@netlify/ipx - npm Package Compare versions

Comparing version 1.4.2 to 1.4.3-alpha-waf-logging-0.0.0

dist/index.js

@@ -62,10 +62,14 @@ "use strict";
         const isLocal = !id.startsWith('http://') && !id.startsWith('https://');
+        const wafBypassTokenHeader = event.headers[WAF_BYPASS_TOKEN_HEADER];
+        if (wafBypassTokenHeader) {
+            console.log('WAF bypass token found');
+        }
         if (isLocal) {
             // This header is available to all lambdas that went through WAF
             // We need to add it for local images (origin server) to be able to bypass WAF
-            if (event.headers[WAF_BYPASS_TOKEN_HEADER]) {
+            if (wafBypassTokenHeader) {
                 // eslint-disable-next-line no-console
-                console.log(`WAF bypass token found, setting ${WAF_BYPASS_TOKEN_HEADER} header to load source image`);
+                console.log(`Setting ${WAF_BYPASS_TOKEN_HEADER} header to load source image`);
                 requestHeaders[WAF_BYPASS_TOKEN_HEADER] =
-                    event.headers[WAF_BYPASS_TOKEN_HEADER];
+                    wafBypassTokenHeader;
             }
@@ -133,2 +137,3 @@ const url = new URL(event.rawUrl);
         }
+        console.log(`headers being sent to loadSourceImage: ${Object.keys(requestHeaders).join(', ')}`);
         const { response, cacheKey, responseEtag, finalize } = await loadSourceImage({
@@ -135,0 +140,0 @@ cacheDir,

package.json

 {
   "name": "@netlify/ipx",
-  "version": "1.4.2",
+  "version": "1.4.3-alpha-waf-logging-0.0.0",
   "description": "on-demand image optimization for Netlify",
@@ -5,0 +5,0 @@ "repository": "netlify/netlify-ipx",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

28167

increased by0.87%

Lines of code

597

increased by0.84%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes