hashi-vault-js
Advanced tools
hashi-vault-js - npm Package Compare versions
Comparing version
@@ -5,2 +5,8 @@ # Hashi Vault JS | ||
| * `0.4.8` | ||
| * Fixed security vulnerability (npm audit fix) | ||
| * Improved documentation | ||
| * Upgraded development env to Vault server `1.9.2` and node engine `v16` | ||
| * Upgraded all dependencies (`Axios` and `Jest`) | ||
| * `0.4.7` | ||
@@ -7,0 +13,0 @@ * Upgraded development env to Vault server `1.8.5` |
| { | ||
| "name": "hashi-vault-js", | ||
| "version": "0.4.7", | ||
| "version": "0.4.8", | ||
| "description": "A node.js module to interact with the Hashicorp Vault API.", | ||
@@ -35,3 +35,4 @@ "main": "Vault.js", | ||
| "Richard <richie765@> (https://github.com/Richie765)", | ||
| "Artico Bandurini <articobandurini> (https://github.com/articobandurini)" | ||
| "Artico Bandurini <articobandurini@> (https://github.com/articobandurini)", | ||
| "Ordinary IT9 <hkgnobody@> (https://github.com/hkgnobody)" | ||
| ], | ||
@@ -43,7 +44,10 @@ "license": "EPL-2.0", | ||
| "homepage": "https://github.com/rod4n4m1/hashi-vault-js#readme", | ||
| "engines": { | ||
| "node": ">=12" | ||
| }, | ||
| "dependencies": { | ||
| "axios": ">=0.21.1" | ||
| "axios": "^0.24.0" | ||
| }, | ||
| "devDependencies": { | ||
| "jest": "^27.0.4" | ||
| "jest": "^27.4.7" | ||
| }, | ||
@@ -50,0 +54,0 @@ "jest": { |
| # Hashi Vault JS | ||
| <img alt="David" src="https://img.shields.io/david/rod4n4m1/hashi-vault-js"> | ||
| <img alt="GitHub code size in bytes" src="https://img.shields.io/github/languages/code-size/rod4n4m1/hashi-vault-js"> | ||
| <img alt="npm" src="https://img.shields.io/npm/dm/hashi-vault-js"> | ||
| <img alt="NPM" src="https://img.shields.io/npm/l/hashi-vault-js"> | ||
| <img alt="GitHub contributors" src="https://img.shields.io/github/contributors/rod4n4m1/hashi-vault-js"> | ||
|  | ||
|  | ||
|  | ||
|  | ||
|  | ||
|  | ||
|  | ||
|  | ||
| This module provides a set of functions to help **JavaScript** Developers working with HashiCorp Vault to authenticate and access API endpoints using **JavaScript** _promises_. | ||
| This package is **NOT** affected by the _log4shell_ [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) vulnerability! | ||
| ## Requirements (MacOS/Windows) | ||
| * NodeJs | ||
| * Minimum: v10.x | ||
| * Recommended: **v12.x** | ||
| * Minimum: v12.x | ||
| * Recommended: **v16.x** | ||
| * npm | ||
| * Tested on: **v6.20.x** | ||
| * HashiCorp Vault | ||
| * Minimum: v1.6.x | ||
| * Accepted: v1.7.x | ||
| * Recommended: **v1.8.x** | ||
| * Minimum: v1.7.x | ||
| * Accepted: v1.8.x | ||
| * Recommended: **v1.9.x** | ||
@@ -111,3 +116,3 @@ **Note:** Depending on your Windows setup [windows-build-tools](https://www.npmjs.com/package/windows-build-tools) may need to be installed first. Also, for MacOS users, you should have **xcode-select** or entire Xcode App installed. | ||
| Perform a login on the Vault with role-id/secret-id pair (AppRole login) and get a valid client token: | ||
| Perform a login on the Vault with role-id/secret-id pair, (AppRole login) and get a valid client token: | ||
@@ -118,3 +123,3 @@ ```javascript | ||
| Perform a login on the Vault with LDAP username/password pair and get a valid client token: | ||
| Perform a login on the Vault with LDAP username/password pair, and get a valid client token: | ||
@@ -125,3 +130,3 @@ ```javascript | ||
| Perform a login on the Vault with Userpass username/password pair and get a valid client token: | ||
| Perform a login on the Vault with Userpass username/password pair, and get a valid client token: | ||
@@ -296,3 +301,4 @@ ```javascript | ||
| * Richard <richie765@> | ||
| * Artico Bandurini <articobandurini> | ||
| * Artico Bandurini <articobandurini@> | ||
| * Ordinary IT9 <hkgnobody@> | ||
@@ -299,0 +305,0 @@ ### License |
Sorry, the diff of this file is not supported yet
New alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
220986
0.35%- Number of lines in readme file
305
2.01%- Number of medium supply chain risk alerts
1
-50%Dependency changes
+ Added
axios@0.24.0(transitive)- Removed
asynckit@0.4.0(transitive)- Removed
axios@1.11.0(transitive)- Removed
call-bind-apply-helpers@1.0.2(transitive)- Removed
combined-stream@1.0.8(transitive)- Removed
delayed-stream@1.0.0(transitive)- Removed
dunder-proto@1.0.1(transitive)- Removed
es-define-property@1.0.1(transitive)- Removed
es-errors@1.3.0(transitive)- Removed
es-object-atoms@1.1.1(transitive)- Removed
es-set-tostringtag@2.1.0(transitive)- Removed
form-data@4.0.4(transitive)- Removed
function-bind@1.1.2(transitive)- Removed
get-intrinsic@1.3.0(transitive)- Removed
get-proto@1.0.1(transitive)- Removed
gopd@1.2.0(transitive)- Removed
has-symbols@1.1.0(transitive)- Removed
has-tostringtag@1.0.2(transitive)- Removed
hasown@2.0.2(transitive)- Removed
math-intrinsics@1.1.0(transitive)- Removed
mime-db@1.52.0(transitive)- Removed
mime-types@2.1.35(transitive)- Removed
proxy-from-env@1.1.0(transitive)Updated
axios@^0.24.0