New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@paypal/sdk-client

Package Overview
Dependencies
Maintainers
39
Versions
167
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@paypal/sdk-client - npm Package Compare versions

Comparing version

4.0.162
to
4.0.163

6

package.json
{
"name": "@paypal/sdk-client",
"version": "4.0.162",
"version": "4.0.163",
"description": "Shared config between PayPal/Braintree.",

@@ -24,3 +24,3 @@ "main": "index.js",

"webpack": "babel-node --plugins=transform-es2015-modules-commonjs ./node_modules/.bin/webpack --progress",
"jest": "jest test/server --env=node --no-cache --collectCoverageFrom='server/' --coverage --verbose --runInBand --silent=false",
"jest": "jest test/server --env=node --no-cache --collectCoverageFrom='server/' --coverageDirectory='coverage/jest' --coverage --verbose --runInBand --silent=false",
"prepublishOnly": "npm run babel",

@@ -67,3 +67,3 @@ "postpublish": "rm -rf ./server && git checkout ./server"

"flow-bin": "0.155.0",
"grumbler-scripts": "^3",
"grumbler-scripts": "^5.0.0",
"mocha": "4.1.0",

@@ -70,0 +70,0 @@ "sync-browser-mocks": "2.0.8"

2

README.md

@@ -16,3 +16,3 @@ PayPal SDK Client

[license-badge]: https://img.shields.io/npm/l/@paypal/sdk-client.svg?style=flat-square
[license]: https://github.com/paypal/paypal-sdk-client/blob/master/LICENSE
[license]: https://github.com/paypal/paypal-sdk-client/blob/main/LICENSE

@@ -19,0 +19,0 @@ A shared client for PayPal/Braintree client sdk modules. Has both client-side and server-side bindings to help you build and integrate an sdk component.

27

server/meta.js

@@ -22,2 +22,4 @@ "use strict";

// eslint-disable-next-line import/no-nodejs-modules
const emailRegex = /^.+@.+$/;
function validatePaymentsSDKUrl({

@@ -47,5 +49,18 @@ pathname,

if (!val.match(/^[a-zA-Z0-9_,-@.]+$/) && !val.match(/^\*$/)) {
if (!val.match(/^[a-zA-Z0-9+_,-@.]+$/) && !val.match(/^\*$/)) {
throw new Error(`Unexpected characters in query key for sdk url: ${key}=${val}`);
}
if (key === _sdkConstants.SDK_QUERY_KEYS.MERCHANT_ID) {
const merchantValues = val.split(",");
merchantValues.forEach(merchantValue => {
if (merchantValue.length > 320) {
throw new Error(`Email is too long: ${merchantValue}`);
}
if (!emailRegex.test(merchantValue)) {
throw new Error(`Malformed. merchant email: ${merchantValue}`);
}
});
}
}

@@ -115,6 +130,12 @@

if (protocol !== _constants.PROTOCOL.HTTP && protocol !== _constants.PROTOCOL.HTTPS) {
if (!sdkUrl.startsWith(_constants.PROTOCOL.HTTP) && !sdkUrl.startsWith(_constants.PROTOCOL.HTTPS)) {
throw new Error(`Expected protocol for sdk url to be ${_constants.PROTOCOL.HTTP} or ${_constants.PROTOCOL.HTTPS} for host: ${hostname} - got ${protocol || 'undefined'}`);
}
const hostnameMatchResults = hostname.match(/[a-z0-9\.\-]+/);
if (!hostnameMatchResults || hostnameMatchResults[0] !== hostname) {
throw new Error(`Expected a valid host: ${hostname}`);
}
if (isLegacySDKUrl(hostname, pathname)) {

