals.parsePairs = function (cookies, eachPairFn) {
+
+    let index = 0;
+
+    while (index < cookies.length) {
+
+        const eqIndex = cookies.indexOf('=', index);
+
+        if (eqIndex === -1) {
+            return cookies.slice(index);    // E.g. 'a=1;xyz' -> 'xyz'
+        }
+
+        const semiIndex = cookies.indexOf(';', eqIndex);
+        const endOfValueIndex = semiIndex !== -1 ? semiIndex : cookies.length;
+
+        const name = cookies.slice(index, eqIndex).trim();
+        const value = cookies.slice(eqIndex + 1, endOfValueIndex).trim();
+        const unquotedValue = (value.startsWith('"') && value.endsWith('"') && value !== '"') ?
+            value.slice(1, -1) :    // E.g. '"abc"' -> 'abc'
+            value;
+
+        eachPairFn(name, unquotedValue);
+        index = endOfValueIndex + 1;
+    }
+
+    return null;
+};
+
 internals.validate = function (name, state) {
@@ -358,0 +378,0 @@

package.json

 {
   "name": "@hapi/statehood",
   "description": "HTTP State Management Utilities",
-  "version": "7.0.3",
+  "version": "7.0.4",
   "repository": "git://github.com/hapijs/statehood",
@@ -16,2 +16,7 @@ "main": "lib/index.js",
   ],
+  "eslintConfig": {
+    "extends": [
+      "plugin:@hapi/module"
+    ]
+  },
   "dependencies": {
@@ -28,3 +33,4 @@ "@hapi/boom": "9.x.x",
     "@hapi/code": "8.x.x",
-    "@hapi/lab": "23.x.x"
+    "@hapi/eslint-plugin": "*",
+    "@hapi/lab": "24.x.x"
   },
@@ -31,0 +37,0 @@ "scripts": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

18183

increased by3.93%

Lines of code

388

increased by3.74%

Worsened metrics

Dev dependency count

3

increased by50%

No dependency changes