node-stream-zip - npm Package Compare versions

Comparing version 0.2.0 to 1.0.0

node-stream-zip.js

@@ -308,8 +308,11 @@ /**
                     if (entry.method === consts.STORED) {
-                        callback(null, entryStream);
                     } else if (entry.method === consts.DEFLATED || entry.method === consts.ENHANCED_DEFLATED) {
-                        callback(null, entryStream.pipe(zlib.createInflateRaw()));
+                        entryStream = entryStream.pipe(zlib.createInflateRaw());
                     } else {
                         callback('Unknown compression method: ' + entry.method);
+                        return;
                     }
+                    if ((entry.flags & 0x8) != 0x8) // if bit 3 (0x08) of the general-purpose flags field is set, then the CRC-32 and file sizes are not known when the header is written
+                        entryStream = entryStream.pipe(new EntryVerifyStream(entryStream, entry.crc, entry.size));
+                    callback(null, entryStream);
                 }
@@ -552,3 +555,3 @@ } catch (ex) {
         size = data.readUInt16LE(offset);
-        offset += 2 + size;
+        offset += 2;
         if (consts.ID_ZIP64 === signature) {
@@ -707,2 +710,55 @@ this.parseZip64Extra(data, offset, size);
 
+// region EntryVerifyStream
+
+var EntryVerifyStream = function(baseStm, crc, size) {
+    stream.Transform.prototype.constructor.call(this);
+    this.crc = crc;
+    this.size = size;
+    this.state = {
+        crc: ~0,
+        size: 0
+    };
+    var that = this;
+    baseStm.on('error', function(e) {
+        that.emit('error', e);
+    });
+};
+
+util.inherits(EntryVerifyStream, stream.Transform);
+
+EntryVerifyStream.prototype._transform = function(data, encoding, callback) {
+    var crcTable = EntryVerifyStream.prototype.crcTable;
+    if (!crcTable) {
+        EntryVerifyStream.prototype.crcTable = crcTable = [];
+        var b = new Buffer(4);
+        for (var n = 0; n < 256; n++) {
+            var c = n;
+            for (var k = 8; --k >= 0; )
+                if ((c & 1) != 0)  { c = 0xedb88320 ^ (c >>> 1); } else { c = c >>> 1; }
+            if (c < 0) {
+                b.writeInt32LE(c, 0);
+                c = b.readUInt32LE(0);
+            }
+            crcTable[n] = c;
+        }
+    }
+    var crc = this.state.crc, off = 0, len = data.length;
+    while (--len >= 0)
+        crc = crcTable[(crc ^ data[off++]) & 0xff] ^ (crc >>> 8);
+    this.state.crc = crc;
+    this.state.size += data.length;
+    if (this.state.size >= this.size) {
+        var buf = new Buffer(4);
+        buf.writeInt32LE(~this.state.crc & 0xffffffff, 0);
+        crc = buf.readUInt32LE(0);
+        if (crc !== this.crc)
+            return callback('Invalid CRC', data);
+        if (this.state.size !== this.size)
+            return callback('Invalid size', data);
+    }
+    callback(null, data);
+};
+
+// endregion
+
 // region exports
@@ -709,0 +765,0 @@

package.json

 {
   "name": "node-stream-zip",
-  "version": "0.2.0",
+  "version": "1.0.0",
   "description": "node.js library for reading and extraction of ZIP archives",
@@ -5,0 +5,0 @@ "keywords": [

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

31075

increased by6.78%

Lines of code

686

increased by8.03%

Number of low quality alerts

0

decreased by-100%

No dependency changes