express-csp-header - npm Package Compare versions

Comparing version 4.1.0 to 5.0.0-beta.1

./@types/express-csp-header/index.d.ts

 declare namespace Express {
-    interface Request {
-        nonce: string
-    }
+	interface Request {
+		nonce: string
+	}
 }

dist/constants.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.TLD = exports.NONCE = exports.ALLOW_TOP_NAVIGATION = exports.ALLOW_SCRIPTS = exports.ALLOW_SAME_ORIGIN = exports.ALLOW_PRESENTATION = exports.ALLOW_POPUPS_TO_ESACPE_SANDBOX = exports.ALLOW_POPUPS = exports.ALLOW_POINTER_LOCK = exports.ALLOW_ORIENTATION_LOCK = exports.ALLOW_MODALS = exports.ALLOW_FORMS = exports.UNSAFE_URL = exports.ORIGIN_WHEN_CROSS_ORIGIN = exports.ORIGIN = exports.NONE_WHEN_DOWNGRADE = exports.NO_REFERER = exports.STRICT_DYNAMIC = exports.BLOB = exports.DATA = exports.EVAL = exports.HASHES = exports.INLINE = exports.SELF = exports.NONE = void 0;
 var csp_header_1 = require("csp-header");
-exports.NONE = csp_header_1.NONE;
-exports.SELF = csp_header_1.SELF;
-exports.INLINE = csp_header_1.INLINE;
-exports.HASHES = csp_header_1.HASHES;
-exports.EVAL = csp_header_1.EVAL;
-exports.DATA = csp_header_1.DATA;
-exports.BLOB = csp_header_1.BLOB;
-exports.STRICT_DYNAMIC = csp_header_1.STRICT_DYNAMIC;
-exports.NO_REFERER = csp_header_1.NO_REFERER;
-exports.NONE_WHEN_DOWNGRADE = csp_header_1.NONE_WHEN_DOWNGRADE;
-exports.ORIGIN = csp_header_1.ORIGIN;
-exports.ORIGIN_WHEN_CROSS_ORIGIN = csp_header_1.ORIGIN_WHEN_CROSS_ORIGIN;
-exports.UNSAFE_URL = csp_header_1.UNSAFE_URL;
-exports.ALLOW_FORMS = csp_header_1.ALLOW_FORMS;
-exports.ALLOW_MODALS = csp_header_1.ALLOW_MODALS;
-exports.ALLOW_ORIENTATION_LOCK = csp_header_1.ALLOW_ORIENTATION_LOCK;
-exports.ALLOW_POINTER_LOCK = csp_header_1.ALLOW_POINTER_LOCK;
-exports.ALLOW_POPUPS = csp_header_1.ALLOW_POPUPS;
-exports.ALLOW_POPUPS_TO_ESACPE_SANDBOX = csp_header_1.ALLOW_POPUPS_TO_ESACPE_SANDBOX;
-exports.ALLOW_PRESENTATION = csp_header_1.ALLOW_PRESENTATION;
-exports.ALLOW_SAME_ORIGIN = csp_header_1.ALLOW_SAME_ORIGIN;
-exports.ALLOW_SCRIPTS = csp_header_1.ALLOW_SCRIPTS;
-exports.ALLOW_TOP_NAVIGATION = csp_header_1.ALLOW_TOP_NAVIGATION;
+Object.defineProperty(exports, "NONE", { enumerable: true, get: function () { return csp_header_1.NONE; } });
+Object.defineProperty(exports, "SELF", { enumerable: true, get: function () { return csp_header_1.SELF; } });
+Object.defineProperty(exports, "INLINE", { enumerable: true, get: function () { return csp_header_1.INLINE; } });
+Object.defineProperty(exports, "HASHES", { enumerable: true, get: function () { return csp_header_1.HASHES; } });
+Object.defineProperty(exports, "EVAL", { enumerable: true, get: function () { return csp_header_1.EVAL; } });
+Object.defineProperty(exports, "DATA", { enumerable: true, get: function () { return csp_header_1.DATA; } });
+Object.defineProperty(exports, "BLOB", { enumerable: true, get: function () { return csp_header_1.BLOB; } });
+Object.defineProperty(exports, "STRICT_DYNAMIC", { enumerable: true, get: function () { return csp_header_1.STRICT_DYNAMIC; } });
+Object.defineProperty(exports, "NO_REFERER", { enumerable: true, get: function () { return csp_header_1.NO_REFERER; } });
+Object.defineProperty(exports, "NONE_WHEN_DOWNGRADE", { enumerable: true, get: function () { return csp_header_1.NONE_WHEN_DOWNGRADE; } });
+Object.defineProperty(exports, "ORIGIN", { enumerable: true, get: function () { return csp_header_1.ORIGIN; } });
+Object.defineProperty(exports, "ORIGIN_WHEN_CROSS_ORIGIN", { enumerable: true, get: function () { return csp_header_1.ORIGIN_WHEN_CROSS_ORIGIN; } });
+Object.defineProperty(exports, "UNSAFE_URL", { enumerable: true, get: function () { return csp_header_1.UNSAFE_URL; } });
+Object.defineProperty(exports, "ALLOW_FORMS", { enumerable: true, get: function () { return csp_header_1.ALLOW_FORMS; } });
+Object.defineProperty(exports, "ALLOW_MODALS", { enumerable: true, get: function () { return csp_header_1.ALLOW_MODALS; } });
+Object.defineProperty(exports, "ALLOW_ORIENTATION_LOCK", { enumerable: true, get: function () { return csp_header_1.ALLOW_ORIENTATION_LOCK; } });
+Object.defineProperty(exports, "ALLOW_POINTER_LOCK", { enumerable: true, get: function () { return csp_header_1.ALLOW_POINTER_LOCK; } });
+Object.defineProperty(exports, "ALLOW_POPUPS", { enumerable: true, get: function () { return csp_header_1.ALLOW_POPUPS; } });
+Object.defineProperty(exports, "ALLOW_POPUPS_TO_ESACPE_SANDBOX", { enumerable: true, get: function () { return csp_header_1.ALLOW_POPUPS_TO_ESACPE_SANDBOX; } });
+Object.defineProperty(exports, "ALLOW_PRESENTATION", { enumerable: true, get: function () { return csp_header_1.ALLOW_PRESENTATION; } });
+Object.defineProperty(exports, "ALLOW_SAME_ORIGIN", { enumerable: true, get: function () { return csp_header_1.ALLOW_SAME_ORIGIN; } });
+Object.defineProperty(exports, "ALLOW_SCRIPTS", { enumerable: true, get: function () { return csp_header_1.ALLOW_SCRIPTS; } });
+Object.defineProperty(exports, "ALLOW_TOP_NAVIGATION", { enumerable: true, get: function () { return csp_header_1.ALLOW_TOP_NAVIGATION; } });
 exports.NONCE = '%nonce%';
 exports.TLD = '%tld%';
 //# sourceMappingURL=constants.js.map

