get-jwks - npm Package Compare versions
Comparing version 8.1.1 to 8.2.0
| { | ||
| "name": "get-jwks", | ||
| "version": "8.1.1", | ||
| "version": "8.2.0", | ||
| "description": "Fetch utils for JWKS keys", | ||
@@ -36,3 +36,3 @@ "main": "src/get-jwks.js", | ||
| "jwk-to-pem": "^2.0.4", | ||
| "lru-cache": "^9.0.0", | ||
| "lru-cache": "^10.0.0", | ||
| "node-fetch": "^2.6.1" | ||
@@ -49,3 +49,3 @@ }, | ||
| "nock": "^13.0.7", | ||
| "prettier": "^2.2.1", | ||
| "prettier": "^3.0.0", | ||
| "sinon": "^15.0.0", | ||
@@ -52,0 +52,0 @@ "tap": "^16.0.0", |
@@ -24,2 +24,3 @@ # get-jwks | ||
| ttl: 60 * 1000, | ||
| timeout: 5000, | ||
| allowedDomains: ['https://example.com'], | ||
@@ -35,2 +36,3 @@ providerDiscovery: false, | ||
| - `ttl`: Milliseconds an item will remain in cache. Defaults to 60s. | ||
| - `timeout`: Specifies how long it should wait to retrieve a JWK before it fails. The time is set in milliseconds. Defaults to 5s. | ||
| - `allowedDomains`: Array of allowed domains. By default all domains are allowed. | ||
@@ -37,0 +39,0 @@ - `providerDiscovery`: Indicates if the Provider Configuration Information is used to automatically get the jwks_uri from the [OpenID Provider Discovery Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This endpoint is exposing the [Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). With this flag set to true the domain will be treated as the OpenID Issuer which is the iss property in the token. Defaults to false. Ignored if jwksPath is specified. |
@@ -20,2 +20,3 @@ import type { LRUCache } from 'lru-cache' | ||
| agent?: Agent | ||
| timeout?: number | ||
| } | ||
@@ -22,0 +23,0 @@ |
@@ -20,2 +20,3 @@ 'use strict' | ||
| const ttl = options.ttl || 60 * 1000 /* 1 minute */ | ||
| const timeout = options.timeout || 5 * 1000 /* 5 seconds */ | ||
| const allowedDomains = (options.allowedDomains || []).map(ensureTrailingSlash) | ||
@@ -39,3 +40,3 @@ const providerDiscovery = options.providerDiscovery || false | ||
| agent, | ||
| timeout: 5000, | ||
| timeout, | ||
| } | ||
@@ -106,3 +107,3 @@ ) | ||
| const response = await fetch(jwksUri, { agent, timeout: 5000 }) | ||
| const response = await fetch(jwksUri, { agent, timeout }) | ||
| const body = await response.json() | ||
@@ -109,0 +110,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.64%
13504
- Lines of code
- increased by1.09%
186
- Number of lines in readme file
- increased by1.38%
147
- Number of medium supply chain risk alerts
- decreased by-50%
2
Dependency changes
+ Addedlru-cache@10.4.3(transitive)
- Removedlru-cache@9.1.2(transitive)
Updatedlru-cache@^10.0.0