@tinyhttp/cors - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

dist/index.d.ts

@@ -1,5 +0,4 @@
-/// <reference types="node" />
-import { IncomingMessage as Request, ServerResponse as Response } from 'http';
+import type { IncomingMessage as Request, ServerResponse as Response } from 'node:http';
 export interface AccessControlOptions {
-    origin?: string | boolean | ((req: Request, res: Response) => string) | Array<string> | RegExp;
+    origin?: string | boolean | ((req: Request, res: Response) => string) | Iterable<string> | RegExp;
     methods?: string[];
@@ -6,0 +5,0 @@ allowedHeaders?: string[];

dist/index.js

@@ -1,33 +0,67 @@
-import { vary } from 'es-vary';
-
+import { vary } from '@tinyhttp/vary';
+const isIterable = (obj) => typeof obj[Symbol.iterator] === 'function';
+const failOriginParam = () => {
+    throw new TypeError('No other objects allowed. Allowed types is array of strings or RegExp');
+};
+const getOriginHeaderHandler = (origin) => {
+    if (typeof origin === 'boolean') {
+        return origin
+            ? (_, res) => {
+                res.setHeader('Access-Control-Allow-Origin', '*');
+            }
+            : () => undefined;
+    }
+    if (typeof origin === 'string') {
+        return (_, res) => {
+            res.setHeader('Access-Control-Allow-Origin', origin);
+        };
+    }
+    if (typeof origin === 'function') {
+        return (req, res) => {
+            vary(res, 'Origin');
+            res.setHeader('Access-Control-Allow-Origin', origin(req, res));
+        };
+    }
+    if (typeof origin !== 'object')
+        failOriginParam();
+    if (isIterable(origin)) {
+        const originArray = Array.from(origin);
+        if (originArray.some((element) => typeof element !== 'string'))
+            failOriginParam();
+        const originSet = new Set(origin);
+        if (originSet.has('*')) {
+            return (_, res) => {
+                res.setHeader('Access-Control-Allow-Origin', '*');
+            };
+        }
+        return (req, res) => {
+            vary(res, 'Origin');
+            if (req.headers.origin === undefined)
+                return;
+            if (!originSet.has(req.headers.origin))
+                return;
+            res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+        };
+    }
+    if (origin instanceof RegExp) {
+        return (req, res) => {
+            vary(res, 'Origin');
+            if (req.headers.origin === undefined)
+                return;
+            if (!origin.test(req.headers.origin))
+                return;
+            res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+        };
+    }
+    failOriginParam();
+};
 /**
  * CORS Middleware
  */
-const cors = (opts = {}) => {
+export const cors = (opts = {}) => {
     const { origin = '*', methods = ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'], allowedHeaders = ['content-type'], exposedHeaders, credentials, maxAge, optionsSuccessStatus = 204, preflightContinue = false } = opts;
+    const originHeaderHandler = getOriginHeaderHandler(origin);
     return (req, res, next) => {
         var _a, _b;
-        // Checking the type of the origin property
-        if (typeof origin === 'boolean' && origin === true) {
-            res.setHeader('Access-Control-Allow-Origin', '*');
-        }
-        else if (typeof origin === 'string') {
-            res.setHeader('Access-Control-Allow-Origin', origin);
-        }
-        else if (typeof origin === 'function') {
-            res.setHeader('Access-Control-Allow-Origin', origin(req, res));
-        }
-        else if (typeof origin === 'object') {
-            if (Array.isArray(origin) && (origin.indexOf(req.headers.origin) !== -1 || origin.indexOf('*') !== -1)) {
-                res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-            }
-            else if (origin instanceof RegExp && origin.test(req.headers.origin)) {
-                res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-            }
-            else {
-                throw new TypeError('No other objects allowed. Allowed types is array of strings or RegExp');
-            }
-        }
-        if ((typeof origin === 'string' && origin !== '*') || typeof origin === 'function')
-            vary(res, 'Origin');
+        originHeaderHandler(req, res);
         // Setting the Access-Control-Allow-Methods header from the methods array
@@ -62,3 +96,1 @@ res.setHeader('Access-Control-Allow-Methods', methods.join(', ').toUpperCase());
 };
-
-export { cors };

