aspxauth - npm Package Compare versions
Comparing version 1.1.2 to 2.0.0-node-12.0
| { | ||
| "name": "aspxauth", | ||
| "version": "1.1.2", | ||
| "version": "2.0.0-node-12.0", | ||
| "description": "Verify and decrypt .NET's .ASPXAUTH cookie from node", | ||
@@ -10,5 +10,4 @@ "main": "src/index.js", | ||
| "scripts": { | ||
| "format": "jscs --fix ./", | ||
| "lint": "eslint --fix ./", | ||
| "pretest": "npm run format && npm run lint", | ||
| "pretest": "npm run lint", | ||
| "test": "npm run cover", | ||
@@ -48,13 +47,9 @@ "test:only": "mocha spec/*.spec.js", | ||
| "license": "MIT", | ||
| "dependencies": { | ||
| "bignum": "^0.12.5" | ||
| }, | ||
| "devDependencies": { | ||
| "chai": "^3.5.0", | ||
| "eslint": "^3.7.0", | ||
| "eslint-config-leankit": "^3.0.0", | ||
| "jscs": "^3.0.7", | ||
| "mocha": "^3.1.2", | ||
| "nyc": "^8.3.0", | ||
| "sinon": "^1.17.6" | ||
| "chai": "^4.2.0", | ||
| "eslint": "^6.8.0", | ||
| "eslint-config-leankit": "^5.1.0", | ||
| "mocha": "^6.2.2", | ||
| "nyc": "^15.0.0", | ||
| "sinon": "^8.0.1" | ||
| }, | ||
@@ -61,0 +56,0 @@ "nyc": { |
| "use strict"; | ||
| const assert = require( "assert" ); | ||
| const bignum = require( "bignum" ); | ||
@@ -34,8 +33,5 @@ const BYTES_PER_CHAR = 2; | ||
| readInt64() { | ||
| let val = bignum.fromBuffer( this.buffer.slice( this.offset, this.offset + 8 ), { | ||
| endian: "little", | ||
| size: 8 | ||
| } ); | ||
| let val = this.buffer.slice( this.offset, this.offset + 8 ).readBigInt64LE(); | ||
| this.offset += 8; | ||
| return val.toNumber(); | ||
| return Number( val ); | ||
| }, | ||
@@ -42,0 +38,0 @@ |
@@ -0,5 +1,4 @@ | ||
| /* global BigInt */ | ||
| "use strict"; | ||
| const bignum = require( "bignum" ); | ||
| const BYTES_PER_CHAR = 2; | ||
@@ -10,3 +9,3 @@ const TICKS_IN_MILLISECOND = 10000; | ||
| function BufferWriter( size ) { | ||
| this.buffer = new Buffer( size ); | ||
| this.buffer = Buffer.alloc( size ); | ||
| this.offset = 0; | ||
@@ -33,3 +32,5 @@ } | ||
| writeInt64( val ) { | ||
| this.writeBuffer( bignum( val ).toBuffer( { endian: "little", size: 8 } ) ); | ||
| let buf = Buffer.alloc( 8 ); | ||
| buf.writeBigInt64LE( BigInt( val ) ); | ||
| this.writeBuffer( buf ); | ||
| return this; | ||
@@ -39,3 +40,3 @@ }, | ||
| writeDate( val ) { | ||
| this.writeInt64( bignum( val.getTime() ).add( MILLISECONDS_EPOCH_OFFSET ).mul( TICKS_IN_MILLISECOND ) ); | ||
| this.writeInt64( BigInt( ( val.getTime() + MILLISECONDS_EPOCH_OFFSET ) * TICKS_IN_MILLISECOND ) ); | ||
| return this; | ||
@@ -42,0 +43,0 @@ }, |
| "use strict"; | ||
| const assert = require( "assert" ); | ||
| const crypto = require( "crypto" ); | ||
| const { createCipheriv, createDecipheriv, createHmac, randomBytes } = require( "crypto" ); | ||
| const BufferReader = require( "./buffer-reader" ); | ||
@@ -53,5 +53,5 @@ const BufferWriter = require( "./buffer-writer" ); | ||
| const VALIDATION_KEY = new Buffer( config.validationKey, "hex" ); | ||
| const DECRYPTION_KEY = new Buffer( config.decryptionKey, "hex" ); | ||
| const DECRYPTION_IV = config.decryptionIV ? new Buffer( config.decryptionIV, "hex" ) : Buffer.alloc( DECRYPTION_METHOD.ivSize ); | ||
| const VALIDATION_KEY = Buffer.from( config.validationKey, "hex" ); | ||
| const DECRYPTION_KEY = Buffer.from( config.decryptionKey, "hex" ); | ||
| const DECRYPTION_IV = config.decryptionIV ? Buffer.from( config.decryptionIV, "hex" ) : Buffer.alloc( DECRYPTION_METHOD.ivSize ); | ||
