@hashicorp/js-releases
Advanced tools
@hashicorp/js-releases - npm Package Compare versions
Comparing version 1.5.1 to 1.6.0
@@ -0,1 +1,26 @@ | ||
| # 1.6.0 (2022-06-14) | ||
| BUG FIXES: | ||
| * Swap `proxy-agent` with `https-proxy-agent` to fix `ftp` package warning by @magnetikonline in https://github.com/hashicorp/js-releases/pull/43 | ||
| ENHANCEMENT: | ||
| * Workflow and `README.md` tweaks by @magnetikonline in https://github.com/hashicorp/js-releases/pull/44 | ||
| INTERNAL: | ||
| * Bump @types/yauzl from 2.9.2 to 2.10.0 by @dependabot in https://github.com/hashicorp/js-releases/pull/34 | ||
| * Bump typescript from 4.6.2 to 4.6.3 by @dependabot in https://github.com/hashicorp/js-releases/pull/31 | ||
| * Bump prettier from 2.6.0 to 2.6.2 by @dependabot in https://github.com/hashicorp/js-releases/pull/32 | ||
| * Bump semver from 7.3.5 to 7.3.6 by @dependabot in https://github.com/hashicorp/js-releases/pull/33 | ||
| * Bump semver from 7.3.6 to 7.3.7 by @dependabot in https://github.com/hashicorp/js-releases/pull/35 | ||
| * Bump @types/node from 14.18.12 to 14.18.13 by @dependabot in https://github.com/hashicorp/js-releases/pull/36 | ||
| * Bump @types/mocha from 9.1.0 to 9.1.1 by @dependabot in https://github.com/hashicorp/js-releases/pull/37 | ||
| * Bump @types/node from 14.18.13 to 14.18.14 by @dependabot in https://github.com/hashicorp/js-releases/pull/38 | ||
| * Bump @types/node from 14.18.14 to 14.18.15 by @dependabot in https://github.com/hashicorp/js-releases/pull/39 | ||
| * Bump @types/node from 14.18.15 to 14.18.16 by @dependabot in https://github.com/hashicorp/js-releases/pull/40 | ||
| * Bump @types/node from 14.18.16 to 14.18.18 by @dependabot in https://github.com/hashicorp/js-releases/pull/47 | ||
| * Bump @types/node from 14.18.18 to 14.18.21 by @dependabot in https://github.com/hashicorp/js-releases/pull/51 | ||
| # 1.5.1 (2022-03-17) | ||
@@ -2,0 +27,0 @@ |
@@ -14,3 +14,3 @@ "use strict"; | ||
| const axios_1 = require("axios"); | ||
| const ProxyAgent = require('proxy-agent'); | ||
| const HttpsProxyAgent = require('https-proxy-agent'); | ||
| const httpProxy = process.env['HTTP_PROXY'] || process.env['http_proxy']; | ||
@@ -22,4 +22,4 @@ const httpsProxy = process.env['HTTPS_PROXY'] || process.env['https_proxy']; | ||
| proxy: false, | ||
| httpAgent: httpProxy ? new ProxyAgent(httpProxy) : undefined, | ||
| httpsAgent: httpsProxy ? new ProxyAgent(httpsProxy) : undefined, | ||
| httpAgent: httpProxy ? new HttpsProxyAgent(httpProxy) : undefined, | ||
| httpsAgent: httpsProxy ? new HttpsProxyAgent(httpsProxy) : undefined, | ||
| }; | ||
@@ -26,0 +26,0 @@ } |
| { | ||
| "name": "@hashicorp/js-releases", | ||
| "version": "1.5.1", | ||
| "version": "1.6.0", | ||
| "description": "Download packages from releases.hashicorp.com", | ||
@@ -29,4 +29,4 @@ "main": "./out/index.js", | ||
| "axios": "^0.25.0", | ||
| "https-proxy-agent": "^5.0.1", | ||
| "openpgp": "5.1.0", | ||
| "proxy-agent": "^5.0.0", | ||
| "semver": "^7.3.5", | ||
@@ -33,0 +33,0 @@ "yauzl": "^2.10.0" |
| # js-releases | ||
| [](https://github.com/hashicorp/js-releases/actions/workflows/test.yml) | ||
| [](https://github.com/hashicorp/js-releases/actions/workflows/publish.yml) | ||
| ## Download packages from releases.hashicorp.com | ||
| js-releases is a handy tool for downloading and verifying packages from releases.hashicorp.com. You can: | ||
| - fetch metadata for a given release (or latest) | ||
| - download the package | ||
| - verify the SHASUM and signature | ||
| - unpack to a specified directory | ||
| `js-releases` is a handy tool for downloading and verifying packages from [releases.hashicorp.com](https://releases.hashicorp.com/). | ||
| You can: | ||
| - fetch metadata for a given release (or latest) | ||
| - download the package | ||
| - verify the SHASUM and signature | ||
| - unpack to a specified directory | ||
| ## Environment variables | ||
| The downloader can be configured with environment variables. | ||
| Current available vars: | ||
| | Parameter | Description | Default | | ||
| | --------------------------- | -------------------------------------------------------- | ------- | | ||
| | `HTTP_PROXY`/`http_proxy` | If configured will set the HTTP_PROXY to download with. | - | | ||
