helmet-csp - npm Package Compare versions

Comparing version 2.8.0 to 2.9.0

CHANGELOG.md

 # Changelog
 
+## 2.9.0 - 2019-08-28
+### Added
+- Added TypeScript type definitions. See [#86](https://github.com/helmetjs/csp/pull/86)
+
+### Fixed
+- Switched from `platform` to `bowser` to quiet a security vulnerability warning. See [#80](https://github.com/helmetjs/csp/issues/80)
+
 ## 2.8.0 - 2019-07-24
 ### Added
+- Added a new `sandbox` directive, `allow-downloads-without-user-activation` (see [#85](https://github.com/helmetjs/csp/pull/85))
 - Created a changelog
@@ -6,0 +14,0 @@ - Added some package metadata

package.json

@@ -9,3 +9,3 @@ {
   "description": "Content Security Policy middleware.",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "license": "MIT",
@@ -35,2 +35,4 @@ "keywords": [
   },
+  "main": "./dist/index.js",
+  "typings": "./dist/index.d.ts",
   "files": [
@@ -40,30 +42,36 @@ "CHANGELOG.md",
     "README.md",
-    "index.js",
-    "lib/"
+    "dist/index.js",
+    "dist/index.d.ts",
+    "dist/lib/**/*.js"
   ],
   "scripts": {
-    "pretest": "standard --fix",
-    "test": "mocha",
+    "pretest": "npm run lint",
+    "prepublishOnly": "npm run build",
+    "lint": "eslint --fix '**/*.ts'",
+    "test": "jest --config test/jest-config.json",
+    "clean": "rm -rf dist",
+    "build": "npm run clean && tsc",
     "generate-supported-directives-docs": "./scripts/generate_supported_directives_docs"
   },
   "dependencies": {
+    "bowser": "2.5.3",
     "camelize": "1.0.0",
     "content-security-policy-builder": "2.1.0",
-    "dasherize": "2.0.0",
-    "platform": "1.3.5"
+    "dasherize": "2.0.0"
   },
   "devDependencies": {
+    "@types/connect": "^3.4.32",
+    "@types/jest": "^24.0.18",
+    "@types/supertest": "^2.0.7",
+    "@typescript-eslint/eslint-plugin": "^2.0.0",
+    "@typescript-eslint/parser": "^2.0.0",
+    "connect": "^3.7.0",
     "content-security-policy-parser": "^0.2.0",
-    "express": "^4.17.1",
-    "mocha": "^6.2.0",
-    "standard": "^13.1.0",
-    "supertest": "^4.0.2"
-  },
-  "standard": {
-    "globals": [
-      "describe",
-      "beforeEach",
-      "it"
-    ]
+    "eslint": "^5.16.0",
+    "eslint-config-helmet": "^0.2.0",
+    "jest": "^24.9.0",
+    "supertest": "^4.0.2",
+    "ts-jest": "^24.0.2",
+    "typescript": "^3.6.2"
   }
 }

README.md

@@ -143,3 +143,4 @@ Content Security Policy middleware
 
+* [Google's CSP Evaluator tool](https://csp-evaluator.withgoogle.com/)
 * [GitHub's CSP journey](http://githubengineering.com/githubs-csp-journey/)
 * [Content Security Policy for Single Page Web Apps](https://corner.squareup.com/2016/05/content-security-policy-single-page-app.html)

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

32572

increased by29.12%

Number of package files

23

increased by4.55%

Lines of code

586

increased by22.08%

Number of lines in readme file

146

increased by0.69%

Worsened metrics

Dev dependency count

13

increased by160%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedbowser@2.5.3

• + Addedbowser@2.5.3(transitive)

• - Removedplatform@1.3.5

• - Removedplatform@1.3.5(transitive)