@mozilla/rally
Advanced tools
@mozilla/rally - npm Package Compare versions
+4
-0
| # Unreleased changes | ||
| # v0.6.0 (2021-04-20) | ||
| * [550](https://github.com/mozilla-rally/rally-core-addon/pull/550): Do not use extension ID as namespace, breaks the `rally.js` API (constructor arg change) | ||
| # v0.5.0 (2021-03-03) | ||
@@ -4,0 +8,0 @@ |
+1
-2
| { | ||
| "name": "@mozilla/rally", | ||
| "version": "0.5.0", | ||
| "version": "0.6.0", | ||
| "description": "The Rally partner support library.", | ||
@@ -11,3 +11,2 @@ "main": "rally.js", | ||
| "devDependencies": {}, | ||
| "dependencies": {}, | ||
| "repository": { | ||
@@ -14,0 +13,0 @@ "type": "git", |
+13
-19
@@ -17,4 +17,4 @@ /* This Source Code Form is subject to the terms of the Mozilla Public | ||
| * | ||
| * @param {String} keyId | ||
| * The id of the key used to encrypt outgoing data. | ||
| * @param {String} schemaNamespace | ||
| * The namespace for this study. Must match the server-side schema. | ||
| * @param {Object} key | ||
@@ -42,6 +42,6 @@ * The JSON Web Key (JWK) used to encrypt the outgoing data. | ||
| */ | ||
| async initialize(keyId, key, enableDevMode, stateChangeCallback) { | ||
| async initialize(schemaNamespace, key, enableDevMode, stateChangeCallback) { | ||
| console.debug("Rally.initialize"); | ||
| this._validateEncryptionKey(keyId, key); | ||
| this._validateEncryptionKey(key); | ||
@@ -56,3 +56,4 @@ if (!stateChangeCallback) { | ||
| this._keyId = keyId; | ||
| this._namespace = schemaNamespace; | ||
| this._keyId = key.kid; | ||
| this._key = key; | ||
@@ -179,4 +180,2 @@ this._enableDevMode = Boolean(enableDevMode); | ||
| * | ||
| * @param {String} keyId | ||
| * The id of the key used to encrypt outgoing data. | ||
| * @param {Object} key | ||
@@ -198,9 +197,9 @@ * The JSON Web Key (JWK) used to encrypt the outgoing data. | ||
| */ | ||
| _validateEncryptionKey(keyId, key) { | ||
| if (typeof keyId !== "string") { | ||
| throw new Error(`Rally._validateEncryptionKey - Invalid encryption key id ${keyId}`); | ||
| _validateEncryptionKey(key) { | ||
| if (typeof key !== "object") { | ||
| throw new Error("Rally._validateEncryptionKey - Invalid encryption key", key); | ||
| } | ||
| if (typeof key !== "object") { | ||
| throw new Error(`Rally._validateEncryptionKey - Invalid encryption key ${key}`); | ||
| if (!("kid" in key && typeof key.kid === "string")) { | ||
| throw new Error("Rally._validateEncryptionKey - Missing or invalid encryption key ID in key", key); | ||
| } | ||
@@ -243,10 +242,5 @@ } | ||
| try { | ||
| // The unique identifier of the study can be used as the | ||
| // namespace, in order to make sure data is routed to the | ||
| // proper analysis sandbox. | ||
| const studyName = browser.runtime.id; | ||
| // This function may be mistakenly called while init has not | ||
| // finished. Let's be safe and check for key validity again. | ||
| this._validateEncryptionKey(this._keyId, this._key); | ||
| this._validateEncryptionKey(this._key); | ||
@@ -258,3 +252,3 @@ const msg = { | ||
| payload: payload, | ||
| namespace: studyName, | ||
| namespace: this._namespace, | ||
| keyId: this._keyId, | ||
@@ -261,0 +255,0 @@ key: this._key |
New alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
0
-100%Worsened metrics
- Total package byte prevSize
11176
-0.4%- Lines of code
229
-2.14%