Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
careful-downloader
Advanced tools
careful-downloader - npm Package Compare versions
Comparing version 1.2.0 to 1.3.0
@@ -19,13 +19,5 @@ export interface Options { | ||
| /** | ||
| * Path to temporary directory for unverified and/or unextracted downloads. | ||
| * Automatically generated if not set (recommended). | ||
| * Directory path relative to module where the validated download is saved or | ||
| * extracted. Must be located within `process.cwd()` for security reasons. | ||
| * | ||
| * @default `tempy.directory()` | ||
| */ | ||
| readonly tempDir?: string; | ||
| /** | ||
| * Full path or directory name relative to module to store the validated | ||
| * download. | ||
| * | ||
| * @default "./downloads" | ||
@@ -32,0 +24,0 @@ */ |
35
index.js
@@ -15,8 +15,2 @@ import path from "path"; | ||
| // don't delete the temp dir if set manually and dir exists | ||
| let deleteTempDir = true; | ||
| if (options.tempDir && fs.pathExistsSync(options.tempDir)) { | ||
| deleteTempDir = false; | ||
| } | ||
| // normalize options and set defaults | ||
@@ -26,4 +20,3 @@ options = { | ||
| extract: !!options.extract, | ||
| tempDir: options.tempDir ? path.resolve(process.cwd(), options.tempDir) : tempy.directory(), | ||
| destDir: options.destDir ? path.resolve(process.cwd(), options.destDir) : path.resolve(process.cwd(), "download"), | ||
| destDir: options.destDir ? path.resolve(process.cwd(), options.destDir) : path.resolve(process.cwd(), "downloads"), | ||
| cleanDestDir: !!options.cleanDestDir, | ||
@@ -34,13 +27,21 @@ algorithm: options.algorithm || "sha256", | ||
| // throw an error if destDir is outside of the module to prevent path traversal for security reasons | ||
| if (!options.destDir.startsWith(process.cwd())) { | ||
| throw new Error(`destDir must be located within '${process.cwd()}', it's currently set to '${options.destDir}'.`); | ||
| } | ||
| // initialize temporary directory | ||
| const tempDir = tempy.directory(); | ||
| try { | ||
| // simultaneously download the desired file and its checksums | ||
| await Promise.all([ | ||
| downloadFile(downloadUrl, path.join(options.tempDir, options.filename)), | ||
| downloadFile(checksumUrl, path.join(options.tempDir, "checksums.txt")), | ||
| downloadFile(downloadUrl, path.join(tempDir, options.filename)), | ||
| downloadFile(checksumUrl, path.join(tempDir, "checksums.txt")), | ||
| ]); | ||
| // validate the checksum of the download | ||
| if (await checkChecksum(options.tempDir, options.filename, "checksums.txt", options.algorithm, options.encoding)) { | ||
| if (await checkChecksum(tempDir, options.filename, "checksums.txt", options.algorithm, options.encoding)) { | ||
| // optionally clear the target directory of existing files | ||
| if (options.cleanDestDir) { | ||
| if (options.cleanDestDir && fs.existsSync(options.destDir)) { | ||
| await fs.remove(options.destDir); | ||
@@ -54,7 +55,7 @@ } | ||
| // decompress download and move resulting files to final destination | ||
| await decompress(path.join(options.tempDir, options.filename), options.destDir); | ||
| await decompress(path.join(tempDir, options.filename), options.destDir); | ||
| return options.destDir; | ||
| } else { | ||
| // move verified download to final destination as-is | ||
| await fs.copy(path.join(options.tempDir, options.filename), path.join(options.destDir, options.filename)); | ||
| await fs.copy(path.join(tempDir, options.filename), path.join(options.destDir, options.filename)); | ||
| return path.join(options.destDir, options.filename); | ||
@@ -66,6 +67,4 @@ } | ||
| } finally { | ||
| // delete temporary directory (except for edge cases above) | ||
| if (deleteTempDir) { | ||
| await fs.remove(options.tempDir); | ||
| } | ||
| // delete temporary directory | ||
| await fs.remove(tempDir); | ||
| } | ||
@@ -72,0 +71,0 @@ } |
| { | ||
| "name": "careful-downloader", | ||
| "version": "1.2.0", | ||
| "version": "1.3.0", | ||
| "description": "🕵️♀️ Downloads a file and its checksums to a temporary directory, validates the hash, and optionally extracts it if safe.", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -75,9 +75,2 @@ # 🕵️♀️ careful-downloader | ||
| ##### tempDir | ||
| Type: `string`\ | ||
| Default: [`tempy.directory()`](https://github.com/sindresorhus/tempy#tempydirectoryoptions) | ||
| Path to temporary directory for unverified and/or unextracted downloads. Automatically generated if not set (recommended). If set manually, the directory isn't purged upon finishing for security reasons. | ||
| ##### destDir | ||
@@ -88,3 +81,3 @@ | ||
| Full path or directory name relative to module to store the validated download. | ||
| Directory path relative to module where the validated download is saved or extracted. **Must be located within `process.cwd()` for security reasons.** | ||
@@ -91,0 +84,0 @@ ##### cleanDestDir |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-3.71%
10628
- Lines of code
- decreased by-6.67%
126
- Number of lines in readme file
- decreased by-6.09%
108
No dependency changes