coap - npm Package Compare versions

Comparing version 0.20.0 to 0.21.0

index.js

@@ -33,5 +33,5 @@ /*
   else if (ipv6)
-    agent = globalAgentV6
+    agent = exports.globalAgentIPv6
   else
-    agent = globalAgent
+    agent = exports.globalAgent
 
@@ -38,0 +38,0 @@ return agent.request(url)

lib/agent.js

@@ -47,5 +47,9 @@ /*
 
+  if (opts.socket) {
+    delete opts.port
+  }
+
   this._opts = opts
 
-  this._init()
+  this._init(opts.socket)
 }
@@ -55,8 +59,10 @@
 
-Agent.prototype._init = function initSock() {
-  if (this._sock)
+Agent.prototype._init = function initSock(socket) {
+  if (this._sock) {
     return
+  }
 
   var that = this
-  this._sock = dgram.createSocket(this._opts.type, function(msg, rsinfo) {
+  this._sock = socket || dgram.createSocket(this._opts.type)
+  this._sock.on('message', function(msg, rsinfo) {
     var packet
@@ -75,2 +81,7 @@ , message
 
+    if (packet.code[0] === '0' && packet.code !== '0.00') {
+      // ignore this packet since it's not a response.
+      return
+    }
+
     outSocket = that._sock.address();
@@ -117,2 +128,5 @@ that._handle(msg, rsinfo, outSocket)
 
+  if (this._opts.socket)
+    return
+
   this._sock.close()
@@ -119,0 +133,0 @@ this._sock = null

lib/server.js

@@ -290,2 +290,12 @@ /*
 
+  if (packet.code[0] !== '0') {
+    // According to RFC7252 Section 4.2 receiving a confirmable messages
+    // that can't be processed, should be rejected by ignoring it AND
+    // sending a reset. In this case confirmable response message would
+    // be silently ignored, which is not exactly as stated in the standard.
+    // However, sending a reset would interfere with a coap client which is
+    // re-using a socket (see pull-request #131).
+    return
+  }
+
   var sock      = this._sock
@@ -292,0 +302,0 @@ , lru       = this._lru

package.json

 {
   "name": "coap",
-  "version": "0.20.0",
+  "version": "0.21.0",
   "description": "A CoAP library for node modelled after 'http'",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -497,2 +497,4 @@ node-coap
 
+* `socket`: use existing socket instead of creating a new one.
+
 -------------------------------------------------------
@@ -499,0 +501,0 @@ <a name="globalAgent"></a>

test/request.js

@@ -84,2 +84,3 @@ /*
     req.once('error', function () {
+      coap.globalAgent.abort(req)
       done()
@@ -537,2 +538,3 @@ })
             messageId: packet.messageId
+            , code: '2.05'
             , token: packet.token
@@ -595,2 +597,3 @@ , options: [{
           messageId: packet.messageId
+          , code: '2.05'
           , token: packet.token
@@ -622,2 +625,3 @@ , options: [{
           messageId: packet.messageId
+          , code: '2.05'
           , token: packet.token
@@ -624,0 +628,0 @@ , options: []

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

192207

increased by6.6%

Number of package files

41

increased by2.5%

Lines of code

5427

increased by7.53%

Number of lines in readme file

559

increased by0.36%

Worsened metrics

Number of medium supply chain risk alerts

11

increased by10%

No dependency changes