@mozilla/rally - npm Package Compare versions

Comparing version 0.5.0 to 0.6.0

CHANGELOG.md

 # Unreleased changes
 
+# v0.6.0 (2021-04-20)
+
+* [550](https://github.com/mozilla-rally/rally-core-addon/pull/550): Do not use extension ID as namespace, breaks the `rally.js` API (constructor arg change)
+
 # v0.5.0 (2021-03-03)
@@ -4,0 +8,0 @@

package.json

 {
   "name": "@mozilla/rally",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "The Rally partner support library.",
@@ -11,3 +11,2 @@ "main": "rally.js",
   "devDependencies": {},
-  "dependencies": {},
   "repository": {
@@ -14,0 +13,0 @@ "type": "git",

rally.js

@@ -17,4 +17,4 @@ /* This Source Code Form is subject to the terms of the Mozilla Public
    *
-   * @param {String} keyId
-   *        The id of the key used to encrypt outgoing data.
+   * @param {String} schemaNamespace
+   *        The namespace for this study. Must match the server-side schema.
    * @param {Object} key
@@ -42,6 +42,6 @@ *        The JSON Web Key (JWK) used to encrypt the outgoing data.
    */
-  async initialize(keyId, key, enableDevMode, stateChangeCallback) {
+  async initialize(schemaNamespace, key, enableDevMode, stateChangeCallback) {
     console.debug("Rally.initialize");
 
-    this._validateEncryptionKey(keyId, key);
+    this._validateEncryptionKey(key);
 
@@ -56,3 +56,4 @@ if (!stateChangeCallback) {
 
-    this._keyId = keyId;
+    this._namespace = schemaNamespace;
+    this._keyId = key.kid;
     this._key = key;
@@ -179,4 +180,2 @@ this._enableDevMode = Boolean(enableDevMode);
    *
-   * @param {String} keyId
-   *        The id of the key used to encrypt outgoing data.
    * @param {Object} key
@@ -198,9 +197,9 @@ *        The JSON Web Key (JWK) used to encrypt the outgoing data.
    */
-  _validateEncryptionKey(keyId, key) {
-    if (typeof keyId !== "string") {
-      throw new Error(`Rally._validateEncryptionKey - Invalid encryption key id ${keyId}`);
+  _validateEncryptionKey(key) {
+    if (typeof key !== "object") {
+      throw new Error("Rally._validateEncryptionKey - Invalid encryption key", key);
     }
 
-    if (typeof key !== "object") {
-      throw new Error(`Rally._validateEncryptionKey - Invalid encryption key ${key}`);
+    if (!("kid" in key && typeof key.kid === "string")) {
+      throw new Error("Rally._validateEncryptionKey - Missing or invalid encryption key ID in key", key);
     }
@@ -243,10 +242,5 @@ }
     try {
-      // The unique identifier of the study can be used as the
-      // namespace, in order to make sure data is routed to the
-      // proper analysis sandbox.
-      const studyName = browser.runtime.id;
-
       // This function may be mistakenly called while init has not
       // finished. Let's be safe and check for key validity again.
-      this._validateEncryptionKey(this._keyId, this._key);
+      this._validateEncryptionKey(this._key);
 
@@ -258,3 +252,3 @@ const msg = {
           payload: payload,
-          namespace: studyName,
+          namespace: this._namespace,
           keyId: this._keyId,
@@ -261,0 +255,0 @@ key: this._key

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

0

-100%

Worsened metrics

Total package byte prevSize

11176

-0.4%

Lines of code

229

-2.14%

No dependency changes