minipass-fetch - npm Package Compare versions

Comparing version 1.3.4 to 1.4.0

lib/index.js

@@ -97,15 +97,2 @@ 'use strict'
     req.on('error', er => {
-      // if a 'response' event is emitted before the 'error' event, then by the
-      // time this handler is run it's too late to reject the Promise for the
-      // response. instead, we forward the error event to the response stream
-      // so that the error will surface to the user when they try to consume
-      // the body. this is done as a side effect of aborting the request except
-      // for in windows, where we must forward the event manually, otherwise
-      // there is no longer a ref'd socket attached to the request and the
-      // stream never ends so the event loop runs out of work and the process
-      // exits without warning.
-      // coverage skipped here due to the difficulty in testing
-      // istanbul ignore next
-      if (req.res)
-        req.res.emit('error', er)
       reject(new FetchError(`request to ${request.url} failed, reason: ${
@@ -303,12 +290,4 @@ er.message}`, 'system', er))
       // for br
-      if (codings == 'br') {
-        // ignoring coverage so tests don't have to fake support (or lack of) for brotli
-        // istanbul ignore next
-        try {
-          var decoder = new zlib.BrotliDecompress()
-        } catch (err) {
-          reject(err)
-          finalize()
-          return
-        }
+      if (codings == 'br' && typeof zlib.BrotliDecompress === 'function') {
+        const decoder = new zlib.BrotliDecompress()
         // exceedingly rare that the stream would have an error,
@@ -315,0 +294,0 @@ // but just in case we proxy it to the stream in use.

lib/request.js

@@ -80,3 +80,2 @@ 'use strict'
       ecdhCurve,
-      family,
       honorCipherOrder,
@@ -86,3 +85,3 @@ key,
       pfx,
-      rejectUnauthorized = true,
+      rejectUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED !== '0',
       secureOptions,
@@ -107,3 +106,2 @@ secureProtocol,
       ecdhCurve,
-      family,
       honorCipherOrder,
@@ -216,3 +214,2 @@ key,
       ecdhCurve,
-      family,
       honorCipherOrder,
@@ -244,3 +241,2 @@ key,
       ecdhCurve,
-      family,
       honorCipherOrder,
@@ -247,0 +243,0 @@ key,

package.json

 {
   "name": "minipass-fetch",
-  "version": "1.3.4",
+  "version": "1.4.0",
   "description": "An implementation of window.fetch in Node.js using Minipass streams",
@@ -25,7 +25,6 @@ "license": "MIT",
     "string-to-arraybuffer": "^1.0.2",
-    "tap": "^14.6.9",
+    "tap": "^15.0.9",
     "whatwg-url": "^7.0.0"
   },
   "dependencies": {
-    "encoding": "^0.1.12",
     "minipass": "^3.1.0",
@@ -32,0 +31,0 @@ "minipass-sized": "^1.0.3",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Dependency count

4

decreased by-20%

Number of medium supply chain risk alerts

11

decreased by-8.33%

Worsened metrics

Total package byte prevSize

42141

decreased by-2.37%

Lines of code

1183

decreased by-2.07%

Number of medium maintenance alerts

1

increased byInfinity%

Number of low supply chain risk alerts

1

increased byInfinity%

Dependency changes

• - Removedencoding@^0.1.12