Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
helmet - npm Package Compare versions
Comparing version 4.0.0-alpha.1 to 4.0.0-rc.1
@@ -16,4 +16,4 @@ # Changelog | ||
| - There is now a default set of directives if none are supplied | ||
| - Duplicate keys now throw an error | ||
| - This middleware is more lenient | ||
| - Duplicate keys now throw an error. See [helmetjs/csp#73](https://github.com/helmetjs/csp/issues/73) | ||
| - This middleware is more lenient, allowing more directive names or values | ||
| - `helmet.xssFilter` now disables the buggy XSS filter by default. See [#230](https://github.com/helmetjs/helmet/issues/230) | ||
@@ -28,3 +28,3 @@ | ||
| - `helmet.contentSecurityPolicy`: | ||
| - Removed browser sniffing (including the `browserSniff` and `disableAndroid` parameters) | ||
| - Removed browser sniffing (including the `browserSniff` and `disableAndroid` parameters). See See [helmetjs/csp#97](https://github.com/helmetjs/csp/issues/97) | ||
| - Removed conditional support. This includes directive functions and support for a function as the `reportOnly`. [Read this if you need help.](https://github.com/helmetjs/helmet/wiki/Conditionally-using-middleware) | ||
@@ -31,0 +31,0 @@ - Removed a lot of checks—you should be checking your CSP with a different tool |
@@ -40,3 +40,6 @@ import { IncomingMessage, ServerResponse } from "http"; | ||
| var xssFilter: typeof xXssProtection; | ||
| var featurePolicy: () => never; | ||
| var hpkp: () => never; | ||
| var noCache: () => never; | ||
| } | ||
| export default helmet; |
@@ -113,3 +113,12 @@ "use strict"; | ||
| helmet.xssFilter = x_xss_protection_1.default; | ||
| helmet.featurePolicy = () => { | ||
| throw new Error("helmet.featurePolicy was removed because the Feature-Policy header is deprecated. If you still need this header, you can use the `feature-policy` module."); | ||
| }; | ||
| helmet.hpkp = () => { | ||
| throw new Error("helmet.hpkp was removed because the header has been deprecated. If you still need this header, you can use the `hpkp` module. For more, see <https://github.com/helmetjs/helmet/issues/180>."); | ||
| }; | ||
| helmet.noCache = () => { | ||
| throw new Error("helmet.noCache was removed. You can use the `nocache` module instead. For more, see <https://github.com/helmetjs/helmet/issues/215>."); | ||
| }; | ||
| module.exports = helmet; | ||
| exports.default = helmet; |
@@ -19,3 +19,3 @@ "use strict"; | ||
| if ("maxage" in options) { | ||
| throw new Error('maxage is not a supported property. Did you mean to pass "maxAge" instead of "maxage"?'); | ||
| throw new Error("Strict-Transport-Security received an unsupported property, `maxage`. Did you mean to pass `maxAge`?"); | ||
| } | ||
@@ -22,0 +22,0 @@ if ("includeSubdomains" in options) { |
@@ -1,5 +0,3 @@ | ||
| /// <reference types="node" /> | ||
| import { IncomingMessage, ServerResponse } from "http"; | ||
| declare function xDownloadOptionsMiddleware(_req: IncomingMessage, res: ServerResponse, next: () => void): void; | ||
| declare function xDownloadOptions(): typeof xDownloadOptionsMiddleware; | ||
| declare function xDownloadOptions(): (_req: IncomingMessage, res: ServerResponse, next: () => void) => void; | ||
| export default xDownloadOptions; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| function xDownloadOptionsMiddleware(_req, res, next) { | ||
| res.setHeader("X-Download-Options", "noopen"); | ||
| next(); | ||
| } | ||
| function xDownloadOptions() { | ||
| return xDownloadOptionsMiddleware; | ||
