node-my-info-sg
Advanced tools
node-my-info-sg - npm Package Compare versions
Comparing version 1.1.2 to 2.0.0
@@ -96,5 +96,3 @@ const _ = require('lodash'); | ||
| // _authLevel === 'L2' | ||
| const [header, encryptedKey, iv, ciphertext, tag] = responseText.split('.'); | ||
| const personDataJWS = await securityHelper.decryptJWE(header, encryptedKey, iv, ciphertext, tag, _privateKeyPath); | ||
| const personDataJWS = await securityHelper.decryptJWE(responseText, _privateKeyPath); | ||
| if (!personDataJWS) throw new Error('INVALID DATA OR SIGNATURE FOR PERSON DATA'); | ||
@@ -101,0 +99,0 @@ |
| const _ = require('lodash'); | ||
| const crypto = require('crypto'); | ||
| const fs = require('fs'); | ||
| const jose = require('node-jose'); | ||
| const jose = require('jose'); | ||
| const jwt = require('jsonwebtoken'); | ||
@@ -126,19 +126,7 @@ const qs = require('querystring'); | ||
| // Decrypt JWE using private key | ||
| security.decryptJWE = async function decryptJWE(header, encryptedKey, iv, cipherText, tag, privateKey) { | ||
| security.decryptJWE = async function decryptJWE(jwe, privateKeyPath) { | ||
| try { | ||
| const keystore = jose.JWK.createKeyStore(); | ||
| const data = { | ||
| type: 'compact', | ||
| ciphertext: cipherText, | ||
| protected: header, | ||
| encrypted_key: encryptedKey, | ||
| tag, | ||
| iv, | ||
| header: JSON.parse(jose.util.base64url.decode(header).toString()), | ||
| }; | ||
| const jweKey = await keystore.add(fs.readFileSync(privateKey, 'utf8'), 'pem'); | ||
| const result = await jose.JWE.createDecrypt(jweKey).decrypt(data); | ||
| return JSON.parse(result.payload.toString()); | ||
| const privateKey = await jose.importPKCS8(fs.readFileSync(privateKeyPath, 'utf8')); | ||
| const { plaintext } = await jose.compactDecrypt(jwe, privateKey); | ||
| return JSON.parse(plaintext.toString()); | ||
| } catch (error) { | ||
@@ -145,0 +133,0 @@ throw new Error('ERROR WITH DECRYPTING JWE'); |
| { | ||
| "name": "node-my-info-sg", | ||
| "version": "1.1.2", | ||
| "version": "2.0.0", | ||
| "description": "", | ||
@@ -22,7 +22,10 @@ "main": "lib/client.js", | ||
| "dependencies": { | ||
| "jose": "^4.6.0", | ||
| "jsonwebtoken": "^8.5.1", | ||
| "lodash": "^4.17.11", | ||
| "node-jose": "^2.0.0", | ||
| "superagent": "^5.0.2" | ||
| }, | ||
| "engines": { | ||
| "node": ">=12" | ||
| }, | ||
| "devDependencies": { | ||
@@ -37,3 +40,3 @@ "@babel/core": "^7.0.0-0", | ||
| "eslint-plugin-react": "^7.11.0", | ||
| "jest": "^24.8.0", | ||
| "jest": "^27.5.1", | ||
| "jest-watch-typeahead": "^0.3.1", | ||
@@ -40,0 +43,0 @@ "puppeteer": "^1.15.0", |
@@ -21,4 +21,4 @@ import _ from 'lodash'; | ||
| await page.waitFor('[name="userId"]'); | ||
| await page.evaluate(() => { document.querySelector('[name="userId"]').selectedIndex = 2; }); | ||
| await page.waitFor('[name="code"]'); | ||
| await page.evaluate(() => { document.querySelector('[name="code"]').selectedIndex = 2; }); | ||
@@ -25,0 +25,0 @@ await page.click('button.btn-danger'); |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-88.86%
20287
- Lines of code
- decreased by-2.74%
390
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedjose@^4.6.0
+ Addedjose@4.15.9(transitive)
- Removednode-jose@^2.0.0
- Removedbase64-js@1.5.1(transitive)
- Removedbase64url@3.0.1(transitive)
- Removedbuffer@6.0.3(transitive)
- Removedes6-promise@4.2.8(transitive)
- Removedieee754@1.2.1(transitive)
- Removedlong@5.2.3(transitive)
- Removednode-forge@1.3.1(transitive)
- Removednode-jose@2.2.0(transitive)
- Removedpako@2.1.0(transitive)
- Removedprocess@0.11.10(transitive)
- Removeduuid@9.0.1(transitive)