@pan-os/cerberus - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

index.js

@@ -6,3 +6,3 @@ /**
 const { verify } = require('jsonwebtoken');
-const { localStrategy } = require('./strategies');
+const { localStrategy, facebookStrategy } = require('./strategies');
 
@@ -21,5 +21,7 @@ const attachPassport = (app, passport) => {
 };
-/* eslint-disable max-len */
-const registerLocalStrategy = (passport, kind, lookupUser) => passport.use(kind, localStrategy(lookupUser));
 
+const registerLocalStrategy = (passport, kind) => passport.use(kind, localStrategy);
+
+const registerFacebookStrategy = (passport) => passport.use('facebook', facebookStrategy);
+
 const validateJwt = (jwt) => {
@@ -80,2 +82,3 @@ try {
   registerLocalStrategy,
+  registerFacebookStrategy,
   protect,
@@ -82,0 +85,0 @@ };

package.json

 {
   "name": "@pan-os/cerberus",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "security wrapper to protect routes dynamically with heimdall structure",
@@ -29,5 +29,5 @@ "main": "index.js",
     "jsonwebtoken": "^8.3.0",
-    "passport-local": "^1.0.0",
+    "passport-facebook": "^2.1.1",
     "restify-errors": "^6.1.1"
   }
 }

strategies/index.js

 const localStrategy = require('./localStrategy');
+const facebookStrategy = require('./facebook');
 
 module.exports = {
   localStrategy,
+  facebookStrategy,
 };

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

24578

increased by5.32%

Number of package files

10

increased by11.11%

Lines of code

100

increased by13.64%

Worsened metrics

Number of low supply chain risk alerts

5

increased by150%

Dependency changes

• + Addedpassport-facebook@^2.1.1

• + Addedbase64url@3.0.1(transitive)

• + Addedoauth@0.10.0(transitive)

• + Addedpassport-facebook@2.1.1(transitive)

• + Addedpassport-oauth2@1.8.0(transitive)

• + Addeduid2@0.0.4(transitive)

• + Addedutils-merge@1.0.1(transitive)

• - Removedpassport-local@^1.0.0

• - Removedpassport-local@1.0.0(transitive)