| return function xDownloadOptionsMiddleware(_req, res, next) { | ||
| res.setHeader("X-Download-Options", "noopen"); | ||
| next(); | ||
| }; | ||
| } | ||
| module.exports = xDownloadOptions; | ||
| exports.default = xDownloadOptions; |
@@ -14,3 +14,3 @@ "use strict"; | ||
| else { | ||
| throw new Error(`X-Permitted-Cross-Domain-Policies does not support ${JSON.stringify(permittedPolicies)} as a permitted policy`); | ||
| throw new Error(`X-Permitted-Cross-Domain-Policies does not support ${JSON.stringify(permittedPolicies)}`); | ||
| } | ||
@@ -17,0 +17,0 @@ } |
@@ -1,5 +0,3 @@ | ||
| /// <reference types="node" /> | ||
| import { IncomingMessage, ServerResponse } from "http"; | ||
| declare function xPoweredByMiddleware(_req: IncomingMessage, res: ServerResponse, next: () => void): void; | ||
| declare function xPoweredBy(): typeof xPoweredByMiddleware; | ||
| declare function xPoweredBy(): (_req: IncomingMessage, res: ServerResponse, next: () => void) => void; | ||
| export default xPoweredBy; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| function xPoweredByMiddleware(_req, res, next) { | ||
| res.removeHeader("X-Powered-By"); | ||
| next(); | ||
| } | ||
| function xPoweredBy() { | ||
| return xPoweredByMiddleware; | ||
| return function xPoweredByMiddleware(_req, res, next) { | ||
| res.removeHeader("X-Powered-By"); | ||
| next(); | ||
| }; | ||
| } | ||
| module.exports = xPoweredBy; | ||
| exports.default = xPoweredBy; |
@@ -1,5 +0,3 @@ | ||
| /// <reference types="node" /> | ||
| import { IncomingMessage, ServerResponse } from "http"; | ||
| declare function xXssProtectionMiddleware(_req: IncomingMessage, res: ServerResponse, next: () => void): void; | ||
| declare function xXssProtection(): typeof xXssProtectionMiddleware; | ||
| declare function xXssProtection(): (_req: IncomingMessage, res: ServerResponse, next: () => void) => void; | ||
| export default xXssProtection; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| function xXssProtectionMiddleware(_req, res, next) { | ||
| res.setHeader("X-XSS-Protection", "0"); | ||
| next(); | ||
| } | ||
| function xXssProtection() { | ||
| return xXssProtectionMiddleware; | ||
| return function xXssProtectionMiddleware(_req, res, next) { | ||
| res.setHeader("X-XSS-Protection", "0"); | ||
| next(); | ||
| }; | ||
| } | ||
| module.exports = xXssProtection; | ||
| exports.default = xXssProtection; |
@@ -9,3 +9,3 @@ { | ||
| "description": "help secure Express/Connect apps with various HTTP headers", | ||
| "version": "4.0.0-alpha.1", | ||
| "version": "4.0.0-rc.1", | ||
| "keywords": [ | ||
@@ -63,13 +63,13 @@ "express", | ||
| "@types/connect": "^3.4.33", | ||
| "@types/jest": "^26.0.3", | ||
| "@types/jest": "^26.0.4", | ||
| "@types/supertest": "^2.0.10", | ||
| "@typescript-eslint/eslint-plugin": "^3.4.0", | ||
| "@typescript-eslint/parser": "^3.4.0", | ||
| "@typescript-eslint/eslint-plugin": "^3.6.1", | ||
| "@typescript-eslint/parser": "^3.6.1", | ||
| "connect": "^3.7.0", | ||
| "eslint": "^7.3.1", | ||
| "eslint": "^7.4.0", | ||
| "jest": "^26.1.0", | ||
| "prettier": "^2.0.5", | ||
| "supertest": "^4.0.2", | ||
| "ts-jest": "^26.1.1", | ||
| "typescript": "^3.9.5" | ||
| "ts-jest": "^26.1.2", | ||
| "typescript": "^3.9.7" | ||
| }, | ||
@@ -76,0 +76,0 @@ "scripts": { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.85%
65817
- Lines of code
- increased by0.57%
530
- Number of medium supply chain risk alerts
- decreased by-100%
0
No dependency changes