New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
co-busboy - npm Package Compare versions
Comparing version 1.2.1 to 1.3.0
| 1.3.0 / 2015-03-02 | ||
| ================== | ||
| * improve tests and coverage | ||
| * add checkFile hook to do file check, like limit filenam extension | ||
| * add checkField hook to do prepare jobs, like csrf | ||
| 1.2.1 / 2015-02-28 | ||
@@ -3,0 +10,0 @@ ================== |
18
index.js
@@ -15,2 +15,6 @@ var Busboy = require('busboy') | ||
| options.headers = request.headers | ||
| // options.checkField hook `function(name, val, fieldnameTruncated, valTruncated)` | ||
| // options.checkFile hook `function(fieldname, fileStream, filename, encoding, mimetype)` | ||
| var checkField = options.checkField | ||
| var checkFile = options.checkFile | ||
@@ -61,2 +65,9 @@ var busboy = new Busboy(options) | ||
| function onField(name, val, fieldnameTruncated, valTruncated) { | ||
| if (checkField) { | ||
| var err = checkField(name, val, fieldnameTruncated, valTruncated) | ||
| if (err) { | ||
| return onEnd(err) | ||
| } | ||
| } | ||
| var args = [name, val, fieldnameTruncated, valTruncated] | ||
@@ -80,2 +91,9 @@ | ||
| function onFile(fieldname, file, filename, encoding, mimetype) { | ||
| if (checkFile) { | ||
| var err = checkFile(fieldname, file, filename, encoding, mimetype) | ||
| if (err) { | ||
| return onEnd(err) | ||
| } | ||
| } | ||
| // opinionated, but 5 arguments is ridiculous | ||
@@ -82,0 +100,0 @@ file.fieldname = fieldname |
| { | ||
| "name": "co-busboy", | ||
| "description": "Busboy multipart parser as a yieldable", | ||
| "version": "1.2.1", | ||
| "version": "1.3.0", | ||
| "author": { | ||
@@ -26,8 +26,12 @@ "name": "Jonathan Ong", | ||
| "co": "*", | ||
| "mocha": "*", | ||
| "should": "*" | ||
| "istanbul-harmony": "*", | ||
| "mocha": "*" | ||
| }, | ||
| "scripts": { | ||
| "test": "make test" | ||
| } | ||
| "test": "make test", | ||
| "test-cov": "make test-cov" | ||
| }, | ||
| "files": [ | ||
| "index.js" | ||
| ] | ||
| } |
| # co busboy | ||
| [![NPM version][npm-image]][npm-url] | ||
| [![build status][travis-image]][travis-url] | ||
| [![Test coverage][coveralls-image]][coveralls-url] | ||
| [![David deps][david-image]][david-url] | ||
| [![npm download][download-image]][download-url] | ||
| [npm-image]: https://img.shields.io/npm/v/co-busboy.svg?style=flat-square | ||
| [npm-url]: https://npmjs.org/package/co-busboy | ||
| [travis-image]: https://img.shields.io/travis/cojs/busboy.svg?style=flat-square | ||
| [travis-url]: https://travis-ci.org/cojs/busboy | ||
| [coveralls-image]: https://img.shields.io/coveralls/cojs/busboy.svg?style=flat-square | ||
| [coveralls-url]: https://coveralls.io/r/cojs/busboy?branch=master | ||
| [david-image]: https://img.shields.io/david/cojs/busboy.svg?style=flat-square | ||
| [david-url]: https://david-dm.org/cojs/busboy | ||
| [download-image]: https://img.shields.io/npm/dm/co-busboy.svg?style=flat-square | ||
| [download-url]: https://npmjs.org/package/co-busboy | ||
| [busboy](http://github.com/mscdex/busboy) multipart parser using `co` or `koa`. | ||
@@ -57,2 +74,56 @@ | ||
| ### Example for csrf check | ||
| Use `options.checkField` hook `function(name, val, fieldnameTruncated, valTruncated)` | ||
| can handle fields check. | ||
| ```js | ||
| var parse = require('co-busboy') | ||
| app.use(function* (next) { | ||
| var ctx = this | ||
| var parts = parse(this, { | ||
| checkField: function (name, value) { | ||
| if (name === '_csrf' && !checkCSRF(ctx, value)) { | ||
| var err = new Error('invalid csrf token') | ||
| err.status = 400 | ||
| return err | ||
| } | ||
| } | ||
| }) | ||
| var part | ||
| while (part = yield parts) { | ||
| // ... | ||
| } | ||
| }) | ||
| ``` | ||
| ### Example for filename extension check | ||
| Use `options.checkFile` hook `function(fieldname, file, filename, encoding, mimetype)` | ||
| can handle filename check. | ||
| ```js | ||
| var parse = require('co-busboy') | ||
| var path = require('path') | ||
| app.use(function* (next) { | ||
| var ctx = this | ||
| var parts = parse(this, { | ||
| // only allow upload `.jpg` files | ||
| checkFile: function (fieldname, file, filename) { | ||
| if (path.extname(filename) !== '.jpg') { | ||
| var err = new Error('invalid jpg image') | ||
| err.status = 400 | ||
| return err | ||
| } | ||
| } | ||
| }) | ||
| var part | ||
| while (part = yield parts) { | ||
| // ... | ||
| } | ||
| }) | ||
| ``` | ||
| ## API | ||
@@ -59,0 +130,0 @@ |
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by37.95%
9753
- Lines of code
- increased by19.51%
98
- Number of lines in readme file
- increased by55.91%
198
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Number of package files
- decreased by-42.86%
4
No dependency changes