node-red-contrib-ftp-sftp - npm Package Compare versions

Comparing version 1.6.2 to 1.7.0

package.json

 {
   "name": "node-red-contrib-ftp-sftp",
-  "version": "1.6.2",
+  "version": "1.7.0",
   "description": "A node-red node that support FTP and SFTP file transfer using $() environment variables to control the ftp connection details",
@@ -5,0 +5,0 @@ "main": "sftp.js",

README.md

@@ -17,2 +17,7 @@
 
+Configuration
+-------
+
+process.env.SFTP_SSH_KEY_FILE - If you want to use private SSH key set this environment variable
+
 SFTP
@@ -19,0 +24,0 @@ -------

sftp.js

@@ -31,3 +31,5 @@ /**
 //  -- DID validate it works with list/dir
+const fs = require('fs');
 
+
 module.exports = function (RED) {
@@ -44,17 +46,46 @@ 'use strict';
 
-    console.log("hmac: " + n.hmac);
-    console.log("cipher: " + n.cipher);
+    console.log("[http://wwww.HardingPoint.com] SFTP - Config - hmac: " + n.hmac);
+    console.log("[http://wwww.HardingPoint.com] SFTP - Config - cipher: " + n.cipher);
 
-    this.options = {
-          host: n.host || 'localhost',
-          port: n.port || 21,
-          username: n.username,
-          password: n.password,
-          algorithms: {
-              // hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96'],
-              // cipher: ['aes256-cbc']
-              hmac: n.hmac,
-              cipher: n.cipher
-          }
-      };
+    var keyFile = null;
+    var keyData = null;
+    if (process.env.SFTP_SSH_KEY_FILE){
+        keyFile = process.env.SFTP_SSH_KEY_FILE;
+        try{
+            keyData = fs.readFileSync(keyFile);
+        } catch (e){
+            keyData = null;
+            console.log("[http://wwww.HardingPoint.com] SFTP - Read Key File [" + keyFile + "] Exception : " + e);
+        }
+    }
+
+    if (keyFile && keyData) {
+        console.log("[http://wwww.HardingPoint.com] SFTP - Using privateKey: " + keyFile);
+        this.options = {
+            host: n.host || 'localhost',
+            port: n.port || 21,
+            username: n.username,
+            privateKey: keyData,
+            algorithms: {
+                // hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96'],
+                // cipher: ['aes256-cbc']
+                hmac: n.hmac,
+                cipher: n.cipher
+            }
+        };
+    } else {
+        console.log("[http://wwww.HardingPoint.com] SFTP - Using User/Pwd");
+        this.options = {
+            host: n.host || 'localhost',
+            port: n.port || 21,
+            username: n.username,
+            password: n.password,
+            algorithms: {
+                // hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96'],
+                // cipher: ['aes256-cbc']
+                hmac: n.hmac,
+                cipher: n.cipher
+            }
+        };
+    }
   }
@@ -61,0 +92,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

57674

increased by3.36%

Lines of code

298

increased by10.78%

Number of lines in readme file

44

increased by12.82%

Worsened metrics

Number of package files

11

decreased by-8.33%

Number of low supply chain risk alerts

7

increased by250%

No dependency changes