hpkp - npm Package Compare versions

Comparing version 2.0.3 to 3.0.0

index.js

		module.exports = function hpkp(passedOptions) {
		var options = parseOptions(passedOptions);
		var headerName = getHeaderName(options);
		var headerValue = getHeaderValue(options);
		const options = parseOptions(passedOptions);
		const headerName = getHeaderName(options);
		const headerValue = getHeaderValue(options);

		@@ -15,4 +15,4 @@ return function hpkp(req, res, next) {
		function parseOptions(options) {
		var badArgumentsError = new Error(
		"hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup)."
		const badArgumentsError = new Error(
		"hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup).",
		);
		@@ -28,9 +28,9 @@

		var maxAge = options.maxAge;
		var sha256s = options.sha256s;
		var setIf =
		options.setIf \|\|
		function () {
		return true;
		};
		const {
		maxAge,
		sha256s,
		setIf = () => true,
		reportUri,
		reportOnly,
		} = options;

		@@ -45,31 +45,23 @@ if (!maxAge \|\| maxAge <= 0 \|\| !sha256s \|\| sha256s.length < 2) {
		return {
		maxAge: maxAge,
		sha256s: sha256s,
		maxAge,
		sha256s,
		includeSubDomains: options.includeSubDomains \|\| options.includeSubdomains,
		reportUri: options.reportUri,
		reportOnly: options.reportOnly,
		setIf: setIf,
		reportUri,
		reportOnly,
		setIf,
		};
		}

		function getHeaderName(options) {
		var header = "Public-Key-Pins";
		if (options.reportOnly) {
		header += "-Report-Only";
		}
		return header;
		function getHeaderName({ reportOnly }) {
		const result = "Public-Key-Pins";
		if (reportOnly) return result + "-Report-Only";
		return result;
		}

		function getHeaderValue(options) {
		var result = options.sha256s.map(function (sha) {
		return 'pin-sha256="' + sha + '"';
		});
		result.push("max-age=" + Math.round(options.maxAge));
		if (options.includeSubDomains) {
		result.push("includeSubDomains");
		}
		if (options.reportUri) {
		result.push('report-uri="' + options.reportUri + '"');
		}
		function getHeaderValue({ sha256s, maxAge, includeSubDomains, reportUri }) {
		const result = sha256s.map((sha) => 'pin-sha256="' + sha + '"');
		result.push("max-age=" + Math.round(maxAge));
		if (includeSubDomains) result.push("includeSubDomains");
		if (reportUri) result.push('report-uri="' + reportUri + '"');
		return result.join("; ");
		}

package.json

		{
		"name": "hpkp",
		"author": "Adam Baldwin <baldwin@andyet.net> (http://andyet.net/team/baldwin)",
		"author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)",
		"license": "MIT",
		@@ -10,12 +10,9 @@ "contributors": [
		"description": "HTTP Public Key Pinning (HPKP) middleware",
		"version": "2.0.3",
		"version": "3.0.0",
		"engines": {
		"node": ">=18.0.0"
		},
		"keywords": [
		"helmet",
		"security",
		"express",
		"connect",
		"public-key pinning",
		"https",
		"cert",
		"certificate"
		"hpkp",
		"public key pinning"
		],
		@@ -35,14 +32,15 @@ "repository": {
		"lint": "npm run lint:eslint && npm run lint:prettier",
		"lint:eslint": "eslint .",
		"lint:eslint": "eslint --cache .",
		"lint:prettier": "prettier --check .",
		"format": "prettier --write .",
		"test": "mocha"
		"test": "node --test"
		},
		"devDependencies": {
		"@eslint/js": "^9.12.0",
		"connect": "^3.7.0",
		"eslint": "^8.7.0",
		"mocha": "^9.2.0",
		"prettier": "^2.5.1",
		"supertest": "^6.1.6"
		"eslint": "^9.12.0",
		"globals": "^15.11.0",
		"prettier": "^3.3.3",
		"supertest": "^7.0.0"
		}
		}

README.md

		@@ -23,3 +23,3 @@ # HTTP Public Key Pinning (HPKP) middleware
		includeSubDomains: true, // optional
		reportUri: "http://example.com", // optional
		reportUri: "https://example.com", // optional
		reportOnly: false, // optional
		@@ -32,3 +32,3 @@
		},
		})
		}),
		);
		@@ -35,0 +35,0 @@ ```

LICENSE

Sorry, the diff of this file is not supported yet

hpkp - npm Package Compare versions

Worsened metrics