packageurl-js
Advanced tools
Comparing version 1.0.2 to 1.1.0
@@ -0,1 +1,5 @@ | ||
# 1.1.0 | ||
### Features | ||
* Verify entire version string is properly encoded (contributed by @mcombuechen, @topaztee) | ||
# 1.0.2 | ||
@@ -2,0 +6,0 @@ ### Bug Fixes |
{ | ||
"name": "packageurl-js", | ||
"version": "1.0.2", | ||
"version": "1.1.0", | ||
"description": "JavaScript library to parse and build \"purl\" aka. package URLs. This is a microlibrary implementing the purl spec at https://github.com/package-url", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -176,3 +176,14 @@ /*! | ||
let index = path.indexOf('@'); | ||
version = decodeURIComponent(path.substring(index + 1)); | ||
let rawVersion= path.substring(index + 1); | ||
version = decodeURIComponent(rawVersion); | ||
// Convert percent-encoded colons (:) back, to stay in line with the `toString` | ||
// implementation of this library. | ||
// https://github.com/package-url/packageurl-js/blob/58026c86978c6e356e5e07f29ecfdccbf8829918/src/package-url.js#L98C10-L98C10 | ||
let versionEncoded = encodeURIComponent(version).replace(/%3A/g, ':'); | ||
if (rawVersion !== versionEncoded) { | ||
throw new Error('Invalid purl: version must be percent-encoded'); | ||
} | ||
remainder = path.substring(0, index); | ||
@@ -179,0 +190,0 @@ } else { |
@@ -373,3 +373,15 @@ [ | ||
"is_invalid": false | ||
}, | ||
{ | ||
"description": "improperly encoded version string", | ||
"purl": "pkg:maven/org.apache.commons/io@1.4.0-$@", | ||
"canonical_purl": "pkg:maven/org.apache.commons/io@1.4.0-$@", | ||
"type": null, | ||
"namespace": null, | ||
"name": "io", | ||
"version": "1.4.0-$@", | ||
"qualifiers": null, | ||
"subpath": null, | ||
"is_invalid": true | ||
} | ||
] |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
39862
849