akismet-api - npm Package Compare versions

Comparing version 5.3.0 to 6.0.0

akismet-api.d.ts

@@ -72,3 +72,4 @@ declare module "akismet-api" {
     | 'comment_author_url' | 'url'
-    | 'user_role' | 'role';
-}
+    | 'user_role' | 'role'
+    | 'honeypot' | 'honeypot_field_name';
+}

CHANGELOG.md

@@ -0,1 +1,21 @@
+6.0.0
+=====
+
+* **Breaking:** Removed support for Node 13 (end of life)
+* **Breaking:** Removed support for Node 12 (end of life)
+* **Breaking:** Removed support for Node 10 (end of life)
+* Feature: Added support for `honeypot` / `honeypot_field_name`
+* Feature: Added official support for Node 19.x
+* Feature: Added official support for Node 18.x
+* Patch: User agent is no longer a required field
+* Patch: Added CI typescript type validation
+* Patch: Fixed travis link
+* Patch: Updated nock to 13.0.0
+* Patch: Updated prettier to 2.0.2
+* Patch: Updated mocha to 10.0.0
+* Patch: Updated superagent to 8.0.0
+* Patch: Updated chai to 4.0.1
+* Patch: Resolved dependabot alert about qs
+* Patch: Resolved dependabot alert about minimatch
+
 5.3.0
@@ -2,0 +22,0 @@ =====

docs/comments.md

@@ -13,3 +13,3 @@ Comment Data Structure
 | `ip` | `user_ip` | The commentor's IP address (**required**)|
-| `useragent` | `user_agent` | The commentor's user agent  (**required**) |
+| `useragent` | `user_agent` | The commentor's user agent |
 | `referrer` | `referrer` | The referrer header sent by the commentor's browser |
@@ -26,2 +26,29 @@ | `content` | `comment_content` | The actual content of the comment |
 | `role` | `user_role` | The commentor's 'role'. If set to 'administrator', it will never be marked spam |
+| `honeypot` | `honeypot_field_name` | See section below for detailed description |
 | `isTest` | `is_test` | Set this to `true` for your automated tests |
+
+Honeypot field
+--------------
+
+Akismet supports a ["honeypot" field][0]. Honeypot fields are visually hidden
+inputs which trick bot users into completing a field that human users can't
+detect. If your form is submitted with a value in the honeypot field it is a
+very strong signal for spam, because only a bot would detect and complete the
+field. For convenience, Akismet-api provides a single field for honeypot values:
+
+```javascript
+comment['honeypot'] = myForm['myHoneypotField']
+```
+
+Like other comment fields, you can also use the official snake case API
+attributes (both are equivalent):
+
+```javascript
+comment['honeypot_field_name'] = 'myHoneypotField'
+comment['myHoneypotField'] = myForm['myHoneypotField']
+```
+
+Make sure that, on the user interface side, your honeypot field is hidden via
+CSS or Javascript.
+
+[0]: https://en.wikipedia.org/wiki/Honeypot_(computing)

lib/akismet.js

@@ -42,2 +42,20 @@ const Promise = require('bluebird')
 
+function getHoneypotFields(input) {
+  const honeypotKey = 'honeypot_field_name'
+  const honeypotFieldName = 'akismet_api_honeypot_field'
+  if (input[honeypotKey]) {
+    return {
+      [honeypotKey]: input[honeypotKey],
+      [input[honeypotKey]]: input[input[honeypotKey]]
+    }
+  } else if (input.honeypot) {
+    return {
+      [honeypotKey]: honeypotFieldName,
+      [honeypotFieldName]: input.honeypot
+    }
+  } else {
+    return {}
+  }
+}
+
 class AkismetClient {
@@ -83,3 +101,7 @@ // Configure our client based on provided options
     const url = `${this.endpoint}comment-check`
-    comment = { ...mapAliases(comment), ...this.requestOpts }
+    comment = {
+      ...mapAliases(comment),
+      ...getHoneypotFields(comment),
+      ...this.requestOpts
+    }
     return request
@@ -105,3 +127,7 @@ .post(url)
     const url = `${this.endpoint}submit-spam`
-    comment = { ...mapAliases(comment), ...this.requestOpts }
+    comment = {
+      ...mapAliases(comment),
+      ...getHoneypotFields(comment),
+      ...this.requestOpts
+    }
     return request
@@ -119,3 +145,7 @@ .post(url)
     const url = `${this.endpoint}submit-ham`
-    comment = { ...mapAliases(comment), ...this.requestOpts }
+    comment = {
+      ...mapAliases(comment),
+      ...getHoneypotFields(comment),
+      ...this.requestOpts
+    }
     return request
@@ -122,0 +152,0 @@ .post(url)

