bv-ui-core - npm Package Compare versions

Comparing version 1.2.1 to 2.0.0

CONTRIBUTING.md

@@ -5,5 +5,4 @@ # Contributing to bv-ui-core
 
-- Rebecca Murphey (@rmurphey)
 - Reason (@reason-bv)
-- Brian Sinclair (@brianarn)
+- Dan Heberden (@danheberden)
 
@@ -40,6 +39,2 @@ ## Getting Started
 
-## Landing Changes
-
-Pull requests should be landed with [git-land](https://github.com/git-land/git-land). **Do not land pull requests using the Github merge button.**
-
 ## File Structure
@@ -46,0 +41,0 @@

lib/domainPolice/index.js

@@ -7,7 +7,2 @@ /**
 
-// Dependencies
-var parseUri = require('../parseUri');
-
-// Variables used in our exposed methods to support memoization
-
 /**
@@ -18,14 +13,14 @@ * Returns true if the hostname is an exact match for a specific domain or a
  * @param  {String} domain Domain to check.
- * @param  {String} host   Domain to check against.
+ * @param  {String} hostname Hostname to check against.
  * @return {Boolean}
  */
-function domainMatches (domain, host) {
-  if (domain.charAt(0) === '.' && host) {
+function domainMatches (domain, hostname) {
+  if (domain.charAt(0) === '.' && hostname) {
     // domainMatches('.domain.com', 'sub.domain.com') and
     // domainMatches('.sub.domain.com', 'sub.domain.com') are both true.
-    var index = ('.' + host).lastIndexOf(domain);
-    return index >= 0 && index === (1 + host.length - domain.length);
+    var index = ('.' + hostname).lastIndexOf(domain);
+    return index >= 0 && index === (1 + hostname.length - domain.length);
   }
 
-  return host === domain || host === ('www.' + domain);
+  return hostname === domain || hostname === ('www.' + domain);
 }
@@ -37,12 +32,11 @@
  *
- * @param  {String} url The URL to check
  * @param  {Array}  domains The set of domain objects to check the URL against
+ * @param  {String} hostname The hostname to check
  * @return {Object} The matching domain object from the array of provided domains
  */
-function allowedDomain (url, domains) {
-  var host = parseUri(url).host;
+function allowedDomain (domains, hostname) {
   var matchedDomain;
 
   for (var i = 0; i < domains.length; i++) {
-    if (domainMatches(domains[i].domain, host)) {
+    if (domainMatches(domains[i].domain, hostname)) {
       matchedDomain = domains[i];
@@ -61,7 +55,7 @@
  *
- * @param  {String} url The URL to check
  * @param  {Array}  domains The set of domain objects to check the URL against
+ * @param  {String} hostname The hostname to be checked against. Preferably sourced by using window.location.hostname.
  * @return {Object} An object representing the state of the matched domain
  */
-function domainPolice (host, domains) {
+function domainPolice (domains, hostname) {
   var domainState = {};
@@ -75,3 +69,3 @@ var domain = {
 
-  var domainObject = allowedDomain(host, domains);
+  var domainObject = allowedDomain(domains, hostname);
 
@@ -81,12 +75,5 @@ // If we have a matching domain
     domain.isValid = true;
-    // Manually copying keys, because I can't safely use Object.assign
-    // or the npm object-assign module, or even lodash.assign/lodash.extend,
-    // as they're assuming ES5 environments.
-    // TODO: Once we drop IE8, simplify.
-    for (var key in domainObject) {
-      if (domainObject.hasOwnProperty(key)) {
-        domainState[key] = domainObject[key];
-      }
-    }
 
+    domainState = Object.assign({}, domainState, domainObject);
+
     // Special case: If the domain is a valid IPv4 address,
@@ -93,0 +80,0 @@ // remove the leading period.

lib/domainPolice/README.md

 # domainPolice
 
-The `domainPolice` module provides a function that takes a URL and an array of
+The `domainPolice` module provides a function that takes a hostname and an array of
 objects representing a known whitelist of domains, and returns an object with a
@@ -9,3 +9,3 @@ simple API, representing the state of that URL in the whitelist.
 
- - `url`: The particular URL to be validated as a string. Ports and protocols are not validated.
+ - `hostname`: The particular hostname to be validated as a string. Ports and protocols are not validated and should not be supplied as part of this. Optimally, this should be provided from `window.location.hostname` in the browser.
  - `allowedDomains`: An array of objects representing whitelisted arrays.
@@ -34,3 +34,3 @@
 
-var bvCop = domainPolice('www.bazaarvoice.com', allowedDomains);
+var bvCop = domainPolice(allowedDomains, 'www.bazaarvoice.com');
 bvCop.isValid; // => true
@@ -41,3 +41,3 @@ bvCop.get('domain'); // => '.bazaarvoice.com'
 
-var nopeCop = domainPolice('ww.w.foo.com');
+var nopeCop = domainPolice(allowedDomains, 'ww.w.foo.com');
 nopeCop.isValid; // => false
@@ -44,0 +44,0 @@ nopeCop.get('anything'); // => undefined

package.json

 {
   "name": "bv-ui-core",
-  "version": "1.2.1",
+  "version": "2.0.0",
   "license": "Apache 2.0",
@@ -5,0 +5,0 @@ "description": "Bazaarvoice UI-related JavaScript",

README.md

@@ -53,3 +53,2 @@ ![](https://travis-ci.org/bazaarvoice/bv-ui-core.svg)
 - [namespacer](./lib/namespacer)
-- [parseUri](./lib/parseUri)
 - [performance](./lib/performance)
@@ -56,0 +55,0 @@ - [polyfills](./lib/polyfills)

test/unit/checkHighContrast/index.spec.js

 /**
  * @fileOverview
- * Unit tests for the parseUri utility.
+ * Unit tests for the checkHighContrast utility.
  */
@@ -5,0 +5,0 @@

test/unit/domainPolice/index.spec.js

@@ -126,20 +126,9 @@ /**
       var domain = domainUnderTest.domain;
-      // Domain variations to test.
-      var domains = [
-        domain,
-        'http://' + domain,
-        'https://' + domain,
-        'http://' + domain + ':4000',
-        'https://' + domain + ':8000'
-      ];
 
-      var dp;
-      for (var i = 0, l = domains.length; i < l; i++) {
-        dp = domainPolice(domains[i], allowedDomains.slice(0));
+      var dp = domainPolice(allowedDomains.slice(0), domain);
 
-        expect(dp.isValid).to.equal(domainUnderTest.isValid);
-        expect(dp.get('domain')).to.equal(domainUnderTest.matchedDomain);
-        expect(dp.get('thirdPartyCookieEnabled')).to.equal(domainUnderTest.thirdPartyCookieEnabled);
-        expect(dp.get('commentsEnabled')).to.equal(domainUnderTest.commentsEnabled);
-      }
+      expect(dp.isValid).to.equal(domainUnderTest.isValid);
+      expect(dp.get('domain')).to.equal(domainUnderTest.matchedDomain);
+      expect(dp.get('thirdPartyCookieEnabled')).to.equal(domainUnderTest.thirdPartyCookieEnabled);
+      expect(dp.get('commentsEnabled')).to.equal(domainUnderTest.commentsEnabled);
     }
@@ -146,0 +135,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

6

decreased by-14.29%

Worsened metrics

Total package byte prevSize

368961

decreased by-2.88%

Number of package files

109

decreased by-3.54%

Lines of code

5116

decreased by-3.45%

Number of lines in readme file

61

decreased by-1.61%

No dependency changes