chipchat-tokens-to-google-secretmanager-mixin - npm Package Compare versions

Comparing version 1.0.2 to 1.0.3

package.json

 {
   "name": "chipchat-tokens-to-google-secretmanager-mixin",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "",
@@ -13,4 +13,4 @@ "main": "src/index.js",
     "@google-cloud/secret-manager": "^3.2.0",
-    "chipchat": "git://github.com/chatshipper/chipchat#development"
+    "chipchat": "git://github.com/chatshipper/chipchat.git#development"
   }
 }

src/index.js

@@ -39,3 +39,3 @@ const debug = require('debug');
 async function setTokens(tokens) {
-    const tokenid = (ChipChat.decodeJwt(tokens) || {})._id;
+    const tokenid = (ChipChat.decodeJwt(tokens.token) || {})._id;
     if (tokenid) {
@@ -47,3 +47,3 @@ log(`setTokens: using tokenid ${tokenid}`);
                 payload: {
-                    data: Buffer.from(tokens, 'utf8')
+                    data: Buffer.from(JSON.stringify(tokens), 'utf8')
                 }
@@ -50,0 +50,0 @@ });

New alerts

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Fixed alerts

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6164

increased by0.42%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• Updatedchipchat@git://github.com/chatshipper/chipchat.git#development