purify - npm Package Compare versions

Comparing version 3.3.0 to 3.3.1

lib/purify.js

@@ -31,4 +31,4 @@ (function (root, factory) {
             if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
-                fragments = rawValue.toLowerCase().split('@');
-                encodedDomain = fragments.length === 2 && punycode.toASCII(fragments[1]);
+                fragments = rawValue.split('@');
+                encodedDomain = fragments.length === 2 && punycode.toASCII(fragments[1]).toLowerCase();
                 var decodedDomain = punycode.toUnicode(encodedDomain); // Makes sure invalid domains like foo.xn--no aren't allowed
@@ -60,4 +60,4 @@
             if (typeof rawValue === 'string' && oneValidation.emailIdn.test(rawValue)) {
-                fragments = rawValue.toLowerCase().split('@');
-                decodedDomain = fragments.length === 2 && punycode.toUnicode(fragments[1]);
+                fragments = rawValue.split('@');
+                decodedDomain = fragments.length === 2 && punycode.toUnicode(fragments[1]).toLowerCase();
 
@@ -64,0 +64,0 @@ if (!(/\.[^\.]{2,}$/.test(decodedDomain))) {

package.json

@@ -19,3 +19,3 @@ {
   },
-  "version": "3.3.0",
+  "version": "3.3.1",
   "engines": {
@@ -22,0 +22,0 @@ "node": ">=0.4.0"

test/purify.js

@@ -73,2 +73,8 @@ /*global it, describe*/
             expect('email', 'to allow', 'andreas@xn--cntersurf-g3a.quuxbar', 'andreas@xn--cntersurf-g3a.quuxbar');
+
+            // Mixed-case local parts allowed
+            expect('email', 'to allow', 'ANDreas@centersurf.net', 'ANDreas@centersurf.net');
+            expect('email', 'to allow', 'AnDrEaS@centersurf.quuxbar', 'AnDrEaS@centersurf.quuxbar');
+            // Mixed case domain parts get lowercased
+            expect('email', 'to allow', 'andreas@CENTERSURF.net', 'andreas@centersurf.net');
         });
@@ -98,2 +104,8 @@
             expect('emailIdn', 'to allow', 'andreas@xn--cntersurf-g3a.quuxbar', 'andreas@cæntersurf.quuxbar');
+
+            // Mixed-case local parts allowed
+            expect('email', 'to allow', 'ANDreas@centersurf.net', 'ANDreas@centersurf.net');
+            expect('email', 'to allow', 'AnDrEaS@centersurf.quuxbar', 'AnDrEaS@centersurf.quuxbar');
+            // Mixed case domain parts get lowercased
+            expect('email', 'to allow', 'andreas@CENTERSURF.net', 'andreas@centersurf.net');
         });
@@ -100,0 +112,0 @@

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

49017

increased by1.61%

Lines of code

807

increased by1.25%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes