New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
edgegrid - npm Package Compare versions
Comparing version 3.0.3 to 3.0.4
| { | ||
| "name": "edgegrid", | ||
| "version": "3.0.3", | ||
| "version": "3.0.4", | ||
| "description": "Authentication handler for the Akamai OPEN EdgeGrid Authentication scheme in Node.js", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -34,2 +34,17 @@ // Copyright 2014 Akamai Technologies, Inc. All Rights Reserved | ||
| function validatedConfig(config) { | ||
| if (!(config.host && config.access_token && | ||
| config.client_secret && config.client_token)) { | ||
| var errorMessage = ""; | ||
| var tokens = | ||
| ['client_token', 'client_secret','access_token','host']; | ||
| tokens.forEach(function(token) { | ||
| if (!config[token]) { | ||
| errorMessage += "\nMissing: " + token; | ||
| } | ||
| }) | ||
| console.log('Missing part of the configuration:\n' + errorMessage); | ||
| return {}; | ||
| } | ||
| if (config.host.indexOf('https://') > -1) { | ||
@@ -40,3 +55,3 @@ return config; | ||
| config.host = 'https://' + config.host; | ||
| return config; | ||
@@ -65,5 +80,32 @@ } | ||
| function readEnv(section) { | ||
| // If any are set, we're committed | ||
| var envConf = {}; | ||
| var envPrefix = "AKAMAI_" + section.toUpperCase() | ||
| var tokens = | ||
| ['client_token', 'client_secret','access_token','host']; | ||
| tokens.forEach(function(token){ | ||
| var envcheck = envPrefix + "_" + token.toUpperCase() | ||
| if (process.env[envcheck]) { | ||
| envConf[token] = process.env[envcheck]; | ||
| } | ||
| }) | ||
| if (Object.keys(envConf).length > 0) { | ||
| console.log("Using configuration from environment variables") | ||
| return validatedConfig(envConf); | ||
| } | ||
| return {}; | ||
| } | ||
| module.exports = function(path, conf) { | ||
| var confSection = conf || 'default' | ||
| var envConf = readEnv(confSection); | ||
| if (envConf['host']) { | ||
| return envConf; | ||
| } | ||
| var edgerc = fs.readFileSync(path).toString().split('\n'), | ||
| confSection = conf || 'default', | ||
| confSection, | ||
| confData = getSection(edgerc, confSection); | ||
@@ -70,0 +112,0 @@ |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by3.05%
1218
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-1.2%
276917
- Number of package files
- decreased by-5%
19
- Number of low supply chain risk alerts
- increased by28.57%
9
No dependency changes