jwa - npm Package Compare versions

Comparing version 1.1.3 to 1.1.4

index.js

 var bufferEqual = require('buffer-equal-constant-time');
 var base64url = require('base64url');
+var Buffer = require('safe-buffer').Buffer;
 var crypto = require('crypto');
@@ -42,3 +43,3 @@ var formatEcdsa = require('ecdsa-sig-formatter');
     var computedSig = createHmacSigner(bits)(thing, secret);
-    return bufferEqual(Buffer(signature), Buffer(computedSig));
+    return bufferEqual(Buffer.from(signature), Buffer.from(computedSig));
   }
@@ -45,0 +46,0 @@ }

package.json

 {
   "name": "jwa",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "JWA implementation (supports all JWS algorithms)",
@@ -10,9 +10,10 @@ "main": "index.js",
   "dependencies": {
-    "base64url": "~1.0.4",
-    "buffer-equal-constant-time": "^1.0.1",
-    "ecdsa-sig-formatter": "^1.0.0"
+    "base64url": "2.0.0",
+    "buffer-equal-constant-time": "1.0.1",
+    "ecdsa-sig-formatter": "1.0.7",
+    "safe-buffer": "^5.0.1"
   },
   "devDependencies": {
-    "semver": "^4.3.6",
-    "tap": "~0.3.3"
+    "semver": "4.3.6",
+    "tap": "6.2.0"
   },
@@ -34,5 +35,4 @@ "scripts": {
   ],
-  "author": "Brian J. Brennan",
-  "license": "MIT",
-  "gitHead": "5ca1d5182bb64ff15f6f52000fb30a6582a4c8b0"
+  "author": "Brian J. Brennan <brianloveswords@gmail.com>",
+  "license": "MIT"
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

10822

decreased by-52.04%

Dependency count

4

increased by33.33%

Number of package files

5

decreased by-37.5%

Lines of code

111

decreased by-71.24%

Dependency changes

• + Addedsafe-buffer@^5.0.1

• + Addedbase64-url@1.3.3(transitive)

• + Addedbase64url@2.0.0(transitive)

• + Addedecdsa-sig-formatter@1.0.7(transitive)

• - Removedbase64url@1.0.6(transitive)

• - Removedcamelcase@1.2.1(transitive)

• - Removedcamelcase-keys@1.0.0(transitive)

• - Removedconcat-stream@1.4.11(transitive)

• - Removedcore-util-is@1.0.3(transitive)

• - Removedecdsa-sig-formatter@1.0.11(transitive)

• - Removedget-stdin@4.0.1(transitive)

• - Removedindent-string@1.2.2(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedis-finite@1.1.0(transitive)

• - Removedisarray@0.0.1(transitive)

• - Removedmap-obj@1.0.1(transitive)

• - Removedmeow@2.0.0(transitive)

• - Removedminimist@1.2.8(transitive)

• - Removedobject-assign@1.0.0(transitive)

• - Removedreadable-stream@1.1.14(transitive)

• - Removedrepeating@1.1.3(transitive)

• - Removedstring_decoder@0.10.31(transitive)

• - Removedtypedarray@0.0.7(transitive)

• Updatedbase64url@2.0.0

• Updatedbuffer-equal-constant-time@1.0.1

• Updatedecdsa-sig-formatter@1.0.7