httpism - npm Package Compare versions

Comparing version 2.1.0 to 2.2.0

browser.js

@@ -5,2 +5,3 @@ var window = require('global');
 var querystringLite = require('./querystring-lite');
+var randomString = require('random-string');
 
@@ -23,2 +24,26 @@ function json(request, next) {
 
+function jsonp(request, next) {
+  var jsonp = request.options.jsonp;
+  if (jsonp) {
+    request.options.querystring = request.options.querystring || {};
+
+    var callbackName = randomString({length: 20});
+    request.options.querystring[jsonp] = callbackName;
+
+    var value;
+    window[callbackName] = function(v) {
+      value = v;
+    };
+
+    return next().then(function (response) {
+      eval(response.body);
+      response.body = value;
+      delete window[callbackName];
+      return response;
+    });
+  }
+
+  return next();
+}
+
 function text(request, next) {
@@ -160,2 +185,3 @@ if (typeof request.body === 'string') {
     json,
+    jsonp,
     text,
@@ -162,0 +188,0 @@ utils.querystring,

package.json

 {
   "name": "httpism",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "HTTP client with middleware and good defaults",
@@ -11,2 +11,3 @@ "main": "index.js",
     "qs": "^0.6.6",
+    "random-string": "0.1.2",
     "tough-cookie": "2.2.0",
@@ -36,3 +37,3 @@ "underscore": "^1.6.0"
     "mock-xhr-router": "1.1.1",
-    "phantomjs-prebuilt": "2.1.4",
+    "phantomjs-prebuilt": "2.1.11",
     "pogo": "^0.9.6",
@@ -39,0 +40,0 @@ "server-destroy": "1.0.1",

readme.md

@@ -241,2 +241,3 @@ # httpism [![npm version](https://img.shields.io/npm/v/httpism.svg)](https://www.npmjs.com/package/httpism) [![npm](https://img.shields.io/npm/dm/httpism.svg)](https://www.npmjs.com/package/httpism) [![Build Status](https://travis-ci.org/featurist/httpism.svg?branch=master)](https://travis-ci.org/featurist/httpism)
     Many of these options are ignored by default, so you should set `agent: undefined` to force a new agent to honour the options.
+* `jsonp`: to perform a JSONP request, set this to the name of the parameter to contain the callback function, often this is simply `callback`.
 * `jsonReviver`: a [reviver function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse) that is passed to `JSON.parse(string, [reviver])` to override how JSON response bodies are decoded.
@@ -243,0 +244,0 @@

test/browser/app.js

@@ -54,2 +54,7 @@ var express = require('express');
 
+app.get('/jsonp', function(req, res) {
+  res.set('Content-Type', 'text/javascript');
+  res.send(`${req.query.callback}({blah: 'blah'})`);
+});
+
 module.exports = app;

test/browser/httpismSpec.js

@@ -51,3 +51,3 @@ var expect = require('chai').expect;
     it('throws if receives 404', function () {
-      return httpism.get('/status/404').then(function (response) {
+      return httpism.get('/status/404').then(function () {
         throw new Error('expected to throw exception');
@@ -61,2 +61,8 @@ }, function (response) {
     });
+
+    it('can call JSONP', function () {
+      return httpism.get('/jsonp', {jsonp: 'callback'}).then(function (response) {
+        expect(response.body).to.eql({blah: 'blah'});
+      });
+    });
   });
@@ -63,0 +69,0 @@

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

92592

increased by1.2%

Lines of code

2128

increased by1.43%

Number of lines in readme file

318

increased by0.32%

Worsened metrics

Dependency count

7

increased by16.67%

Number of medium supply chain risk alerts

8

increased by14.29%

Dependency changes

• + Addedrandom-string@0.1.2

• + Addedrandom-string@0.1.2(transitive)