@sendgrid/eventwebhook - npm Package Compare versions

Comparing version 7.2.6 to 7.4.4

package.json

 {
   "name": "@sendgrid/eventwebhook",
   "description": "Twilio SendGrid NodeJS Event Webhook",
-  "version": "7.2.6",
+  "version": "7.4.4",
   "author": "Twilio SendGrid <help@twilio.com> (sendgrid.com)",
@@ -28,3 +28,3 @@ "contributors": [
   ],
-  "gitHead": "017fe1a56391cfe5d74c3d432881dbdc44287d41"
+  "gitHead": "e918d6022c7ac763ba3c221921a16ab36d0b1e75"
 }

src/eventwebhook.spec.js

@@ -21,4 +21,34 @@ const {EventWebhook, EventWebhookHeader} = require('./eventwebhook');
 
+  const PUBLIC_KEY_MULTIPLE = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ4LIFtWztlsF7skFqOncjD1lun4H5w8XOhyOArHW9RcIx/FfEzx6cikC/yPfUvwaX/JScE7Fc9CJD2afQ9Ok3Q==';
+  const SIGNATURE_MULTIPLE = 'MEYCIQC/I4o6vCgqRYrTljjoVWB/GRWNtxeePlLMHr3x9ETeRQIhAIpV+03nREPTTHWSW0wIOA0EoMPdcNgXa70yCaqDJlu5';
+  const TIMESTAMP_MULTIPLE = 1619651159;
+  const eventsPayloadMultiple = [
+    {
+      email: 'invalid@gmail.com',
+      event: 'processed',
+      send_at: 0,
+      sg_event_id: 'cHJvY2Vzc2VkLTE5OTQyMTEyLXFOd0JMZ1BRUWpXNkRKdktRd1NBYnctMA',
+      sg_message_id: 'qNwBLgPQQjW6DJvKQwSAbw.filterdrecv-canary-547b64655b-cw6zx-1-6089EA4A-56.0',
+      'smtp-id': '<qNwBLgPQQjW6DJvKQwSAbw@ismtpd0178p1mdw1.sendgrid.net>',
+      timestamp: 1619651146,
+    },
+    {
+      email: 'invalid@gmail.com',
+      event: 'bounce',
+      ip: '167.89.101.76',
+      reason: '552 5.2.2 The email account that you tried to reach is over quota and inactive. Please direct the recipient to https://support.google.com/mail/?p=OverQuotaPerm c17si1130468pgv.34 - gsmtp',
+      sg_event_id: 'Ym91bmNlLTAtMTk5NDIxMTItcU53QkxnUFFRalc2REp2S1F3U0Fidy0w',
+      sg_message_id: 'qNwBLgPQQjW6DJvKQwSAbw.filterdrecv-canary-547b64655b-cw6zx-1-6089EA4A-56.0',
+      'smtp-id': '<qNwBLgPQQjW6DJvKQwSAbw@ismtpd0178p1mdw1.sendgrid.net>',
+      status: '5.2.2',
+      timestamp: 1619651147,
+      tls: 1,
+      type: 'blocked',
+    },
+  ];
+  const PAYLOAD_MULTIPLE_EVENTS = JSON.stringify(eventsPayloadMultiple).split('},{').join('},\r\n{') + '\r\n'; // Be sure to include the trailing carriage return and newline after each event
+
+
   describe('#verifySignature()', () => {
-    it('should verify a valid signature', () => {
+    it('should verify a valid single event signature', () => {
       expect(verify(
@@ -32,2 +62,11 @@ PUBLIC_KEY,
 
+    it('should verify a valid multi event signature', () => {
+      expect(verify(
+        PUBLIC_KEY_MULTIPLE,
+        PAYLOAD_MULTIPLE_EVENTS,
+        SIGNATURE_MULTIPLE,
+        TIMESTAMP_MULTIPLE
+      )).to.equal(true);
+    });
+
     it('should reject for invalid key', () => {
@@ -34,0 +73,0 @@ expect(verify(

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9417

increased by24.04%

Lines of code

196

increased by22.5%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes