npm-profile - npm Package Compare versions

Comparing version 4.0.2 to 4.0.3

index.js

 'use strict'
 
 const fetch = require('npm-registry-fetch')
-const {HttpErrorBase} = require('npm-registry-fetch/errors.js')
+const { HttpErrorBase } = require('npm-registry-fetch/errors.js')
 const os = require('os')
@@ -21,2 +21,12 @@ const pudding = require('figgy-pudding')
 
+const url = require('url')
+
+const isValidUrl = u => {
+  if (u && typeof u === 'string') {
+    const p = url.parse(u)
+    return !!(p.protocol && p.slashes && p.host && p.path)
+  }
+  return false
+}
+
 const ProfileConfig = pudding({
@@ -80,17 +90,12 @@ creds: {},
   }).then(([res, content]) => {
-    const {doneUrl, loginUrl} = content
+    const { doneUrl, loginUrl } = content
     process.emit('log', 'verbose', 'web auth', 'got response', content)
-    if (
-      typeof doneUrl !== 'string' ||
-      typeof loginUrl !== 'string' ||
-      !doneUrl ||
-      !loginUrl
-    ) {
+    if (!isValidUrl(doneUrl) || !isValidUrl(loginUrl)) {
       throw new WebLoginInvalidResponse('POST', res, content)
     }
     return content
-  }).then(({doneUrl, loginUrl}) => {
+  }).then(({ doneUrl, loginUrl }) => {
     process.emit('log', 'verbose', 'web auth', 'opening url pair')
     return opener(loginUrl).then(
-      () => webAuthCheckLogin(doneUrl, opts.concat({cache: false}))
+      () => webAuthCheckLogin(doneUrl, opts.concat({ cache: false }))
     )
@@ -188,3 +193,3 @@ }).catch(er => {
     return fetch.json(target, opts.concat({
-      query: {write: true}
+      query: { write: true }
     })).then(result => {
@@ -191,0 +196,0 @@ Object.keys(result).forEach(function (k) {

package.json

 {
   "name": "npm-profile",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "description": "Library for updating an npmjs.com profile",
@@ -5,0 +5,0 @@ "keywords": [],

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29585

increased by0.47%

Lines of code

264

increased by1.15%

Number of medium supply chain risk alerts

11

decreased by-8.33%

No dependency changes