hpkp - npm Package Compare versions

Comparing version 1.2.0 to 2.0.0

index.js

		@@ -63,3 +63,3 @@ var badArgumentsError = new Error('hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup).')
		})
		result.push('max-age=' + Math.round(options.maxAge / 1000))
		result.push('max-age=' + Math.round(options.maxAge))
		if (options.includeSubDomains) {
		@@ -66,0 +66,0 @@ result.push('includeSubDomains')

package.json

		@@ -10,3 +10,3 @@ {
		"description": "HTTP Public Key Pinning (HPKP) middleware",
		"version": "1.2.0",
		"version": "2.0.0",
		"keywords": [
		@@ -33,5 +33,5 @@ "helmet",
		"connect": "^3.5.0",
		"mocha": "^3.1.0",
		"standard": "^8.3.0",
		"supertest": "^2.0.0"
		"mocha": "^3.1.2",
		"standard": "^8.5.0",
		"supertest": "^2.0.1"
		},
		@@ -38,0 +38,0 @@ "standard": {

README.md

		@@ -18,5 +18,5 @@ HTTP Public Key Pinning (HPKP) middleware

		var ninetyDaysInMilliseconds = 7776000000
		var ninetyDaysInSeconds = 7776000
		app.use(hpkp({
		maxAge: ninetyDaysInMilliseconds,
		maxAge: ninetyDaysInSeconds,
		sha256s: ['AbCdEf123=', 'ZyXwVu456='],
		@@ -36,1 +36,3 @@ includeSubDomains: true, // optional
		Setting `reportOnly` to `true` will change the header from `Public-Key-Pins` to `Public-Key-Pins-Report-Only`.

		Don't let these get out of sync with your certs! It's also recommended to test your HPKP deployment in `reportOnly` mode, or alternatively, to use a very short `maxAge` until you're confident your deployment is correct.

New alerts