Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
edge-csrf - npm Package Compare versions
Comparing version 0.1.0 to 0.1.1
| { | ||
| "name": "edge-csrf", | ||
| "description": "Primary logic behind CSRF tokens for Next.js Edge runtime", | ||
| "version": "0.1.0", | ||
| "version": "0.1.1", | ||
| "author": "Andres Morey", | ||
@@ -23,3 +23,6 @@ "license": "MIT", | ||
| "@edge-runtime/jest-environment": "^1.1.0-beta.7", | ||
| "@edge-runtime/primitives": "^1.1.0-beta.10", | ||
| "babel-jest": "^28.1.1", | ||
| "beautify-benchmark": "^0.2.4", | ||
| "benchmark": "^2.1.4", | ||
| "eslint": "^8.18.0", | ||
@@ -26,0 +29,0 @@ "jest": "^28.1.1", |
@@ -5,3 +5,3 @@ # Edge-CSRF | ||
| This library uses the cookie strategy from [`expressjs/csurf`](https://github.com/expressjs/csurf) and the crypto logic from ['pillarjs/csrf'](https://github.com/pillarjs/csrf) except it only uses Next.js edge runtime dependencies so it can be used in [Next.js middleware](https://nextjs.org/docs/advanced-features/middleware). | ||
| This library uses the cookie strategy from [expressjs/csurf](https://github.com/expressjs/csurf) and the crypto logic from [pillarjs/csrf](https://github.com/pillarjs/csrf) except it only uses Next.js edge runtime dependencies so it can be used in [Next.js middleware](https://nextjs.org/docs/advanced-features/middleware). | ||
@@ -8,0 +8,0 @@ # Features |
25
util.js
@@ -15,6 +15,7 @@ /** | ||
| export function utoa(input) { | ||
| let i = input.byteLength; | ||
| let output = new Array(i); | ||
| while (i--) output[i] = String.fromCharCode(input[i]); | ||
| return btoa(output.join('')); | ||
| let output = ''; | ||
| for (let i = 0; i < input.byteLength; i++) { | ||
| output += String.fromCharCode(input[i]); | ||
| } | ||
| return btoa(output); | ||
| } | ||
@@ -27,5 +28,4 @@ | ||
| input = atob(input); | ||
| let i = input.length; | ||
| let output = new Uint8Array(i); | ||
| while (i--) output[i] = input.charCodeAt(i); | ||
| let output = new Uint8Array(input.length); | ||
| for (let i = 0; i < input.length; i++) output[i] = input.charCodeAt(i); | ||
| return output; | ||
@@ -104,9 +104,7 @@ } | ||
| let i = hash.byteLength; | ||
| // check hash length | ||
| if (i !== hashCheck.byteLength) return false; | ||
| if (hash.byteLength !== hashCheck.byteLength) return false; | ||
| // check hash values | ||
| while (i--) { | ||
| for (let i = 0; i < hash.byteLength; i++) { | ||
| if (hash[i] !== hashCheck[i]) return false; | ||
@@ -124,4 +122,5 @@ } | ||
| const salt = new Uint8Array(byteLength); | ||
| let i = byteLength; | ||
| while (i--) salt[i] = Math.floor(Math.random() * 255); | ||
| for (let i = 0; i < byteLength; i++) { | ||
| salt[i] = Math.floor(Math.random() * 255); | ||
| } | ||
| return salt; | ||
@@ -128,0 +127,0 @@ } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.5%
9615
Worsened metrics
- Dev dependency count
- increased by33.33%
12
No dependency changes