@@ -72,3 +72,3 @@ const REQUIRED_VERSION = config.ticketVersion || false; | ||
| const hash = crypto.createHmac( VALIDATION_METHOD.algorithm, VALIDATION_KEY ); | ||
| const hash = createHmac( VALIDATION_METHOD.algorithm, VALIDATION_KEY ); | ||
| hash.update( payload ); | ||
@@ -81,3 +81,3 @@ | ||
| try { | ||
| const bytes = cookie instanceof Buffer ? cookie : new Buffer( cookie, "hex" ); | ||
| const bytes = cookie instanceof Buffer ? cookie : Buffer.from( cookie, "hex" ); | ||
@@ -88,3 +88,3 @@ if ( !validate( bytes ) ) { | ||
| const decryptor = crypto.createDecipheriv( DECRYPTION_METHOD.cipher, DECRYPTION_KEY, DECRYPTION_IV ); | ||
| const decryptor = createDecipheriv( DECRYPTION_METHOD.cipher, DECRYPTION_KEY, DECRYPTION_IV ); | ||
| const payload = bytes.slice( 0, -VALIDATION_METHOD.signatureSize ); | ||
@@ -130,3 +130,3 @@ const decryptedBytes = Buffer.concat( [ decryptor.update( payload ), decryptor.final() ] ); | ||
| // Write a random header to serve as a salt | ||
| writer.writeBuffer( crypto.randomBytes( DECRYPTION_METHOD.headerSize ) ); | ||
| writer.writeBuffer( randomBytes( DECRYPTION_METHOD.headerSize ) ); | ||
| writer.writeByte( FORMAT_VERSION ); | ||
@@ -154,6 +154,6 @@ | ||
| const encryptor = crypto.createCipheriv( DECRYPTION_METHOD.cipher, DECRYPTION_KEY, DECRYPTION_IV ); | ||
| const encryptor = createCipheriv( DECRYPTION_METHOD.cipher, DECRYPTION_KEY, DECRYPTION_IV ); | ||
| const encryptedBytes = Buffer.concat( [ encryptor.update( writer.buffer ), encryptor.final() ] ); | ||
| const hash = crypto.createHmac( "sha1", VALIDATION_KEY ); | ||
| const hash = createHmac( "sha1", VALIDATION_KEY ); | ||
| hash.update( encryptedBytes ); | ||
@@ -160,0 +160,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-100%
0
- Dev dependency count
- decreased by-14.29%
6
Worsened metrics
- Total package byte prevSize
- decreased by-1.28%
12940
- Lines of code
- decreased by-0.93%
214
- Number of low quality alerts
- increased byInfinity%
1
Dependency changes
- Removedbignum@^0.12.5
- Removedabbrev@1.1.1(transitive)
- Removedajv@4.11.8(transitive)
- Removedansi-regex@2.1.1(transitive)
- Removedaproba@1.2.0(transitive)
- Removedare-we-there-yet@1.1.7(transitive)
- Removedasn1@0.2.6(transitive)
- Removedassert-plus@0.2.01.0.0(transitive)
- Removedasynckit@0.4.0(transitive)
- Removedaws-sign2@0.6.0(transitive)
- Removedaws4@1.13.2(transitive)
- Removedbalanced-match@1.0.2(transitive)
- Removedbcrypt-pbkdf@1.0.2(transitive)
- Removedbignum@0.12.5(transitive)
- Removedblock-stream@0.0.9(transitive)
- Removedboom@2.10.1(transitive)
- Removedbrace-expansion@1.1.11(transitive)
- Removedcall-bind@1.0.8(transitive)
- Removedcall-bind-apply-helpers@1.0.1(transitive)
- Removedcall-bound@1.0.3(transitive)
- Removedcaseless@0.12.0(transitive)
- Removedco@4.6.0(transitive)
- Removedcode-point-at@1.1.0(transitive)
- Removedcombined-stream@1.0.8(transitive)
- Removedconcat-map@0.0.1(transitive)
- Removedconsole-control-strings@1.1.0(transitive)
- Removedcore-util-is@1.0.21.0.3(transitive)
- Removedcryptiles@2.0.5(transitive)
- Removeddashdash@1.14.1(transitive)
- Removeddebug@2.6.9(transitive)
- Removeddeep-extend@0.6.0(transitive)
- Removeddefine-data-property@1.1.4(transitive)
- Removeddelayed-stream@1.0.0(transitive)
- Removeddelegates@1.0.0(transitive)
- Removeddetect-libc@1.0.3(transitive)
- Removeddunder-proto@1.0.1(transitive)
- Removedecc-jsbn@0.1.2(transitive)
- Removedes-define-property@1.0.1(transitive)
