eventsource - npm Package Compare versions

Comparing version 1.1.0 to 2.0.0

HISTORY.md

@@ -0,1 +1,7 @@
+# [2.0.0](https://github.com/EventSource/eventsource/compare/v1.1.0...v2.0.0)
+
+* BREAKING: Node >= 12 now required ([#152](https://github.com/EventSource/eventsource/pull/152) @HonkingGoose)
+* Preallocate buffer size when reading data for increased performance with large messages ([#239](https://github.com/EventSource/eventsource/pull/239) Pau Freixes)
+* Removed dependency on url-parser. Fixes [CVE-2022-0512](https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-0512) & [CVE-2022-0691](https://nvd.nist.gov/vuln/detail/CVE-2022-0691) ([#249](https://github.com/EventSource/eventsource/pull/249) Alex Hladin)
+
 # [1.1.0](https://github.com/EventSource/eventsource/compare/v1.0.7...v1.1.0)
@@ -2,0 +8,0 @@

lib/eventsource.js

@@ -1,3 +0,3 @@
-var original = require('original')
 var parse = require('url').parse
+var URL = require('url').URL
 var events = require('events')
@@ -18,2 +18,4 @@ var https = require('https')
 var carriageReturn = 13
+// Beyond 256KB we could not observe any gain in performance
+var maxBufferAheadAllocation = 1024 * 256
 
@@ -183,15 +185,32 @@ function hasBom (buf) {
       // Source/WebCore/page/EventSource.cpp
-      var isFirst = true
       var buf
+      var newBuffer
       var startingPos = 0
       var startingFieldLength = -1
+      var newBufferSize = 0
+      var bytesUsed = 0
+
       res.on('data', function (chunk) {
-        buf = buf ? Buffer.concat([buf, chunk]) : chunk
-        if (isFirst && hasBom(buf)) {
-          buf = buf.slice(bom.length)
+        if (!buf) {
+          buf = chunk
+          if (hasBom(buf)) {
+            buf = buf.slice(bom.length)
+          }
+          bytesUsed = buf.length
+        } else {
+          if (chunk.length > buf.length - bytesUsed) {
+            newBufferSize = (buf.length * 2) + chunk.length
+            if (newBufferSize > maxBufferAheadAllocation) {
+              newBufferSize = buf.length + chunk.length + maxBufferAheadAllocation
+            }
+            newBuffer = Buffer.alloc(newBufferSize)
+            buf.copy(newBuffer, 0, 0, bytesUsed)
+            buf = newBuffer
+          }
+          chunk.copy(buf, bytesUsed)
+          bytesUsed += chunk.length
         }
 
-        isFirst = false
         var pos = 0
-        var length = buf.length
+        var length = bytesUsed
 
@@ -240,4 +259,6 @@ while (pos < length) {
           buf = void 0
+          bytesUsed = 0
         } else if (pos > 0) {
-          buf = buf.slice(pos)
+          buf = buf.slice(pos, bytesUsed)
+          bytesUsed = buf.length
         }
@@ -278,3 +299,3 @@ })
           lastEventId: lastEventId,
-          origin: original(url)
+          origin: new URL(url).origin
         }))
@@ -281,0 +302,0 @@ data = ''

package.json

 {
   "name": "eventsource",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "W3C compliant EventSource client for Node.js and browser (polyfill)",
@@ -49,7 +49,5 @@ "keywords": [
   "engines": {
-    "node": ">=0.12.0"
+    "node": ">=12.0.0"
   },
-  "dependencies": {
-    "original": "^1.0.0"
-  },
+  "dependencies": {},
   "standard": {
@@ -56,0 +54,0 @@ "ignore": [

README.md

@@ -1,3 +0,5 @@
-# EventSource [![npm version](http://img.shields.io/npm/v/eventsource.svg?style=flat-square)](http://browsenpm.org/package/eventsource)[![Build Status](http://img.shields.io/travis/EventSource/eventsource/master.svg?style=flat-square)](https://travis-ci.org/EventSource/eventsource)[![NPM Downloads](https://img.shields.io/npm/dm/eventsource.svg?style=flat-square)](http://npm-stat.com/charts.html?package=eventsource&from=2015-09-01)[![Dependencies](https://img.shields.io/david/EventSource/eventsource.svg?style=flat-square)](https://david-dm.org/EventSource/eventsource)
+# EventSource [![npm version](http://img.shields.io/npm/v/eventsource.svg?style=flat-square)](https://www.npmjs.com/package/eventsource)[![NPM Downloads](https://img.shields.io/npm/dm/eventsource.svg?style=flat-square)](http://npm-stat.com/charts.html?package=eventsource&from=2015-09-01)[![Dependencies](https://img.shields.io/david/EventSource/eventsource.svg?style=flat-square)](https://david-dm.org/EventSource/eventsource)
 
+![Build](https://github.com/EventSource/eventsource/actions/workflows/build.yml/badge.svg)
+
 This library is a pure JavaScript implementation of the [EventSource](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events) client. The API aims to be W3C compatible.
@@ -4,0 +6,0 @@

No alert changes

Improved metrics

Dependency count

0

decreased by-100%

Number of lines in readme file

92

increased by2.22%

Worsened metrics

Total package byte prevSize

311242

decreased by-1.66%

Number of package files

12

decreased by-7.69%

Lines of code

8749

decreased by-3.13%

Dependency changes

• - Removedoriginal@^1.0.0

• - Removedoriginal@1.0.2(transitive)

• - Removedquerystringify@2.2.0(transitive)

• - Removedrequires-port@1.0.0(transitive)

• - Removedurl-parse@1.5.10(transitive)