Comparing version 1.0.0 to 1.1.0
12
index.js
@@ -13,2 +13,3 @@ /*! | ||
var crypto = require('crypto'); | ||
var scmp = require('scmp'); | ||
@@ -25,5 +26,8 @@ /** | ||
* | ||
* The default `value` function checks `req.body` generated | ||
* by the `bodyParser()` middleware, `req.query` generated | ||
* by `query()`, and the "X-CSRF-Token" header field. | ||
* The default `value` function checks for the token in one of the | ||
* following places: | ||
* - the `_csrf` parameter in the `req.body` generated by the | ||
* `bodyParser()` middleware, | ||
* - the `_csrf` parameter in the `req.query` generated by `query()`, | ||
* - the "X-CSRF-Token" header field. | ||
* | ||
@@ -141,3 +145,3 @@ * This middleware requires session support, thus should be added | ||
if ('string' != typeof token) return false; | ||
return token === createToken(token.slice(0, 10), secret); | ||
return scmp(token, createToken(token.slice(0, 10), secret)); | ||
} | ||
@@ -144,0 +148,0 @@ |
{ | ||
"name": "csurf", | ||
"description": "CSRF token middleware", | ||
"version": "1.0.0", | ||
"version": "1.1.0", | ||
"author": { | ||
@@ -12,12 +12,6 @@ "name": "Jonathan Ong", | ||
"license": "MIT", | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/expressjs/csurf.git" | ||
}, | ||
"bugs": { | ||
"mail": "me@jongleberry.com", | ||
"url": "https://github.com/expressjs/csurf/issues" | ||
}, | ||
"repository": "expressjs/csurf", | ||
"dependencies": { | ||
"uid2": "~0.0.2" | ||
"uid2": "~0.0.2", | ||
"scmp": "~0.0.3" | ||
}, | ||
@@ -24,0 +18,0 @@ "devDependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
5754
8
138
0
7
0
2
1
1
+ Addedscmp@~0.0.3
+ Addedscmp@0.0.3(transitive)