package.json

 {
   "name": "akismet-api",
-  "version": "5.3.0",
+  "version": "6.0.0",
   "description": "Nodejs bindings to the Akismet (https://akismet.com) spam detection service",
@@ -9,7 +9,8 @@ "main": "lib/akismet.js",
     "bluebird": "^3.1.1",
-    "superagent": "^7.0.1"
+    "superagent": "^8.0.0"
   },
   "devDependencies": {
     "chai": "^4.0.1",
-    "mocha": "^9.0.1",
+    "check-dts": "^0.6.7",
+    "mocha": "^10.0.0",
     "nock": "^13.0.0",
@@ -19,3 +20,3 @@ "prettier": "^2.0.2"
   "scripts": {
-    "test": "prettier --check '**/*.js' && mocha test/*.spec.js",
+    "test": "prettier --check '**/*.js' && mocha test/*.spec.js && check-dts akismet-api.d.ts",
     "prettier": "prettier --write '**/*.js'"
@@ -31,4 +32,4 @@ },
   "engines": {
-    "node": ">=4.0.0"
+    "node": ">=14.0.0"
   }
 }

README.md

@@ -14,3 +14,3 @@ Akismet-api
 * API support for async/await, promises, and callbacks
-* Supports all active versions of node (10 to 16)
+* Supports all active versions of node (14 to 19)
 * Supports all Akismet API features
@@ -21,5 +21,4 @@ * Complete set of unit and integration tests
 
-_Upgrading to 5.0?_ The docs have changed a fair bit but everything is backward
-compatible on supported node versions, so you likely don't need to change
-anything! Check out the [changelog][changelog].
+_Upgrading to 6.0?_ Changes are fairly minimal as long as you're on an active
+version of node, but check out the [changelog][changelog] for full details.
 
@@ -166,3 +165,3 @@ **These docs below are with ES6 async/await usage, but if you prefer another
 [img:license]: https://img.shields.io/npm/l/akismet-api.svg?maxAge=3600&style=flat-square
-[build]: https://travis-ci.com/chrisfosterelli/akismet-api
+[build]: https://app.travis-ci.com/chrisfosterelli/akismet-api
 [deps]: https://david-dm.org/chrisfosterelli/akismet-api
@@ -169,0 +168,0 @@ [downloads]: https://www.npmjs.com/package/akismet-api

test/comments.spec.js

@@ -32,2 +32,4 @@ const chai = require('chai')
           '&user_role=user' +
+          '&honeypot_field_name=my_honeypot_field' +
+          '&my_honeypot_field=I%20fell%20for%20the%20honeypot%21' +
           '&blog=https%3A%2F%2Fexample.com' +
@@ -53,2 +55,4 @@ '&blog_lang=en%2C%20fr_ca' +
       comment_author_url: 'https://authorsite.com',
+      honeypot_field_name: 'my_honeypot_field',
+      my_honeypot_field: 'I fell for the honeypot!',
       user_role: 'user'
@@ -84,2 +88,4 @@ })
           '&user_role=user' +
+          '&honeypot_field_name=akismet_api_honeypot_field' +
+          '&akismet_api_honeypot_field=I%20fell%20for%20the%20honeypot%21' +
           '&blog=https%3A%2F%2Fexample.com' +
@@ -105,2 +111,3 @@ '&blog_lang=en%2C%20fr_ca' +
       url: 'https://authorsite.com',
+      honeypot: 'I fell for the honeypot!',
       role: 'user'
@@ -107,0 +114,0 @@ })

New alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

77229

3.75%

Lines of code

1719

2.26%

Worsened metrics

Dev dependency count

5

25%

Number of lines in readme file

175

-0.57%

Dependency changes

• + Added

  superagent@8.1.2
  (transitive)

• - Removed

  inherits@2.0.4
  (transitive)

• - Removed

  readable-stream@3.6.2
  (transitive)

• - Removed

  safe-buffer@5.2.1
  (transitive)

• - Removed

  string_decoder@1.3.0
  (transitive)

• - Removed

  superagent@7.1.6
  (transitive)

• - Removed

  util-deprecate@1.0.2
  (transitive)

• Updated

  superagent@^8.0.0