@snyk/docker-registry-v2-client
Advanced tools
@snyk/docker-registry-v2-client - npm Package Compare versions
Comparing version 2.10.1 to 2.11.0
| /// <reference types="node" /> | ||
| /** @deprecated use downloadLayer instead. */ | ||
| export declare function getLayer(registryBase: string, repo: string, digest: string, username?: string, password?: string, options?: any): Promise<Buffer>; |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const contentTypes = require("./content-types"); | ||
| /** @deprecated use downloadLayer instead. */ | ||
| async function getLayer(registryBase, repo, digest, username, password, options = {}) { | ||
@@ -8,0 +9,0 @@ var _a; |
| import { checkSupport } from "./check-support"; | ||
| import { downloadLayer } from "./download-layer"; | ||
| import { getAuthTokenForEndpoint } from "./get-auth-token-for-endpoint"; | ||
@@ -13,2 +14,2 @@ import { getImageConfig } from "./get-image-config"; | ||
| import * as contentTypes from "./content-types"; | ||
| export { checkSupport, getAuthTokenForEndpoint, getImageConfig, getImageSize, getLayer, getManifest, getRepos, getTags, registryCall, validation, types, contentTypes, }; | ||
| export { checkSupport, downloadLayer, getAuthTokenForEndpoint, getImageConfig, getImageSize, getLayer, getManifest, getRepos, getTags, registryCall, validation, types, contentTypes, }; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.contentTypes = exports.types = exports.validation = exports.registryCall = exports.getTags = exports.getRepos = exports.getManifest = exports.getLayer = exports.getImageSize = exports.getImageConfig = exports.getAuthTokenForEndpoint = exports.checkSupport = void 0; | ||
| exports.contentTypes = exports.types = exports.validation = exports.registryCall = exports.getTags = exports.getRepos = exports.getManifest = exports.getLayer = exports.getImageSize = exports.getImageConfig = exports.getAuthTokenForEndpoint = exports.downloadLayer = exports.checkSupport = void 0; | ||
| const check_support_1 = require("./check-support"); | ||
| Object.defineProperty(exports, "checkSupport", { enumerable: true, get: function () { return check_support_1.checkSupport; } }); | ||
| const download_layer_1 = require("./download-layer"); | ||
| Object.defineProperty(exports, "downloadLayer", { enumerable: true, get: function () { return download_layer_1.downloadLayer; } }); | ||
| const get_auth_token_for_endpoint_1 = require("./get-auth-token-for-endpoint"); | ||
@@ -7,0 +9,0 @@ Object.defineProperty(exports, "getAuthTokenForEndpoint", { enumerable: true, get: function () { return get_auth_token_for_endpoint_1.getAuthTokenForEndpoint; } }); |
@@ -8,2 +8,8 @@ import { NeedleOptions, NeedleResponse } from "needle"; | ||
| }; | ||
| /** | ||
| * Snyk internal property. Do not use outside of library. | ||
| * | ||
| * Switches Needle to download contents of response to file using anti-callback mode. | ||
| */ | ||
| snykInternalOutputStream?: string; | ||
| } | ||
@@ -10,0 +16,0 @@ /** |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.NeedleWrapperException = exports.parseResponseBody = exports.needleWrapper = void 0; | ||
| const fs = require("fs"); | ||
| const needle = require("needle"); | ||
| const stream_1 = require("stream"); | ||
| // TODO: this is a temporary code that allows setting needle default timeout (alias for | ||
@@ -42,3 +44,13 @@ // open_timeout) to check how it affects the stability of our system, and specifically | ||
| try { | ||
| response = await needle("get", uri, options); | ||
| if (options.snykInternalOutputStream) { | ||
| response = await stream(needle.get(uri, Object.assign(Object.assign({}, options), { | ||
| // needle streams the response to file and memory as convenience if output is set. | ||
| // causes high memory usage for large binaries. | ||
| output: null, | ||
| // we treat the response body as a binary stream | ||
| parse_response: false })), fs.createWriteStream(options.snykInternalOutputStream)); | ||
| } | ||
| else { | ||
| response = await needle("get", uri, options); | ||
| } | ||
| } | ||
@@ -92,2 +104,39 @@ catch (err) { | ||
| exports.NeedleWrapperException = NeedleWrapperException; | ||
| /** | ||
| * Streams the readable stream to the writeable stream and returns the response | ||
| * of the underlying http.ClientRequest. | ||
| */ | ||
| async function stream(readable, writeable) { | ||
| return new Promise((resolve, reject) => { | ||
| let response; | ||
| // Emitted when the underlying http.ClientRequest emits a response event. | ||
| // This is after the connection is established and the header received, but | ||
| // before any of it is processed (e.g. authorization required or redirect | ||
| // to be followed). No data has been consumed at this point. | ||
| readable.on("response", inner => { | ||
| response = inner; | ||
| }); | ||
| // Triggered after the header has been processed, and just before the data | ||
| // is to be consumed. This implies that no redirect was followed and/or | ||
| // authentication header was received. In other words, we got a "valid" | ||
| // response. | ||
| readable.on("header", (statusCode, headers) => { | ||
| response.statusCode = statusCode; | ||
| response.headers = headers; | ||
| }); | ||
| // Emitted when an error ocurrs. This should only happen once in the | ||
| // lifecycle of a Needle request. | ||
| readable.on("err", err => { | ||
| reject(err); | ||
| }); | ||
| // Emitted when an timeout error occurs. Type can be either 'open', | ||
| // 'response', or 'read'. This will called right before aborting the | ||
| // request, which will also trigger an err event, a described above, with | ||
| // an ECONNRESET (Socket hang up) exception. | ||
| readable.on("timeout", type => { | ||
| reject(new Error(type + " timeout")); | ||
| }); | ||
| (0, stream_1.pipeline)(readable, writeable, err => err ? reject(err) : resolve(response)); | ||
| }); | ||
| } | ||
| //# sourceMappingURL=needle.js.map |
@@ -114,3 +114,5 @@ "use strict"; | ||
| } | ||
| const response = await (0, needle_1.needleWrapper)(reqConfig); | ||
| const response = await (0, needle_1.needleWrapper)(Object.assign(Object.assign({}, reqConfig), { | ||
| // we always want to read the credentials through the body | ||
| snykInternalOutputStream: undefined })); | ||
| const body = (0, needle_1.parseResponseBody)(response); | ||
@@ -117,0 +119,0 @@ return body.token || body.access_token; |
@@ -50,3 +50,3 @@ { | ||
| }, | ||
| "version": "2.10.1" | ||
| "version": "2.11.0" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10.08%
67281
- Number of package files
- increased by6.67%
48
- Lines of code
- increased by10.05%
865
Worsened metrics
- Number of low supply chain risk alerts
- increased by50%
3