dist/index.js

 "use strict";
-function __export(m) {
-    for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
-}
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
     return result;
 };
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.expressCspHeader = void 0;
 const crypto_1 = __importDefault(require("crypto"));
@@ -20,3 +33,3 @@ const csp_header_1 = require("csp-header");
 const constants_1 = require("./constants");
-__export(require("./constants"));
+__exportStar(require("./constants"), exports);
 function expressCspHeader(params) {
@@ -28,3 +41,3 @@ return function (req, res, next) {
         }
-        let { domainOptions } = params;
+        const { domainOptions } = params;
         let cspString = getCspString(req, res, params);
@@ -39,4 +52,4 @@ cspString = applyNonce(req, cspString);
 function getCspString(req, res, params) {
-    let { directives, presets, reportUri } = params;
-    let cspHeaderParams = {
+    const { directives, presets, reportUri } = params;
+    const cspHeaderParams = {
         directives,
@@ -57,3 +70,3 @@ presets,
     if (cspString.includes(constants_1.TLD)) {
-        let tld = parseDomain(req.hostname, domainOptions);
+        const tld = parseDomain(req.hostname, domainOptions);
         if (!tld) {
@@ -67,3 +80,3 @@ return cspString;
 function parseDomain(hostname, domainOptions) {
-    let customTlds = domainOptions === null || domainOptions === void 0 ? void 0 : domainOptions.customTlds;
+    const customTlds = domainOptions === null || domainOptions === void 0 ? void 0 : domainOptions.customTlds;
     if (customTlds instanceof RegExp) {
@@ -82,3 +95,3 @@ const tld = hostname.match(customTlds);
     }
-    let domain = psl.parse(hostname);
+    const domain = psl.parse(hostname);
     if (domain.error) {
@@ -92,5 +105,5 @@ return null;
 function setHeader(res, cspString, params) {
-    let headerName = params.reportOnly ? CSP_REPORT_ONLY_HEADER : CSP_HEADER;
+    const headerName = params.reportOnly ? CSP_REPORT_ONLY_HEADER : CSP_HEADER;
     res.set(headerName, cspString);
 }
 //# sourceMappingURL=index.js.map

package.json

 {
   "name": "express-csp-header",
-  "version": "4.1.0",
+  "version": "5.0.0-beta.1",
   "description": "Content-Security-Policy middleware for Express",
@@ -9,3 +9,4 @@ "main": "./dist/index.js",
     "test": "jest",
-    "build": "tsc -p ./"
+    "build": "tsc -p ./",
+    "lint": "eslint . --ext .js,.jsx,.ts,.tsx"
   },
@@ -24,3 +25,3 @@ "repository": {
   "engines": {
-    "node": ">=8"
+    "node": ">=10"
   },
@@ -32,15 +33,18 @@ "bugs": {
   "devDependencies": {
-    "@types/express": "^4.17.3",
-    "@types/jest": "^25.1.3",
-    "@types/node": "^13.7.7",
-    "@types/psl": "^1.1.0",
-    "jest": "^24.9.0",
-    "ts-jest": "^25.2.1",
-    "ts-node": "^8.6.2",
-    "typescript": "^3.8.3"
+    "@types/express": "4.17.11",
+    "@types/jest": "26.0.21",
+    "@types/node": "14.14.35",
+    "@types/psl": "1.1.0",
+    "@typescript-eslint/eslint-plugin": "4.18.0",
+    "@typescript-eslint/parser": "4.18.0",
+    "eslint": "7.22.0",
+    "jest": "26.6.3",
+    "ts-jest": "26.5.4",
+    "ts-node": "9.1.1",
+    "typescript": "4.2.3"
   },
   "dependencies": {
-    "csp-header": "^2.2.0",
-    "psl": "^1.8.0"
+    "csp-header": "^5.0.0-beta.1",
+    "psl": "1.8.0"
   }
 }

README.md

@@ -164,2 +164,2 @@ # Content-Security-Policy middleware for Express
 }
-```
+```

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25534

increased by68.54%

Number of package files

16

increased by60%

Lines of code

405

increased by193.48%

Number of lines in readme file

165

increased by0.61%

Worsened metrics

Dev dependency count

11

increased by37.5%

Number of low quality alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedcsp-header@5.2.1(transitive)

• + Addedpsl@1.8.0(transitive)

• - Removedcsp-header@2.2.0(transitive)

• - Removedpsl@1.15.0(transitive)

• - Removedpunycode@2.3.1(transitive)

• Updatedcsp-header@^5.0.0-beta.1

• Updatedpsl@1.8.0