- Removedes-errors@1.3.0(transitive)
- Removedes-object-atoms@1.0.0(transitive)
- Removedextend@3.0.2(transitive)
- Removedextsprintf@1.3.0(transitive)
- Removedforever-agent@0.6.1(transitive)
- Removedform-data@2.1.4(transitive)
- Removedfs.realpath@1.0.0(transitive)
- Removedfstream@1.0.12(transitive)
- Removedfstream-ignore@1.0.5(transitive)
- Removedfunction-bind@1.1.2(transitive)
- Removedgauge@2.7.4(transitive)
- Removedget-intrinsic@1.2.7(transitive)
- Removedget-proto@1.0.1(transitive)
- Removedgetpass@0.1.7(transitive)
- Removedglob@7.2.3(transitive)
- Removedgopd@1.2.0(transitive)
- Removedgraceful-fs@4.2.11(transitive)
- Removedhar-schema@1.0.5(transitive)
- Removedhar-validator@4.2.1(transitive)
- Removedhas-property-descriptors@1.0.2(transitive)
- Removedhas-symbols@1.1.0(transitive)
- Removedhas-unicode@2.0.1(transitive)
- Removedhasown@2.0.2(transitive)
- Removedhawk@3.1.3(transitive)
- Removedhoek@2.16.3(transitive)
- Removedhttp-signature@1.1.1(transitive)
- Removedinflight@1.0.6(transitive)
- Removedinherits@2.0.4(transitive)
- Removedini@1.3.8(transitive)
- Removedis-fullwidth-code-point@1.0.0(transitive)
- Removedis-typedarray@1.0.0(transitive)
- Removedisarray@1.0.02.0.5(transitive)
- Removedisstream@0.1.2(transitive)
- Removedjsbn@0.1.1(transitive)
- Removedjson-schema@0.4.0(transitive)
- Removedjson-stable-stringify@1.2.1(transitive)
- Removedjson-stringify-safe@5.0.1(transitive)
- Removedjsonify@0.0.1(transitive)
- Removedjsprim@1.4.2(transitive)
- Removedmath-intrinsics@1.1.0(transitive)
- Removedmime-db@1.52.0(transitive)
- Removedmime-types@2.1.35(transitive)
- Removedminimatch@3.1.2(transitive)
- Removedminimist@1.2.8(transitive)
- Removedmkdirp@0.5.6(transitive)
- Removedms@2.0.0(transitive)
- Removednan@2.22.0(transitive)
- Removednode-pre-gyp@0.6.39(transitive)
- Removednopt@4.0.3(transitive)
- Removednpmlog@4.1.2(transitive)
- Removednumber-is-nan@1.0.1(transitive)
- Removedoauth-sign@0.8.2(transitive)
- Removedobject-assign@4.1.1(transitive)
- Removedobject-keys@1.1.1(transitive)
- Removedonce@1.4.0(transitive)
- Removedos-homedir@1.0.2(transitive)
- Removedos-tmpdir@1.0.2(transitive)
- Removedosenv@0.1.5(transitive)
- Removedpath-is-absolute@1.0.1(transitive)
- Removedperformance-now@0.2.0(transitive)
- Removedprocess-nextick-args@2.0.1(transitive)
- Removedpunycode@1.4.1(transitive)
- Removedqs@6.4.1(transitive)
- Removedrc@1.2.8(transitive)
- Removedreadable-stream@2.3.8(transitive)
- Removedrequest@2.81.0(transitive)
- Removedrimraf@2.7.1(transitive)
- Removedsafe-buffer@5.1.2(transitive)
- Removedsafer-buffer@2.1.2(transitive)
- Removedsemver@5.7.2(transitive)
- Removedset-blocking@2.0.0(transitive)
- Removedset-function-length@1.2.2(transitive)
- Removedsignal-exit@3.0.7(transitive)
- Removedsntp@1.0.9(transitive)
- Removedsshpk@1.18.0(transitive)
- Removedstring-width@1.0.2(transitive)
- Removedstring_decoder@1.1.1(transitive)
- Removedstringstream@0.0.6(transitive)
- Removedstrip-ansi@3.0.1(transitive)
- Removedstrip-json-comments@2.0.1(transitive)
- Removedtar@2.2.2(transitive)
- Removedtar-pack@3.4.1(transitive)
- Removedtough-cookie@2.3.4(transitive)
- Removedtunnel-agent@0.6.0(transitive)
- Removedtweetnacl@0.14.5(transitive)
- Removeduid-number@0.0.6(transitive)
- Removedutil-deprecate@1.0.2(transitive)
- Removeduuid@3.4.0(transitive)
- Removedverror@1.10.0(transitive)
- Removedwide-align@1.1.5(transitive)
- Removedwrappy@1.0.2(transitive)