minecraft-protocol - npm Package Compare versions

Comparing version 1.38.1 to 1.39.0

docs/HISTORY.md

 # History
 
+## 1.39.0
+* Use non-zero salt (@frej4189)
+* Mark message as insecure if unsigned content is present (@frej4189)
+
 ## 1.38.1
@@ -4,0 +8,0 @@ * Update chat example for 1.19 (#1059) (@frej4189)

package.json

 {
   "name": "minecraft-protocol",
-  "version": "1.38.1",
+  "version": "1.39.0",
   "description": "Parse and serialize minecraft packets, plus authentication and encryption.",
@@ -5,0 +5,0 @@ "main": "src/index.js",

src/client/chat.js

@@ -123,3 +123,3 @@ const crypto = require('crypto')
         senderTeam: packet.senderTeam,
-        verified: pubKey ? client.verifyMessage(pubKey, packet) : false
+        verified: (pubKey && !packet.unsignedChatContent) ? client.verifyMessage(pubKey, packet) : false
       })
@@ -140,3 +140,3 @@ return
     const expired = !packet.timestamp || tsDelta > messageExpireTime || tsDelta < 0
-    const verified = updateAndValidateChat(packet.senderUuid, packet.previousSignature, packet.signature, hash.digest()) && !expired
+    const verified = !packet.unsignedChatContent && updateAndValidateChat(packet.senderUuid, packet.previousSignature, packet.signature, hash.digest()) && !expired
     client.emit('playerChat', {
@@ -189,3 +189,3 @@ plainMessage: packet.plainMessage,
     options.timestamp = options.timestamp || BigInt(Date.now())
-    options.salt = options.salt || 0
+    options.salt = options.salt || 1n
 
@@ -192,0 +192,0 @@ if (options.skipPreview || !client.serverFeatures.chatPreview) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

249982

increased by0.07%

No dependency changes