node-apk - npm Package Compare versions

Comparing version 1.0.0-beta.0 to 1.0.0-beta.2

dist/apk.js

@@ -10,3 +10,4 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-var yauzl_promise_1 = __importDefault(require("yauzl-promise"));
+var fs_1 = __importDefault(require("fs"));
+var jszip_1 = __importDefault(require("jszip"));
 var binaryXml_1 = __importDefault(require("./binaryXml"));
@@ -18,14 +19,7 @@ var certificate_1 = __importDefault(require("./certificate"));
         this.path = path;
-        this.promise = yauzl_promise_1.default.open(path);
     }
     Apk.prototype.lookupEntry = function (key) {
-        var _this = this;
-        return new Promise(function (resolve, reject) {
-            var found;
-            _this.promise.then(function (zip) { return zip.walkEntries(function (entry) {
-                if (entry.fileName === key) {
-                    found = entry;
-                }
-            }); }).then(function () { return found !== undefined ? resolve(found) : reject("Entry not found: " + key); });
-        });
+        return this.bufferize(fs_1.default.createReadStream(this.path))
+            .then(function (buffer) { return jszip_1.default.loadAsync(buffer); })
+            .then(function (zip) { return zip.files[key].nodeStream(); });
     };
@@ -35,3 +29,2 @@ Apk.prototype.getCertificateInfo = function () {
         return this.lookupEntry("META-INF/CERT.RSA")
-            .then(function (entry) { return entry.openReadStream(); })
             .then(function (stream) { return _this.bufferize(stream); })
@@ -43,3 +36,2 @@ .then(function (buffer) { return certificate_1.default.parse(buffer); });
         return this.lookupEntry("AndroidManifest.xml")
-            .then(function (entry) { return entry.openReadStream(); })
             .then(function (stream) { return _this.bufferize(stream); })
@@ -49,3 +41,3 @@ .then(function (buffer) { return new binaryXml_1.default(new source_1.default(buffer)); });
     Apk.prototype.close = function () {
-        return this.promise.then(function (zip) { return zip.close(); });
+        return undefined;
     };
@@ -52,0 +44,0 @@ Apk.prototype.bufferize = function (stream) {

dist/certificate.js

@@ -23,4 +23,4 @@ "use strict";
         var asn = node_forge_1.default.asn1.fromDer(node_forge_1.default.util.createBuffer(buffer));
-        var pkcs7 = node_forge_1.default.pkcs7.messageFromAsn1(asn);
-        return pkcs7.certificates
+        return node_forge_1.default.pkcs7.messageFromAsn1(asn)
+            .certificates
             .map(function (certificate) { return new Certificate(certificate); });
@@ -27,0 +27,0 @@ };

lib/apk.ts

@@ -6,3 +6,4 @@ /*Copyright (c) 2019 XdevL. All rights reserved.
 
-import NodeZip from "yauzl-promise";
+import NodeFs from "fs";
+import NodeZip from "jszip";
 import BinaryXml from "./binaryXml";
@@ -14,16 +15,11 @@ import Certificate from "./certificate";
   private path: string;
-  private promise: Promise<NodeZip.ZipFile>;
 
   constructor(path: string) {
     this.path = path;
-    this.promise = NodeZip.open(path);
   }
 
-  public lookupEntry(key: string): Promise<NodeZip.Entry> {
-    return new Promise((resolve, reject) => {
-      let found: NodeZip.Entry;
-      this.promise.then((zip) => zip.walkEntries((entry) => {
-        if (entry.fileName === key) {found = entry; }
-      })).then(() => found !== undefined ? resolve(found) : reject("Entry not found: " + key));
-    });
+  public lookupEntry(key: string): Promise<NodeJS.ReadableStream> {
+    return this.bufferize(NodeFs.createReadStream(this.path))
+      .then((buffer) => NodeZip.loadAsync(buffer))
+      .then((zip) => zip.files[key].nodeStream());
   }
@@ -33,3 +29,2 @@
     return this.lookupEntry("META-INF/CERT.RSA")
-      .then((entry) => entry.openReadStream())
       .then((stream) => this.bufferize(stream))
@@ -41,3 +36,2 @@ .then((buffer) => Certificate.parse(buffer));
     return this.lookupEntry("AndroidManifest.xml")
-      .then((entry) => entry.openReadStream())
       .then((stream) => this.bufferize(stream))
@@ -48,3 +42,3 @@ .then((buffer) => new BinaryXml(new Source(buffer)));
   public close() {
-    return this.promise.then((zip) => zip.close());
+    return undefined;
   }
@@ -51,0 +45,0 @@

lib/certificate.ts

@@ -13,5 +13,5 @@ /*Copyright (c) 2019 XdevL. All rights reserved.
     const asn = NodeForge.asn1.fromDer(NodeForge.util.createBuffer(buffer));
-    const pkcs7 = NodeForge.pkcs7.messageFromAsn1(asn);
-    return (pkcs7.certificates as NodeForge.pki.Certificate[])
-      .map((certificate) => new Certificate(certificate));
+    return ((NodeForge.pkcs7 as any).messageFromAsn1(asn)
+        .certificates as NodeForge.pki.Certificate[])
+        .map((certificate) => new Certificate(certificate));
   }
@@ -18,0 +18,0 @@

package.json

 {
   "name": "node-apk",
-  "version": "1.0.0-beta.0",
+  "version": "1.0.0-beta.2",
   "description": "A library to parse Android application manifest and signature",
@@ -28,5 +28,5 @@ "main": "dist/index.js",
   "devDependencies": {
+    "@types/jszip": "^3.1.5",
     "@types/node": "^11.11.4",
     "@types/node-forge": "^0.8.0",
-    "@types/yauzl-promise": "^2.1.0",
     "tslint": "^5.14.0",
@@ -36,5 +36,5 @@ "typescript": "^3.3.4000"
   "dependencies": {
-    "node-forge": "^0.8.2",
-    "yauzl-promise": "^2.1.3"
+    "jszip": "^3.2.1",
+    "node-forge": "^0.8.2"
   }
 }

types/index.d.ts

@@ -6,10 +6,2 @@ /*Copyright (c) 2019 XdevL. All rights reserved.
 
-/// <reference types="node-forge" />
-declare module "node-forge" {
-
-  namespace pkcs7 {
-    function messageFromAsn1(asn: asn1.Asn1): any;
-  }
-}
-
 declare module "node-apk" {
@@ -16,0 +8,0 @@

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

31196

decreased by-2.86%

Lines of code

630

decreased by-3.08%

Number of low supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedjszip@^3.2.1

• + Addedcore-util-is@1.0.3(transitive)

• + Addedimmediate@3.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedjszip@3.10.1(transitive)

• + Addedlie@3.3.0(transitive)

• + Addedpako@1.0.11(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedreadable-stream@2.3.8(transitive)

• + Addedsafe-buffer@5.1.2(transitive)

• + Addedsetimmediate@1.0.5(transitive)

• + Addedstring_decoder@1.1.1(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• - Removedyauzl-promise@^2.1.3

• - Removedbuffer-crc32@0.2.13(transitive)

• - Removedevents-intercept@2.0.0(transitive)

• - Removedfd-slicer@1.1.0(transitive)

• - Removedpend@1.2.0(transitive)

• - Removedyauzl@2.10.0(transitive)

• - Removedyauzl-clone@1.0.4(transitive)

• - Removedyauzl-promise@2.1.3(transitive)