hono - npm Package Compare versions
@@ -37,2 +37,7 @@ "use strict"; | ||
| }).join("\n"); | ||
| for (const key of ["event", "id", "retry"]) { | ||
| if (message[key] && /[\r\n]/.test(message[key])) { | ||
| throw new Error(`${key} must not contain "\\r" or "\\n"`); | ||
| } | ||
| } | ||
| const sseData = [ | ||
@@ -39,0 +44,0 @@ message.event && `event: ${message.event}`, |
@@ -26,2 +26,3 @@ "use strict"; | ||
| var import_mime = require("../../utils/mime"); | ||
| var import_url = require("../../utils/url"); | ||
| var import_path = require("./path"); | ||
@@ -48,3 +49,3 @@ const ENCODINGS = { | ||
| try { | ||
| filename = decodeURIComponent(c.req.path); | ||
| filename = (0, import_url.tryDecodeURI)(c.req.path); | ||
| if (/(?:^|[\/\\])\.\.(?:$|[\/\\])/.test(filename)) { | ||
@@ -51,0 +52,0 @@ throw new Error(); |
@@ -115,2 +115,7 @@ "use strict"; | ||
| } | ||
| for (const key of ["domain", "path"]) { | ||
| if (opt[key] && /[;\r\n]/.test(opt[key])) { | ||
| throw new Error(`${key} must not contain ";", "\\r", or "\\n"`); | ||
| } | ||
| } | ||
| if (opt && typeof opt.maxAge === "number" && opt.maxAge >= 0) { | ||
@@ -117,0 +122,0 @@ if (opt.maxAge > 3456e4) { |
@@ -32,3 +32,4 @@ "use strict"; | ||
| splitRoutingPath: () => splitRoutingPath, | ||
| tryDecode: () => tryDecode | ||
| tryDecode: () => tryDecode, | ||
| tryDecodeURI: () => tryDecodeURI | ||
| }); | ||
@@ -255,3 +256,4 @@ module.exports = __toCommonJS(url_exports); | ||
| splitRoutingPath, | ||
| tryDecode | ||
| tryDecode, | ||
| tryDecodeURI | ||
| }); |
@@ -14,2 +14,7 @@ // src/helper/streaming/sse.ts | ||
| }).join("\n"); | ||
| for (const key of ["event", "id", "retry"]) { | ||
| if (message[key] && /[\r\n]/.test(message[key])) { | ||
| throw new Error(`${key} must not contain "\\r" or "\\n"`); | ||
| } | ||
| } | ||
| const sseData = [ | ||
@@ -16,0 +21,0 @@ message.event && `event: ${message.event}`, |
| // src/middleware/serve-static/index.ts | ||
| import { COMPRESSIBLE_CONTENT_TYPE_REGEX } from "../../utils/compress.js"; | ||
| import { getMimeType } from "../../utils/mime.js"; | ||
| import { tryDecodeURI } from "../../utils/url.js"; | ||
| import { defaultJoin } from "./path.js"; | ||
@@ -25,3 +26,3 @@ var ENCODINGS = { | ||
| try { | ||
| filename = decodeURIComponent(c.req.path); | ||
| filename = tryDecodeURI(c.req.path); | ||
| if (/(?:^|[\/\\])\.\.(?:$|[\/\\])/.test(filename)) { | ||
@@ -28,0 +29,0 @@ throw new Error(); |
| import type { Hono } from '../hono'; | ||
| import type { HonoBase } from '../hono-base'; | ||
| import type { METHODS, METHOD_NAME_ALL_LOWERCASE } from '../router'; | ||
| import type { Endpoint, KnownResponseFormat, ResponseFormat, Schema } from '../types'; | ||
| import type { Endpoint, ExtractSchema, KnownResponseFormat, ResponseFormat, Schema } from '../types'; | ||
| import type { StatusCode, SuccessStatusCode } from '../utils/http-status'; | ||
@@ -208,3 +208,3 @@ import type { HasRequiredKeys } from '../utils/types'; | ||
| }; | ||
| export type ApplyGlobalResponse<App, Def extends GlobalResponseDefinition> = App extends HonoBase<infer E, infer D extends Schema, infer B> ? Hono<E, ModSchema<D, Def> extends Schema ? ModSchema<D, Def> : never, B> : never; | ||
| export type ApplyGlobalResponse<App, Def extends GlobalResponseDefinition> = App extends HonoBase<infer E, infer _ extends Schema, infer B> ? ModSchema<ExtractSchema<App>, Def> extends infer S extends Schema ? Hono<E, S, B> : never : never; | ||
| export {}; |
@@ -11,2 +11,12 @@ /** | ||
| export declare const tryDecode: (str: string, decoder: Decoder) => string; | ||
| /** | ||
| * Try to apply decodeURI() to given string. | ||
| * If it fails, skip invalid percent encoding or invalid UTF-8 sequences, and apply decodeURI() to the rest as much as possible. | ||
| * @param str The string to decode. | ||
| * @returns The decoded string that sometimes contains undecodable percent encoding. | ||
| * @example | ||
| * tryDecodeURI('Hello%20World') // 'Hello World' | ||
| * tryDecodeURI('Hello%20World/%A4%A2') // 'Hello World/%A4%A2' | ||
| */ | ||
| export declare const tryDecodeURI: (str: string) => string; | ||
| export declare const getPath: (request: Request) => string; | ||
@@ -13,0 +23,0 @@ export declare const getQueryStrings: (url: string) => string; |
@@ -90,2 +90,7 @@ // src/utils/cookie.ts | ||
| } | ||
| for (const key of ["domain", "path"]) { | ||
| if (opt[key] && /[;\r\n]/.test(opt[key])) { | ||
| throw new Error(`${key} must not contain ";", "\\r", or "\\n"`); | ||
| } | ||
| } | ||
| if (opt && typeof opt.maxAge === "number" && opt.maxAge >= 0) { | ||
@@ -92,0 +97,0 @@ if (opt.maxAge > 3456e4) { |
@@ -220,3 +220,4 @@ // src/utils/url.ts | ||
| splitRoutingPath, | ||
| tryDecode | ||
| tryDecode, | ||
| tryDecodeURI | ||
| }; |
+1
-1
| { | ||
| "name": "hono", | ||
| "version": "4.12.3", | ||
| "version": "4.12.4", | ||
| "description": "Web framework built on Web Standards", | ||
@@ -5,0 +5,0 @@ "main": "dist/cjs/index.js", |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
1274301
0.11%- Lines of code
35583
0.1%