alipay-sdk - npm Package Compare versions

Comparing version 1.0.11 to 1.0.14

index.d.ts

@@ -6,3 +6,3 @@ declare module 'alipay-sdk' {
     // 请求执行
-    execute(method: string, bizContext?: Object, publicArgs?: Object): Promise<AlipaySdkCommonResult>;
+    execute(method: string, bizContext?: Object, publicArgs?: Object, validateSign?: boolean): Promise<AlipaySdkCommonResult>;
     // 签名
@@ -9,0 +9,0 @@ sign(params: Object, needEncode?: boolean): string;

lib/alipay.js

@@ -62,6 +62,9 @@ 'use strict';
    * @param {object} publicArgs 公共请求参数
+   * @param {Boolean} validateSign 是否验签
    * @return {Promise} 请求执行结果
    */
-  execute(method, bizContext, publicArgs) {
+  execute(method, bizContext, publicArgs, validateSign) {
     publicArgs = publicArgs || {};
+    // 默认不验签
+    validateSign = validateSign || false;
     const config = this.config;
@@ -91,4 +94,7 @@ const params = Object.assign({}, config.params, {
           const data = ret.data[method.replace(/\./g, '_') + '_response'];
-          // 验签
-          const validateSuccess = this.checkResponseSign(data, ret.data.sign);
+          // 默认不验签
+          let validateSuccess = true;
+          if (validateSign) {
+            validateSuccess = this.checkResponseSign(data, ret.data.sign);
+          }
           if (validateSuccess) {
@@ -100,3 +106,2 @@ if (config.camelcase) {
           }
-          reject(ret);
         }
@@ -103,0 +108,0 @@ reject(ret);

package.json

 {
   "name": "alipay-sdk",
-  "version": "1.0.11",
+  "version": "1.0.14",
   "description": "",
@@ -11,3 +11,2 @@ "main": "index.js",
   },
-  "author": "",
   "license": "ISC",
@@ -27,4 +26,5 @@ "dependencies": {
     "mocha-lcov-reporter": "^1.2.0",
-    "should": "^11.1.1"
+    "should": "^11.1.1",
+    "sinon": "^1.17.7"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

75721

increased by938.7%

Number of package files

20

increased by150%

Lines of code

605

increased by232.42%

Worsened metrics

Dev dependency count

7

increased by16.67%

No dependency changes