package.json

 {
   "name": "@tinyhttp/cors",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "type": "module",
@@ -12,3 +12,3 @@ "description": "CORS middleware for modern Node.js ",
   "engines": {
-    "node": ">=12.4 || 14.x || >=16"
+    "node": ">=12.20 || 14.x || >=16"
   },
@@ -29,35 +29,25 @@ "types": "./dist/index.d.ts",
   ],
+  "devDependencies": {
+    "@biomejs/biome": "1.8.3",
+    "@commitlint/cli": "19.3.0",
+    "@commitlint/config-conventional": "19.2.2",
+    "@tinyhttp/app": "2.2.4",
+    "@types/node": "^20.14.10",
+    "c8": "^10.1.2",
+    "husky": "^9.0.11",
+    "supertest-fetch": "^2.0.0",
+    "tsx": "^4.16.2",
+    "typescript": "~5.5.3"
+  },
   "dependencies": {
-    "es-vary": "^0.1.1"
+    "@tinyhttp/vary": "^0.1.3"
   },
-  "devDependencies": {
-    "@commitlint/cli": "13.1.0",
-    "@commitlint/config-conventional": "13.1.0",
-    "@rollup/plugin-typescript": "^8.2.5",
-    "@tinyhttp/app": "1.3.15",
-    "@types/node": "^16.7.1",
-    "@typescript-eslint/eslint-plugin": "^4.29.2",
-    "@typescript-eslint/parser": "^4.29.2",
-    "c8": "^7.8.0",
-    "esbuild-node-loader": "^0.3.1",
-    "eslint": "^7.32.0",
-    "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-prettier": "^3.4.1",
-    "expect": "^27.0.6",
-    "husky": "^7.0.1",
-    "prettier": "^2.3.2",
-    "rollup": "^2.56.2",
-    "supertest-fetch": "^1.4.3",
-    "typescript": "^4.3.5",
-    "uvu": "^0.5.1"
-  },
   "scripts": {
-    "build": "rollup -c",
-    "test": "node --experimental-loader esbuild-node-loader node_modules/uvu/bin.js tests",
-    "test:coverage": "c8 --include=src pnpm test",
-    "test:report": "c8 report --reporter=text-lcov > coverage.lcov",
-    "lint": "eslint . --ext=ts",
-    "format": "prettier --check \"./**/*.{ts,md}\"",
-    "format:fix": "prettier --write \"./**/*.{ts,md}\""
+    "build": "tsc -p tsconfig.build.json",
+    "test": "tsx --test src/*.test.ts",
+    "cov": "c8 -r lcov pnpm test",
+    "lint": "biome lint .",
+    "format": "biome format .",
+    "check": "biome check ."
   }
 }

README.md

@@ -70,5 +70,5 @@ <div align="center">
 [github-actions]: https://github.com/tinyhttp/cors/actions
-[gh-actions-img]: https://img.shields.io/github/workflow/status/tinyhttp/cors/CI?style=for-the-badge&logo=github&label=&color=hotpink
+[gh-actions-img]: https://img.shields.io/github/actions/workflow/status/tinyhttp/cors/ci.yml?style=for-the-badge&logo=github&label=&color=hotpink
 [cov-img]: https://img.shields.io/coveralls/github/tinyhttp/cors?style=for-the-badge&color=hotpink
 [cov-url]: https://coveralls.io/github/tinyhttp/cors
 [npm-img]: https://img.shields.io/npm/dt/@tinyhttp/cors?style=for-the-badge&color=hotpink

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9369

increased by4.11%

Dev dependency count

10

decreased by-47.37%

Lines of code

110

increased by42.86%

Dependency changes

• + Added@tinyhttp/vary@^0.1.3

• + Added@tinyhttp/vary@0.1.3(transitive)

• - Removedes-vary@^0.1.1

• - Removedes-vary@0.1.2(transitive)