@poppinss/utils
Advanced tools
@poppinss/utils - npm Package Compare versions
Comparing version 2.2.2 to 2.2.3
@@ -11,1 +11,2 @@ export { base64 } from './src/base64'; | ||
| export { randomString } from './src/randomString'; | ||
| export { MessageBuilder } from './src/MessageBuilder'; |
@@ -37,1 +37,3 @@ "use strict"; | ||
| exports.randomString = randomString_1.randomString; | ||
| var MessageBuilder_1 = require("./src/MessageBuilder"); | ||
| exports.MessageBuilder = MessageBuilder_1.MessageBuilder; |
| { | ||
| "name": "@poppinss/utils", | ||
| "version": "2.2.2", | ||
| "version": "2.2.3", | ||
| "description": "Handy utilities for repetitive work", | ||
@@ -5,0 +5,0 @@ "main": "build/index.js", |
@@ -28,2 +28,3 @@ # Utils | ||
| - [Safe equal](#safe-equal) | ||
| - [Message Builder](#message-builder) | ||
@@ -229,2 +230,28 @@ <!-- END doctoc generated TOC please keep comment here to allow auto update --> | ||
| ## Message Builder | ||
| Message builder provides a sane API for stringifying objects similar to `JSON.stringify` but has a few advantages. | ||
| - It is safe from JSON poisoning vulnerability. | ||
| - You can define expiry and purpose for the encoding. The `verify` method will respect these values. | ||
| The message builder alone may seem useless, since anyone can decode the object and change its expiry or purpose. However, you can generate an hash of the stringified object and verify for tampering by validating the hash. This is what AdonisJS does for cookies. | ||
| ```ts | ||
| import { MessageBuilder } from '@poppinss/utils' | ||
| const builder = new MessageBuilder() | ||
| const encoded = builder.build( | ||
| { username: 'virk' }, | ||
| '1 hour', | ||
| 'login', | ||
| ) | ||
| ``` | ||
| Now verify it | ||
| ```ts | ||
| builder.verify(encoded) // returns null, no purpose defined | ||
| builder.verify(encoded, 'register') // returns null, purpose mismatch. | ||
| builder.verify(encoded, 'login') // return { username: 'virk' } | ||
| ``` | ||
| [circleci-image]: https://img.shields.io/circleci/project/github/poppinss/utils/master.svg?style=for-the-badge&logo=circleci | ||
@@ -231,0 +258,0 @@ [circleci-url]: https://circleci.com/gh/poppinss/utils "circleci" |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.39%
54881
- Number of lines in readme file
- increased by11.3%
266
Worsened metrics
- Number of package files
- decreased by-6.67%
28
- Lines of code
- decreased by-4.46%
707
No dependency changes