formidable - npm Package Compare versions

Comparing version 3.2.3 to 3.2.4

package.json

 {
   "name": "formidable",
-  "version": "3.2.3",
+  "version": "3.2.4",
   "license": "MIT",
@@ -40,2 +40,3 @@ "description": "A node.js module for parsing form data, especially file uploads.",
     "@commitlint/config-conventional": "8.3.4",
+    "@sindresorhus/slugify": "^2.1.0",
     "@tunnckocore/prettier-config": "1.3.8",
@@ -42,0 +43,0 @@ "del-cli": "3.0.0",

src/Formidable.js

@@ -45,2 +45,12 @@ /* eslint-disable class-methods-use-this */
 
+const invalidExtensionChar = (c) => {
+  const code = c.charCodeAt(0);
+  return !(
+    code === 46 || // .
+    (code >= 48 && code <= 57) ||
+    (code >= 65 && code <= 90) ||
+    (code >= 97 && code <= 122)
+  );
+};
+
 class IncomingForm extends EventEmitter {
@@ -501,2 +511,5 @@ constructor(options = {}) {
 
+  // able to get composed extension with multiple dots
+  // "a.b.c" -> ".b.c"
+  // as opposed to path.extname -> ".c"
   _getExtension(str) {
@@ -510,9 +523,19 @@ if (!str) {
     const lastDot = basename.lastIndexOf('.');
-    const extname = path.extname(basename).replace(/(\.[a-z0-9]+).*/i, '$1');
+    let rawExtname = path.extname(basename);
 
-    if (firstDot === lastDot) {
-      return extname;
+    if (firstDot !== lastDot) {
+      rawExtname =  basename.slice(firstDot);
     }
 
-    return basename.slice(firstDot, lastDot) + extname;
+    let filtered;
+    const firstInvalidIndex = Array.from(rawExtname).findIndex(invalidExtensionChar);
+    if (firstInvalidIndex === -1) {
+      filtered = rawExtname;
+    } else {
+      filtered = rawExtname.substring(0, firstInvalidIndex);
+    }
+    if (filtered === '.') {
+      return '';
+    }
+    return filtered;
   }
@@ -519,0 +542,0 @@

src/PersistentFile.js

 /* eslint-disable no-underscore-dangle */
 
-import { WriteStream, unlink } from 'node:fs';
-import { createHash } from 'node:crypto';
+import fs from 'node:fs';
+import crypto from 'node:crypto';
 import { EventEmitter } from 'node:events';
@@ -18,3 +18,3 @@
     if (typeof this.hashAlgorithm === 'string') {
-      this.hash = createHash(this.hashAlgorithm);
+      this.hash = crypto.createHash(this.hashAlgorithm);
     } else {
@@ -26,3 +26,3 @@ this.hash = null;
   open() {
-    this._writeStream = new WriteStream(this.filepath);
+    this._writeStream = fs.createWriteStream(this.filepath);
     this._writeStream.on('error', (err) => {
@@ -85,3 +85,3 @@ this.emit('error', err);
     setTimeout(function () {
-        unlink(filepath, () => {});
+        fs.unlink(filepath, () => {});
     }, 1)
@@ -88,0 +88,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

91348

increased by0.59%

Lines of code

1571

increased by1.42%

Worsened metrics

Dev dependency count

21

increased by5%

No dependency changes