express-brute - npm Package Compare versions

express-brute

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 1.0.0 to 1.0.1

index.js

		@@ -126,3 +126,3 @@ var _ = require('underscore');

		if (nextValidRequestTime <= this.now()) {
		if (nextValidRequestTime <= this.now() \|\| count <= this.options.freeRetries) {
		this.store.set(key, {
		@@ -129,0 +129,0 @@ count: count+1,

package.json

		{
		"name": "express-brute",
		"version": "1.0.0",
		"description": "A brute-force protection middleware for express routes that rate limits incoming requests",
		"keywords": [
		"brute",
		"force",
		"bruteforce",
		"attack",
		"fibonacci",
		"rate",
		"limit",
		"security"
		],
		"license": "BSD",
		"private": false,
		"scripts": {
		"test": "./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha spec"
		},
		"repository": {
		"type": "git",
		"url": "git@github.com:AdamPflug/express-brute.git"
		},
		"devDependencies": {
		"chai": "~3.5.0",
		"coveralls": "~2.11.9",
		"istanbul": "~0.4.3",
		"mocha": "~2.4.5",
		"mocha-lcov-reporter": "~1.2.0",
		"sinon": "~1.17.3",
		"sinon-chai": "~2.8.0"
		},
		"dependencies": {
		"long-timeout": "~0.1.1",
		"underscore": "~1.8.3"
		},
		"peerDependencies": {
		"express": "4.x"
		}
		"name": "express-brute",
		"version": "1.0.1",
		"description": "A brute-force protection middleware for express routes that rate limits incoming requests",
		"keywords": [
		"brute",
		"force",
		"bruteforce",
		"attack",
		"fibonacci",
		"rate",
		"limit",
		"security"
		],
		"license": "BSD",
		"private": false,
		"scripts": {
		"test": "./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha spec"
		},
		"repository": {
		"type": "git",
		"url": "git@github.com:AdamPflug/express-brute.git"
		},
		"devDependencies": {
		"chai": "~3.5.0",
		"coveralls": "~2.11.9",
		"istanbul": "~0.4.3",
		"mocha": "~2.4.5",
		"mocha-lcov-reporter": "~1.2.0",
		"sinon": "~1.17.3",
		"sinon-chai": "~2.8.0"
		},
		"dependencies": {
		"long-timeout": "~0.1.1",
		"underscore": "~1.8.3"
		},
		"peerDependencies": {
		"express": "4.x"
		}
		}

README.md

		@@ -80,5 +80,7 @@ express-brute
		- [MongoDB](https://github.com/auth0/express-brute-mongo)
		- [Mongoose](https://github.com/cbargren/express-brute-mongoose)
		- [Sequelize (SQL)](https://github.com/maddy2get/express-brute-sequelize)
		- [Knex.js (SQL)](https://github.com/llambda/brute-knex)
		- [RethinkDB](https://github.com/llambda/brute-rethinkdb)
		- [Loki.js](https://github.com/Requarks/express-brute-loki)

		@@ -163,6 +165,9 @@ If you write your own store and want me to add it to the list, just drop me an [email](mailto:adam.pflug@gmail.com) or [create an issue](https://github.com/AdamPflug/express-brute/issues/new).
		---------
		### v1.0.1
		* BUG: Fixed an edge case where freeretries weren't being respected if app servers had slightly different times

		### v1.0.0
		* NEW: Updated to use `Express` 4.x as a peer dependency.
		* REMOVED: `proxyDepth` option on `ExpressBrute` has been removed. Use `app.set('trust proxy', x)` from Express 4 instead. [More Info](http://expressjs.com/en/guide/behind-proxies.html)
		* REMOVED: `getIPFromRequest(req)` has been removed from instances, use `req.ip` instead.
		* REMOVED: `getIPFromRequest(req)` has been removed from instances, use `req.ip` instead.

		@@ -169,0 +174,0 @@ ### v0.6.0

spec/ExpessBrute.js

		@@ -59,2 +59,16 @@ var chai = require('chai'),
		});
		it('respects free retries even with clock skew', function() {
		brute = new ExpressBrute(store, {
		freeRetries: 1,
		minWait: 10,
		maxWait: 100,
		failCallback: errorSpy
		});
		brute.prevent(req(), new ResponseMock(), nextSpy);
		clock.tick(-100);
		brute.prevent(req(), new ResponseMock(), nextSpy);
		errorSpy.should.not.have.been.called;
		brute.prevent(req(), new ResponseMock(), nextSpy);
		errorSpy.should.have.been.called;
		});
		it('correctly calculates delays when min and max wait are the same', function () {
		@@ -61,0 +75,0 @@ brute = new ExpressBrute(store, {

Improved metrics