engine.io - npm Package Compare versions

Comparing version 0.6.3 to 0.7.0

examples/latency/index.js

@@ -7,7 +7,7 @@
 var express = require('express')
-  , app = express(app)
+  , app = express()
   , server = require('http').createServer(app)
   , io = require('engine.io').attach(server);
 
-app.use(express.static('public'));
+app.use(express.static('build'));
 app.get('/', function(req, res, next){
@@ -14,0 +14,0 @@ res.sendfile('index.html');

examples/latency/package.json

@@ -5,6 +5,5 @@ {
   "dependencies": {
-    "express": "3.0.0rc4",
-    "engine.io": "0.3.7",
-    "engine.io-client": "0.3.7"
+    "express": "3.3.5",
+    "engine.io": "0.7.0"
   }
 }

examples/latency/public/index.js

@@ -1,3 +0,11 @@
-/*global SmoothieChart,TimeSeries,eio*/
 
+/**
+ * Module dependencies.
+ */
+
+var SmoothieChart = require("smoothie").SmoothieChart
+  , TimeSeries = require("smoothie").TimeSeries
+  , eio = require("engine.io");
+
+
 // helper
@@ -4,0 +12,0 @@

examples/latency/README.md

@@ -10,2 +10,4 @@
 $ npm install
+$ component install
+$ component build
 ```
@@ -12,0 +14,0 @@

History.md

 
+0.7.0 / 2013-08-23
+==================
+
+ * package: bump engine.io-client
+ * updated example
+ * inline merge
+ * added support node version 0.10 to .travis.yml
+ * fixed respond to flash policy request test. Closes #184
+ * fixed upgrade with timeout test. Closes #185
+ * engine.io: don't use __proto__, closes #170
+
 0.6.3 / 2013-06-21
@@ -3,0 +14,0 @@ ==================

index.js

 
 module.exports = process.env.EIO_COV
-  ? require('./lib-cov/engine.io')
-  : require('./lib/engine.io');
+  ? require('./lib-cov')
+  : require('./lib');

lib/engine.io.js

@@ -156,16 +156,1 @@ /**
 };
-
-/**
- * Invoking the library as a function delegates to attach
- *
- * @param {http.Server} server
- * @param {Object} options
- * @return {Server} engine server
- * @api public
- */
-
-module.exports = function() {
-  return exports.attach.apply(this, arguments);
-};
-
-module.exports.__proto__ = exports;

package.json

 {
     "name": "engine.io"
-  , "version": "0.6.3"
+  , "version": "0.7.0"
   , "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server"
@@ -19,3 +19,3 @@ , "main": "./lib/engine.io"
         "debug": "0.6.0"
-      , "ws": "0.4.25"
+      , "ws": "0.4.27"
       , "engine.io-parser": "0.3.0"
@@ -28,3 +28,3 @@ , "base64id": "0.1.0"
       , "superagent": "*"
-      , "engine.io-client": "0.6.3"
+      , "engine.io-client": "0.7.0"
       , "s": "*"
@@ -31,0 +31,0 @@ }

test/engine.io.js

@@ -62,3 +62,3 @@ /*global eio,listen,request,expect*/
     it('should respond to flash policy requests', function (done) {
-      var server = http.createServer()
+      var server = net.createServer({allowHalfOpen: true})
         , engine = eio.attach(server);
@@ -234,2 +234,5 @@
 
+          client.on('data', function (data) {
+          });
+
           client.on('end', done);
@@ -236,0 +239,0 @@ });

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

3

decreased by-57.14%

Number of medium supply chain risk alerts

8

decreased by-11.11%

Worsened metrics

Total package byte prevSize

120792

decreased by-34.06%

Lines of code

3090

decreased by-42.84%

Dependency changes

• + Addedws@0.4.27(transitive)

• - Removedws@0.4.25(transitive)

• Updatedws@0.4.27