dev-proxy - npm Package Compare versions

Comparing version 0.0.1-security to 2.0.0

package.json

 {
   "name": "dev-proxy",
-  "version": "0.0.1-security",
-  "description": "",
-  "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
+  "version": "2.0.0",
+  "author": [
+    "Cameron Hunter <hello@cameronhunter.co.uk>",
+    "Nicholas Clawson <nickclaw@gmail.com>"
+  ],
+  "description": "Simple SSL HTTP proxy using a self-signed certificate. Intended for local development only.",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/npm/security-holder.git"
+    "url": "http://github.com/nickclaw/dev-proxy.git"
   },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/npm/security-holder/issues"
+  "license": "MIT",
+  "bin": {
+    "dev-proxy": "bin/dev-proxy"
   },
-  "homepage": "https://github.com/npm/security-holder#readme"
+  "files": [
+    "resources",
+    "bin"
+  ],
+  "scripts": {
+    "install": "./bin/create-keys"
+  },
+  "dependencies": {
+    "chalk": "^1.1.3",
+    "commander": "^2.9.0",
+    "http-proxy": "^1.15.1",
+    "pem": "^1.9.4"
+  },
+  "devDependencies": {}
 }

README.md

@@ -1,9 +0,38 @@
-# Security holding package
+dev-proxy
+===============
 
-This package name is not currently in use, but was formerly occupied
-by another package. To avoid malicious use, npm is hanging on to the
-package name, but loosely, and we'll probably give it to you if you
-want it.
+Simple SSL HTTP proxy using a self-signed certificate. Intended for local development only. Based off of [local-ssl-proxy](https://github.com/cameronhunter/local-ssl-proxy).
 
-You may adopt this package by contacting support@npmjs.com and
-requesting the name.
+```
+Usage: dev-proxy [options]
+
+Options:
+
+  -h, --help                  output usage information
+  -V, --version               output the version number
+  -p --proxy <source:target>  ports to proxy
+  -k --key [keyPath]          optional path to key file
+  -c --cert [certPath]        optional path to cert file
+  -h --host [hostname]        optional hostname
+```
+
+Install
+-------
+```sh
+npm install -g dev-proxy
+# will automatically generate a self-signed cert/key
+```
+
+Run
+---
+To start a proxying from port `9000` to `9001` run:
+```sh
+dev-proxy --proxy 9000:9001
+```
+
+To create multiple proxies run:
+```sh
+dev-proxy --proxy 8080:8443 --proxy 9080:9443
+```
+
+Start your web server on the source port (`9000` in the example) and navigate to `https://localhost:<target-port>` ([https://localhost:9001](https://localhost:9001) in the example). You'll get a warning because the certificate is self-signed, this is safe to ignore during development.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Known malware

Supply chain risk

This package is malware. We have asked the package registry to remove it.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8012

increased by900.25%

Number of package files

8

increased by300%

Number of low quality alerts

1

decreased by-50%

Number of lines in readme file

39

increased by290%

Number of critical supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

4

increased byInfinity%

Number of low maintenance alerts

3

increased by50%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• + Addedchalk@^1.1.3

• + Addedcommander@^2.9.0

• + Addedhttp-proxy@^1.15.1

• + Addedpem@^1.9.4

• + Addedansi-regex@2.1.1(transitive)

• + Addedansi-styles@2.2.1(transitive)

• + Addedchalk@1.1.3(transitive)

• + Addedcharenc@0.0.2(transitive)

• + Addedcommander@2.20.3(transitive)

• + Addedcrypt@0.0.2(transitive)

• + Addedes6-promisify@7.0.0(transitive)

• + Addedescape-string-regexp@1.0.5(transitive)

• + Addedeventemitter3@4.0.7(transitive)

• + Addedfollow-redirects@1.15.9(transitive)

• + Addedhas-ansi@2.0.0(transitive)

• + Addedhttp-proxy@1.18.1(transitive)

• + Addedis-buffer@1.1.6(transitive)

• + Addedisexe@2.0.0(transitive)

• + Addedmd5@2.3.0(transitive)

• + Addedos-tmpdir@1.0.2(transitive)

• + Addedpem@1.15.1(transitive)

• + Addedrequires-port@1.0.0(transitive)

• + Addedstrip-ansi@3.0.1(transitive)

• + Addedsupports-color@2.0.0(transitive)

• + Addedwhich@2.0.2(transitive)