@@ -150,3 +171,3 @@ validateLegacySDKUrl({

const ALLOWED_ATTRS = [_sdkConstants.SDK_SETTINGS.AMOUNT, _sdkConstants.SDK_SETTINGS.CLIENT_TOKEN, _sdkConstants.SDK_SETTINGS.MERCHANT_ID, _sdkConstants.SDK_SETTINGS.PARTNER_ATTRIBUTION_ID, _sdkConstants.SDK_SETTINGS.ENABLE_3DS, _sdkConstants.SDK_SETTINGS.SDK_INTEGRATION_SOURCE, _sdkConstants.SDK_SETTINGS.CLIENT_METADATA_ID, _belter.ATTRIBUTES.UID, _sdkConstants.SDK_SETTINGS.CSP_NONCE];
const ALLOWED_ATTRS = [_sdkConstants.SDK_SETTINGS.AMOUNT, _sdkConstants.SDK_SETTINGS.CLIENT_TOKEN, _sdkConstants.SDK_SETTINGS.MERCHANT_ID, _sdkConstants.SDK_SETTINGS.PARTNER_ATTRIBUTION_ID, _sdkConstants.SDK_SETTINGS.POPUPS_DISABLED, _sdkConstants.SDK_SETTINGS.ENABLE_3DS, _sdkConstants.SDK_SETTINGS.SDK_INTEGRATION_SOURCE, _sdkConstants.SDK_SETTINGS.CLIENT_METADATA_ID, _belter.ATTRIBUTES.UID, _sdkConstants.SDK_SETTINGS.CSP_NONCE];

@@ -153,0 +174,0 @@ function getSDKScriptAttributes(sdkUrl, allAttrs) {

26

server/meta.jsx

@@ -18,2 +18,4 @@ /* @flow */

const emailRegex = /^.+@.+$/;
function validatePaymentsSDKUrl({ pathname, query, hash }) {

@@ -41,5 +43,18 @@

if (!val.match(/^[a-zA-Z0-9_,-@.]+$/) && !val.match(/^\*$/)) {
if (!val.match(/^[a-zA-Z0-9+_,-@.]+$/) && !val.match(/^\*$/)) {
throw new Error(`Unexpected characters in query key for sdk url: ${ key }=${ val }`);
}
if (key === SDK_QUERY_KEYS.MERCHANT_ID) {
const merchantValues = val.split(",");
merchantValues.forEach(merchantValue => {
if (merchantValue.length > 320) {
throw new Error(`Email is too long: ${merchantValue}`)
}
if (!emailRegex.test(merchantValue)) {
throw new Error(`Malformed. merchant email: ${merchantValue}`);
}
});
}
}

@@ -110,6 +125,12 @@

if (protocol !== PROTOCOL.HTTP && protocol !== PROTOCOL.HTTPS) {
if (!sdkUrl.startsWith(PROTOCOL.HTTP) && !sdkUrl.startsWith(PROTOCOL.HTTPS)) {
throw new Error(`Expected protocol for sdk url to be ${ PROTOCOL.HTTP } or ${ PROTOCOL.HTTPS } for host: ${ hostname } - got ${ protocol || 'undefined' }`);
}
const hostnameMatchResults = hostname.match(/[a-z0-9\.\-]+/);
if (!hostnameMatchResults || hostnameMatchResults[0] !== hostname) {
throw new Error(`Expected a valid host: ${ hostname }`);
}
if (isLegacySDKUrl(hostname, pathname)) {

@@ -146,2 +167,3 @@ validateLegacySDKUrl({ pathname });

SDK_SETTINGS.PARTNER_ATTRIBUTION_ID,
SDK_SETTINGS.POPUPS_DISABLED,
SDK_SETTINGS.ENABLE_3DS,

@@ -148,0 +170,0 @@ SDK_SETTINGS.SDK_INTEGRATION_SOURCE,

1

src/meta.js

@@ -12,2 +12,3 @@ /* @flow */

SDK_SETTINGS.PARTNER_ATTRIBUTION_ID,
SDK_SETTINGS.POPUPS_DISABLED,
SDK_SETTINGS.ENABLE_3DS,

@@ -14,0 +15,0 @@ SDK_SETTINGS.SDK_INTEGRATION_SOURCE,

4

src/script.js

@@ -203,2 +203,6 @@ /* @flow */

export function getMerchantRequestedPopupsDisabled() : boolean {
return getSDKAttribute(SDK_SETTINGS.POPUPS_DISABLED) === 'true';
}
export function getPageType() : ?string {

@@ -205,0 +209,0 @@ const pageType = getSDKAttribute(SDK_SETTINGS.PAGE_TYPE, '');