ecstatic - npm Package Compare versions
Comparing version 1.4.1 to 2.0.0
@@ -0,3 +1,13 @@ | ||
| 2016/08/09 Version 2.0.0 | ||
| - No longer strip null bytes from uris before parsing. This avoids a regexp dos | ||
| attack. The stripping was to avoid a bug regarding c++ null terminated | ||
| strings shenanigans in some versions of node, but it *appears* fixed in LTS | ||
| versions of node. | ||
| - When both showDir and autoIndex are turned off, do not redirect from /foo to | ||
| /foo/. | ||
| - Add code coverage reports and codecov.io | ||
| 2015/05/10 Version 1.4.1 | ||
| - Compare if-modified-since header against server-generated last-modified header rather than raw mtime | ||
| - Compare if-modified-since header against server-generated last-modified | ||
| header rather than raw mtime | ||
@@ -7,3 +17,4 @@ 2015/12/22 Version 1.4.0 | ||
| - Started test suite around CLI options parsing | ||
| - Workaround for egregious v8 bug around date parsing throwing during modified-since checks | ||
| - Workaround for egregious v8 bug around date parsing throwing during | ||
| modified-since checks | ||
@@ -10,0 +21,0 @@ 2015/11/15 Version 1.3.1 |
@@ -58,1 +58,3 @@ General format is: contributor, github handle, email. In some cases, the | ||
| * Josh Gillies @joshgillies <github@joshgilli.es> | ||
| * Jesse Tane @jessetane <jesse.tane@gmail.com> | ||
| * Simon Sturmer @sstur <sstur@me.com> |
@@ -55,5 +55,17 @@ #! /usr/bin/env node | ||
| // Strip any null bytes from the url | ||
| // This was at one point necessary because of an old bug in url.parse | ||
| // | ||
| // See: https://github.com/jfhbrook/node-ecstatic/issues/16#issuecomment-3039914 | ||
| // See: https://github.com/jfhbrook/node-ecstatic/commit/43f7e72a31524f88f47e367c3cc3af710e67c9f4 | ||
| // | ||
| // But this opens up a regex dos attack vector! D: | ||
| // | ||
| // Based on some research (ie asking #node-dev if this is still an issue), | ||
| // it's *probably* not an issue. :) | ||
| /* | ||
| while(req.url.indexOf('%00') !== -1) { | ||
| req.url = req.url.replace(/\%00/g, ''); | ||
| } | ||
| */ | ||
| // Figure out the path for the file from the given url | ||
@@ -128,2 +140,7 @@ var parsed = url.parse(req.url); | ||
| else if (stat.isDirectory()) { | ||
| if (!autoIndex && !opts.showDir) { | ||
| status[404](res, next); | ||
| return; | ||
| } | ||
| // 302 to / if necessary | ||
@@ -157,4 +174,2 @@ if (!parsed.pathname.match(/\/$/)) { | ||
| status[404](res, next); | ||
| } | ||
@@ -161,0 +176,0 @@ else { |
@@ -5,3 +5,3 @@ { | ||
| "description": "A simple static file server middleware that works with both Express and Flatiron", | ||
| "version": "1.4.1", | ||
| "version": "2.0.0", | ||
| "homepage": "https://github.com/jfhbrook/node-ecstatic", | ||
@@ -14,3 +14,4 @@ "repository": { | ||
| "scripts": { | ||
| "test": "tap test/*.js" | ||
| "test": "tap --coverage test/*.js", | ||
| "posttest": "tap --coverage-report=text-lcov | codecov" | ||
| }, | ||
@@ -33,2 +34,3 @@ "bin": "./lib/ecstatic.js", | ||
| "devDependencies": { | ||
| "codecov": "^1.0.1", | ||
| "eol": "^0.2.0", | ||
@@ -35,0 +37,0 @@ "express": "^4.12.3", |
@@ -1,2 +0,2 @@ | ||
| # Ecstatic [](http://travis-ci.org/jfhbrook/node-ecstatic) | ||
| # Ecstatic [](http://travis-ci.org/jfhbrook/node-ecstatic) [](https://codecov.io/github/jfhbrook/node-ecstatic?branch=master) | ||
@@ -3,0 +3,0 @@  |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by975.56%
2606092
- Number of package files
- increased by217.39%
73
- Lines of code
- increased by50.12%
1285
Worsened metrics
- Dev dependency count
- increased by20%
6