get-jwks - npm Package Compare versions
Comparing version
| { | ||
| "name": "get-jwks", | ||
| "version": "8.1.1", | ||
| "version": "8.2.0", | ||
| "description": "Fetch utils for JWKS keys", | ||
@@ -36,3 +36,3 @@ "main": "src/get-jwks.js", | ||
| "jwk-to-pem": "^2.0.4", | ||
| "lru-cache": "^9.0.0", | ||
| "lru-cache": "^10.0.0", | ||
| "node-fetch": "^2.6.1" | ||
@@ -49,3 +49,3 @@ }, | ||
| "nock": "^13.0.7", | ||
| "prettier": "^2.2.1", | ||
| "prettier": "^3.0.0", | ||
| "sinon": "^15.0.0", | ||
@@ -52,0 +52,0 @@ "tap": "^16.0.0", |
@@ -24,2 +24,3 @@ # get-jwks | ||
| ttl: 60 * 1000, | ||
| timeout: 5000, | ||
| allowedDomains: ['https://example.com'], | ||
@@ -35,2 +36,3 @@ providerDiscovery: false, | ||
| - `ttl`: Milliseconds an item will remain in cache. Defaults to 60s. | ||
| - `timeout`: Specifies how long it should wait to retrieve a JWK before it fails. The time is set in milliseconds. Defaults to 5s. | ||
| - `allowedDomains`: Array of allowed domains. By default all domains are allowed. | ||
@@ -37,0 +39,0 @@ - `providerDiscovery`: Indicates if the Provider Configuration Information is used to automatically get the jwks_uri from the [OpenID Provider Discovery Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This endpoint is exposing the [Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). With this flag set to true the domain will be treated as the OpenID Issuer which is the iss property in the token. Defaults to false. Ignored if jwksPath is specified. |
@@ -20,2 +20,3 @@ import type { LRUCache } from 'lru-cache' | ||
| agent?: Agent | ||
| timeout?: number | ||
| } | ||
@@ -22,0 +23,0 @@ |
@@ -20,2 +20,3 @@ 'use strict' | ||
| const ttl = options.ttl || 60 * 1000 /* 1 minute */ | ||
| const timeout = options.timeout || 5 * 1000 /* 5 seconds */ | ||
| const allowedDomains = (options.allowedDomains || []).map(ensureTrailingSlash) | ||
@@ -39,3 +40,3 @@ const providerDiscovery = options.providerDiscovery || false | ||
| agent, | ||
| timeout: 5000, | ||
| timeout, | ||
| } | ||
@@ -106,3 +107,3 @@ ) | ||
| const response = await fetch(jwksUri, { agent, timeout: 5000 }) | ||
| const response = await fetch(jwksUri, { agent, timeout }) | ||
| const body = await response.json() | ||
@@ -109,0 +110,0 @@ |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
13504
1.64%- Lines of code
186
1.09%- Number of lines in readme file
147
1.38%- Number of medium supply chain risk alerts
1
-66.67%Dependency changes
+ Added
lru-cache@10.4.3(transitive)- Removed
lru-cache@9.1.2(transitive)Updated
lru-cache@^10.0.0