| | `HTTPS_PROXY`/`https_proxy` | If configured will set the HTTPS_PROXY to download with. | - | | ||
| Currently available variables: | ||
| | Environment variable | Description | Default | | ||
| |:-------------------------------|:---------------------------------------------------------------|:--------| | ||
| | `HTTP_PROXY` \| `http_proxy` | If configured will set the HTTP proxy to fetch/download with. | - | | ||
| | `HTTPS_PROXY` \| `https_proxy` | If configured will set the HTTPS proxy to fetch/download with. | - | | ||
| ## Usage | ||
| ``` | ||
| ```js | ||
| import { Release, getRelease } from '@hashicorp/js-releases'; | ||
@@ -53,3 +60,3 @@ | ||
| Packages are verified using HashiCorp's public GPG key `72D7468F`. The previous key was rotated and revoked per [HCSEC-2021-12](https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512) on 4/22/21. As a result, earlier versions of `js-releases` will no longer be able to verify packages. | ||
| Packages are verified using HashiCorp's public GPG key `72D7468F`. The previous key was rotated and revoked per [HCSEC-2021-12](https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512) on 2021-04-22. As a result, earlier versions of `js-releases` will no longer be able to verify packages. | ||
@@ -56,0 +63,0 @@ ## License |
| import axiosBase, { AxiosRequestConfig } from 'axios'; | ||
| const ProxyAgent = require('proxy-agent'); | ||
| const HttpsProxyAgent = require('https-proxy-agent'); | ||
@@ -8,8 +8,7 @@ const httpProxy = process.env['HTTP_PROXY'] || process.env['http_proxy']; | ||
| let proxyConf = {}; | ||
| if (httpProxy || httpsProxy) { | ||
| proxyConf = { | ||
| proxy: false, | ||
| httpAgent: httpProxy ? new ProxyAgent(httpProxy) : undefined, | ||
| httpsAgent: httpsProxy ? new ProxyAgent(httpsProxy) : undefined, | ||
| httpAgent: httpProxy ? new HttpsProxyAgent(httpProxy) : undefined, | ||
| httpsAgent: httpsProxy ? new HttpsProxyAgent(httpsProxy) : undefined, | ||
| }; | ||
@@ -16,0 +15,0 @@ } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.01%
55382
- Number of lines in readme file
- increased by10.61%
73
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedhttps-proxy-agent@^5.0.1
- Removedproxy-agent@^5.0.0
- Removed@tootallnate/once@1.1.2(transitive)
- Removedacorn@8.14.0(transitive)
- Removedacorn-walk@8.3.4(transitive)
- Removedast-types@0.13.4(transitive)
- Removedbytes@3.1.2(transitive)
- Removedcore-util-is@1.0.3(transitive)
- Removeddata-uri-to-buffer@3.0.1(transitive)
- Removeddeep-is@0.1.4(transitive)
- Removeddegenerator@3.0.4(transitive)
- Removeddepd@2.0.0(transitive)
- Removedescodegen@1.14.3(transitive)
- Removedesprima@4.0.1(transitive)
- Removedestraverse@4.3.0(transitive)
- Removedesutils@2.0.3(transitive)
- Removedfast-levenshtein@2.0.6(transitive)
- Removedfile-uri-to-path@2.0.0(transitive)
- Removedfs-extra@8.1.0(transitive)
- Removedftp@0.3.10(transitive)
- Removedget-uri@3.0.2(transitive)
- Removedgraceful-fs@4.2.11(transitive)
- Removedhttp-errors@2.0.0(transitive)
- Removedhttp-proxy-agent@4.0.1(transitive)
- Removediconv-lite@0.4.24(transitive)
- Removedip@1.1.9(transitive)
- Removedip-address@9.0.5(transitive)
- Removedisarray@0.0.1(transitive)
- Removedjsbn@1.1.0(transitive)
- Removedjsonfile@4.0.0(transitive)
- Removedlevn@0.3.0(transitive)
- Removedlru-cache@5.1.1(transitive)
- Removednetmask@2.0.2(transitive)
- Removedoptionator@0.8.3(transitive)
- Removedpac-proxy-agent@5.0.0(transitive)
- Removedpac-resolver@5.0.1(transitive)
- Removedprelude-ls@1.1.2(transitive)
- Removedproxy-agent@5.0.0(transitive)
- Removedproxy-from-env@1.1.0(transitive)
- Removedraw-body@2.5.2(transitive)
- Removedreadable-stream@1.1.14(transitive)
- Removedsetprototypeof@1.2.0(transitive)
- Removedsmart-buffer@4.2.0(transitive)
- Removedsocks@2.8.4(transitive)
- Removedsocks-proxy-agent@5.0.1(transitive)
- Removedsource-map@0.6.1(transitive)
- Removedsprintf-js@1.1.3(transitive)
- Removedstatuses@2.0.1(transitive)
- Removedstring_decoder@0.10.31(transitive)
- Removedtoidentifier@1.0.1(transitive)
- Removedtslib@2.8.1(transitive)
- Removedtype-check@0.3.2(transitive)
- Removeduniversalify@0.1.2(transitive)
- Removedunpipe@1.0.0(transitive)
- Removedvm2@3.9.19(transitive)
- Removedword-wrap@1.2.5(transitive)
- Removedxregexp@2.0.0(transitive)
- Removedyallist@3.1.1(transitive)