New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@tartine/common
Advanced tools
@tartine/common - npm Package Compare versions
Comparing version 1.0.5 to 1.0.6
@@ -0,1 +1,10 @@ | ||
| export declare type ProblemDetailsResponse = { | ||
| title: string; | ||
| detail?: string; | ||
| status: number; | ||
| invalid_params?: { | ||
| param: string; | ||
| reason: string; | ||
| }[]; | ||
| }; | ||
| export declare abstract class CustomError extends Error { | ||
@@ -9,11 +18,3 @@ abstract statusCode: number; | ||
| */ | ||
| abstract serializeResponse(): { | ||
| title: string; | ||
| detail?: string; | ||
| status: number; | ||
| invalid_params?: { | ||
| param: string; | ||
| reason: string; | ||
| }[]; | ||
| }; | ||
| abstract serializeResponse(): ProblemDetailsResponse; | ||
| } |
| import { Request, Response, NextFunction } from "express"; | ||
| interface UserPayload { | ||
| /** | ||
| * TODO: Move this to the common package | ||
| */ | ||
| declare type UserPayload = { | ||
| userId: string; | ||
| } | ||
| }; | ||
| declare global { | ||
@@ -12,3 +15,7 @@ namespace Express { | ||
| } | ||
| export declare const sessionCookieHandler: (req: Request, _: Response, next: NextFunction) => void; | ||
| declare type Args = { | ||
| cookieName: string; | ||
| cookieSecret: string; | ||
| }; | ||
| export declare const sessionCookieHandler: ({ cookieName, cookieSecret }: Args) => (req: Request, _: Response, next: NextFunction) => void; | ||
| export {}; |
@@ -10,28 +10,31 @@ "use strict"; | ||
| var errors_1 = require("../errors"); | ||
| var sessionCookieHandler = function (req, _, next) { | ||
| try { | ||
| var cookies = cookie_1.default.parse(req.headers.cookie || ""); | ||
| var sessionCookie = cookies[process.env.SESSION_COOKIE_NAME]; | ||
| if (!sessionCookie) { | ||
| throw new errors_1.BadRequestError("No session cookie supplied with the request"); | ||
| } | ||
| var unsignedValue = cookie_signature_1.default.unsign(sessionCookie, process.env.SESSION_COOKIE_SECRET); | ||
| if (unsignedValue !== false) { | ||
| try { | ||
| var payload = JSON.parse(Buffer.from(unsignedValue, "base64").toString("utf8")); | ||
| req.user = payload; | ||
| var sessionCookieHandler = function (_a) { | ||
| var cookieName = _a.cookieName, cookieSecret = _a.cookieSecret; | ||
| return function (req, _, next) { | ||
| try { | ||
| var cookies = cookie_1.default.parse(req.headers.cookie || ""); | ||
| var sessionCookie = cookies[cookieName]; | ||
| if (!sessionCookie) { | ||
| throw new errors_1.BadRequestError("No session cookie supplied with the request"); | ||
| } | ||
| catch (err) { | ||
| var unsignedValue = cookie_signature_1.default.unsign(sessionCookie, cookieSecret); | ||
| if (unsignedValue !== false) { | ||
| try { | ||
| var payload = JSON.parse(Buffer.from(unsignedValue, "base64").toString("utf8")); | ||
| req.user = payload; | ||
| } | ||
| catch (err) { | ||
| throw new errors_1.BadRequestError("Invalid session cookie supplied with the request"); | ||
| } | ||
| } | ||
| else { | ||
| throw new errors_1.BadRequestError("Invalid session cookie supplied with the request"); | ||
| } | ||
| } | ||
| else { | ||
| throw new errors_1.BadRequestError("Invalid session cookie supplied with the request"); | ||
| catch (err) { | ||
| next(err); | ||
| } | ||
| } | ||
| catch (err) { | ||
| next(err); | ||
| } | ||
| next(); | ||
| next(); | ||
| }; | ||
| }; | ||
| exports.sessionCookieHandler = sessionCookieHandler; |
| { | ||
| "name": "@tartine/common", | ||
| "version": "1.0.5", | ||
| "version": "1.0.6", | ||
| "description": "Nothing but commons", | ||
@@ -5,0 +5,0 @@ "main": "./dist/index.js", |
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.16%
31596
- Lines of code
- increased by1.41%
789
- Number of low supply chain risk alerts
- decreased by-50%
2
No dependency changes