http-signature - npm Package Compare versions

Comparing version 1.3.0 to 1.3.1

CHANGES.md

 # node-http-signature changelog
 
+## not yet released
+
+(nothing yet)
+
+## 1.3.1
+
+- Fix node 0.10 usage (#90)
+
+## 1.3.0
+
+**Known issue:** This release broken http-signature with node 0.10.
+
+- Bump dependency `sshpk`
+- Add `Signature` header support (#83)
+
+## 1.2.0
+
+- Bump dependency `assert-plus`
+- Add ability to pass a custom header name
+- Replaced dependency `node-uuid` with `uuid`
+
 ## 1.1.1
@@ -30,3 +51,3 @@
 - #36: Ensure verifySignature does not leak useful timing information
-- #42: Bring the library up to the latest version of the spec (including the 
+- #42: Bring the library up to the latest version of the spec (including the
        request-target changes)
@@ -33,0 +54,0 @@ - Support for ECDSA keys and signatures.

lib/parser.js

@@ -122,6 +122,8 @@ // Copyright 2012 Joyent, Inc.  All rights reserved.
     var authzHeaderName = options.authorizationHeaderName;
-    var authz = headers[authzHeaderName] || headers[utils.HEADER.AUTH] || headers[utils.HEADER.SIG];
+    var authz = headers[authzHeaderName] || headers[utils.HEADER.AUTH] ||
+      headers[utils.HEADER.SIG];
 
     if (!authz) {
-      var errHeader = authzHeaderName ? authzHeaderName : utils.HEADER.AUTH + ' or ' + utils.HEADER.SIG;
+      var errHeader = authzHeaderName ? authzHeaderName :
+        utils.HEADER.AUTH + ' or ' + utils.HEADER.SIG;
 
@@ -128,0 +130,0 @@ throw new MissingHeaderError('no ' + errHeader + ' header ' +

lib/signer.js

@@ -393,3 +393,5 @@ // Copyright 2012 Joyent, Inc.  All rights reserved.
 
-    var FMT = authzHeaderName.toLowerCase() === utils.HEADER.SIG ? SIGNATURE_FMT : AUTHZ_FMT;
+    var FMT = authzHeaderName.toLowerCase() === utils.HEADER.SIG ?
+      SIGNATURE_FMT : AUTHZ_FMT;
+
     request.setHeader(authzHeaderName, sprintf(FMT,
@@ -396,0 +398,0 @@ options.keyId,

lib/utils.js

@@ -62,3 +62,3 @@ // Copyright 2012 Joyent, Inc.  All rights reserved.
 module.exports = {
-  HEADER,
+  HEADER: HEADER,
 
@@ -65,0 +65,0 @@ HASH_ALGOS: HASH_ALGOS,

package.json

 {
   "name": "http-signature",
   "description": "Reference implementation of Joyent's HTTP Signature scheme.",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "license": "MIT",
@@ -23,6 +23,8 @@ "author": "Joyent, Inc",
   "engines": {
-    "node": ">=0.8",
-    "npm": ">=1.3.7"
+    "node": ">=0.10"
   },
   "main": "lib/index.js",
+  "files": [
+    "lib"
+  ],
   "scripts": {
@@ -29,0 +31,0 @@ "test": "tap test/*.js"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Lines of code

802

increased by0.38%

Worsened metrics

Total package byte prevSize

35043

decreased by-28.02%

Number of package files

9

decreased by-18.18%

No dependency changes