Socket
Socket
Sign inDemoInstall

csurf

Package Overview
Dependencies
Maintainers
4
Versions
29
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

csurf - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

HISTORY.md
LICENSE
README.md

12

index.js

@@ -13,2 +13,3 @@ /*!

var crypto = require('crypto');
var scmp = require('scmp');

@@ -25,5 +26,8 @@ /**

*
* The default `value` function checks `req.body` generated
* by the `bodyParser()` middleware, `req.query` generated
* by `query()`, and the "X-CSRF-Token" header field.
* The default `value` function checks for the token in one of the
* following places:
* - the `_csrf` parameter in the `req.body` generated by the
* `bodyParser()` middleware,
* - the `_csrf` parameter in the `req.query` generated by `query()`,
* - the "X-CSRF-Token" header field.
*

@@ -141,3 +145,3 @@ * This middleware requires session support, thus should be added

if ('string' != typeof token) return false;
return token === createToken(token.slice(0, 10), secret);
return scmp(token, createToken(token.slice(0, 10), secret));
}

@@ -144,0 +148,0 @@

14

package.json
{
"name": "csurf",
"description": "CSRF token middleware",
"version": "1.0.0",
"version": "1.1.0",
"author": {

@@ -12,12 +12,6 @@ "name": "Jonathan Ong",

"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/expressjs/csurf.git"
},
"bugs": {
"mail": "me@jongleberry.com",
"url": "https://github.com/expressjs/csurf/issues"
},
"repository": "expressjs/csurf",
"dependencies": {
"uid2": "~0.0.2"
"uid2": "~0.0.2",
"scmp": "~0.0.3"
},

@@ -24,0 +18,0 @@ "devDependencies": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc