on-headers - npm Package Compare versions

Comparing version 1.0.2 to 1.1.0

HISTORY.md

@@ -0,1 +1,6 @@
+1.1.0 / 2025-07-17
+==================
+  * - Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](https://github.com/expressjs/multer/security/advisories/GHSA-76c9-3jph-rj3q))
+
+
 1.0.2 / 2019-02-21
@@ -2,0 +7,0 @@ ==================

index.js

@@ -16,2 +16,8 @@ /*!
 
+var http = require('http')
+
+// older node versions don't have appendHeader
+var isAppendHeaderSupported = typeof http.ServerResponse.prototype.appendHeader === 'function'
+var set1dArray = isAppendHeaderSupported ? set1dArrayWithAppend : set1dArrayWithSet
+
 /**
@@ -78,4 +84,12 @@ * Create a replacement writeHead method.
 function setHeadersFromArray (res, headers) {
-  for (var i = 0; i < headers.length; i++) {
-    res.setHeader(headers[i][0], headers[i][1])
+  if (headers.length && Array.isArray(headers[0])) {
+    // 2D
+    set2dArray(res, headers)
+  } else {
+    // 1D
+    if (headers.length % 2 !== 0) {
+      throw new TypeError('headers array is malformed')
+    }
+
+    set1dArray(res, headers)
   }
@@ -135,1 +149,35 @@ }
 }
+
+function set2dArray (res, headers) {
+  var key
+  for (var i = 0; i < headers.length; i++) {
+    key = headers[i][0]
+    if (key) {
+      res.setHeader(key, headers[i][1])
+    }
+  }
+}
+
+function set1dArrayWithAppend (res, headers) {
+  for (var i = 0; i < headers.length; i += 2) {
+    res.removeHeader(headers[i])
+  }
+
+  var key
+  for (var j = 0; j < headers.length; j += 2) {
+    key = headers[j]
+    if (key) {
+      res.appendHeader(key, headers[j + 1])
+    }
+  }
+}
+
+function set1dArrayWithSet (res, headers) {
+  var key
+  for (var i = 0; i < headers.length; i += 2) {
+    key = headers[i]
+    if (key) {
+      res.setHeader(key, headers[i + 1])
+    }
+  }
+}

package.json

 {
   "name": "on-headers",
   "description": "Execute a listener when a response is about to write headers",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
@@ -15,12 +15,12 @@ "license": "MIT",
   "devDependencies": {
-    "eslint": "5.14.1",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.16.0",
-    "eslint-plugin-markdown": "1.0.0",
-    "eslint-plugin-node": "8.0.1",
-    "eslint-plugin-promise": "4.0.1",
-    "eslint-plugin-standard": "4.0.0",
-    "istanbul": "0.4.5",
-    "mocha": "6.0.1",
-    "supertest": "3.4.2"
+    "eslint": "6.8.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.21.2",
+    "eslint-plugin-markdown": "1.0.2",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.2.1",
+    "eslint-plugin-standard": "4.0.1",
+    "mocha": "10.2.0",
+    "nyc": "15.1.0",
+    "supertest": "4.0.2"
   },
@@ -38,7 +38,9 @@ "files": [
     "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/",
+    "test": "mocha --reporter spec --check-leaks test/test.js",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "update-upstream-hashes": "node scripts/update-upstream-hashes.js",
+    "upstream": "mocha --reporter spec --check-leaks test/upstream.js",
     "version": "node scripts/version-history.js && git add HISTORY.md"
   }
 }

README.md

@@ -5,5 +5,5 @@ # on-headers
 [![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
 
@@ -74,10 +74,10 @@ Execute a listener when a response is about to write headers.
 
+[ci-image]: https://badgen.net/github/checks/jshttp/on-headers/master?label=ci
+[ci-url]: https://github.com/jshttp/on-headers/actions/workflows/ci.yml
 [coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/on-headers/master
 [coveralls-url]: https://coveralls.io/r/jshttp/on-headers?branch=master
-[node-version-image]: https://badgen.net/npm/node/on-headers
-[node-version-url]: https://nodejs.org/en/download
+[node-image]: https://badgen.net/npm/node/on-headers
+[node-url]: https://nodejs.org/en/download
 [npm-downloads-image]: https://badgen.net/npm/dm/on-headers
 [npm-url]: https://npmjs.org/package/on-headers
 [npm-version-image]: https://badgen.net/npm/v/on-headers
-[travis-image]: https://badgen.net/travis/jshttp/on-headers/master
-[travis-url]: https://travis-ci.org/jshttp/on-headers

New alerts

Unstable ownership

Supply chain risk

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8850

17.41%

Lines of code

149

37.96%

Worsened metrics

Number of high supply chain risk alerts

1

Infinity%

Number of medium supply chain risk alerts

2

Infinity%

No dependency changes