safe-buffer
Advanced tools
Comparing version 2.0.0 to 3.0.0
20
index.js
| module.exports = SafeBuffer | ||
| module.exports.Buffer = SafeBuffer | ||
| function SafeBuffer (arg1, arg2) { | ||
| var buffer = new Buffer(arg1, arg2) | ||
| if (typeof arg1 === 'number') { | ||
| buffer.fill(0) | ||
| } | ||
| return buffer | ||
| function SafeBuffer (value, encoding) { | ||
| return Buffer(value, encoding) | ||
| } | ||
@@ -20,3 +16,3 @@ | ||
| } | ||
| return new Buffer(value, encoding) | ||
| return Buffer(value, encoding) | ||
| } | ||
@@ -28,12 +24,12 @@ | ||
| } | ||
| return new Buffer(size) | ||
| var buffer = Buffer(size) | ||
| buffer.fill(0) | ||
| return buffer | ||
| } | ||
| SafeBuffer.zalloc = function (size) { | ||
| SafeBuffer.allocRaw = function (size) { | ||
| if (typeof size !== 'number') { | ||
| throw new TypeError('Argument must be a number') | ||
| } | ||
| var buffer = new Buffer(size) | ||
| buffer.fill(0) | ||
| return buffer | ||
| return Buffer(size) | ||
| } |
| { | ||
| "name": "safe-buffer", | ||
| "description": "Safer Node.js Buffer API", | ||
| "version": "2.0.0", | ||
| "version": "3.0.0", | ||
| "author": { | ||
@@ -6,0 +6,0 @@ "name": "Feross Aboukhadijeh", |
@@ -32,12 +32,9 @@ # safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][npm-url] | ||
| new Buffer(obj) | ||
| new Buffer(16) // create an uninitialized buffer (potentially unsafe) | ||
| // But this potentially unsafe operation now returns zeroed out memory: | ||
| // But you can use these new explicit APIs to make clear what you want: | ||
| new Buffer(16) // this is safe now! | ||
| // Going forward, use an explicit API to make clear what you want. | ||
| Buffer.from('hey', 'utf8') // convert from many types to a Buffer | ||
| Buffer.zalloc(16) // create a zero-filled buffer (safe) | ||
| Buffer.alloc(16) // create an uninitialized buffer (potentially unsafe) | ||
| Buffer.alloc(16) // create a zero-filled buffer (safe) | ||
| Buffer.allocRaw(16) // create an uninitialized buffer (potentially unsafe) | ||
| ``` | ||
@@ -53,7 +50,7 @@ | ||
| ### `Buffer.zalloc(size)` | ||
| ### `Buffer.alloc(size)` | ||
| Allocate a zero-filled buffer with the given `size`. This is safe and recommended to use. | ||
| ### `Buffer.alloc(size)` | ||
| ### `Buffer.allocRaw(size)` | ||
@@ -241,10 +238,10 @@ Allocate an uninitialized buffer with the given `size`. This is potentially unsafe. The | ||
| #### A new API: `Buffer.alloc(number)` | ||
| #### A new API: `Buffer.allocRaw(number)` | ||
| The functionality of creating buffers with uninitialized memory should be part of another | ||
| API. We propose `Buffer.alloc(number)`. This way, it's not part of an API that frequently | ||
| gets user input of all sorts of different types passed into it. | ||
| API. We propose `Buffer.allocRaw(number)`. This way, it's not part of an API that | ||
| frequently gets user input of all sorts of different types passed into it. | ||
| ```js | ||
| var buf = Buffer.alloc(16) // careful, uninitialized memory! | ||
| var buf = Buffer.allocRaw(16) // careful, uninitialized memory! | ||
@@ -279,20 +276,18 @@ // Immediately overwrite the uninitialized buffer with data from another buffer | ||
| We could deprecate and remove `new Buffer(number)` and use `Buffer.alloc(number)` when | ||
| We could deprecate and remove `new Buffer(number)` and use `Buffer.allocRaw(number)` when | ||
| we need uninitialized memory. But that would break 1000s of packages. | ||
| We believe the best solution is to: | ||
| ~~We believe the best solution is to:~~ | ||
| ~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~ | ||
| ~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.alloc(number)`~~ | ||
| ~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocRaw(number)`~~ | ||
| ### Update | ||
| #### Update | ||
| Upon further consideration, we think that returning zeroed out memory is a separate issue. | ||
| The core issue is: unsafe buffer allocation should be in a different API. | ||
| We now support adding three new APIs: | ||
| We now support adding two APIs: | ||
| - `Buffer.from(value)` - convert from any type to a buffer | ||
| - `Buffer.alloc(size)` - create an uninitialized buffer with given size | ||
| - `Buffer.alloc(size)` - create a zero-filled buffer | ||
| - `Buffer.allocRaw(size)` - create an uninitialized buffer with given size | ||
@@ -304,3 +299,3 @@ This solves the core problem that affected `ws` and `bittorrent-dht` which is | ||
| minimal. Over time, npm maintainers can migrate performance-critical code to use | ||
| `Buffer.alloc(number)` instead of `new Buffer(number)`. | ||
| `Buffer.allocRaw(number)` instead of `new Buffer(number)`. | ||
@@ -307,0 +302,0 @@ |
43
test.js
@@ -29,11 +29,11 @@ var test = require('tape') | ||
| test('new SafeBuffer(number) returns zeroed-out memory', function (t) { | ||
| test('SafeBuffer.alloc(number) returns zeroed-out memory', function (t) { | ||
| for (var i = 0; i < 10; i++) { | ||
| var expected1 = new Buffer(1000) | ||
| expected1.fill(0) | ||
| t.deepEqual(new SafeBuffer(1000), expected1) | ||
| t.deepEqual(SafeBuffer.alloc(1000), expected1) | ||
| var expected2 = new Buffer(1000 * 1000) | ||
| expected2.fill(0) | ||
| t.deepEqual(new SafeBuffer(1000 * 1000), expected2) | ||
| t.deepEqual(SafeBuffer.alloc(1000 * 1000), expected2) | ||
| } | ||
@@ -43,17 +43,4 @@ t.end() | ||
| test('SafeBuffer.zalloc(number) returns zeroed-out memory', function (t) { | ||
| for (var i = 0; i < 10; i++) { | ||
| var expected1 = new Buffer(1000) | ||
| expected1.fill(0) | ||
| t.deepEqual(SafeBuffer.zalloc(1000), expected1) | ||
| var expected2 = new Buffer(1000 * 1000) | ||
| expected2.fill(0) | ||
| t.deepEqual(SafeBuffer.zalloc(1000 * 1000), expected2) | ||
| } | ||
| t.end() | ||
| }) | ||
| test('SafeBuffer.alloc(number)', function (t) { | ||
| var buf = SafeBuffer.alloc(100) // unitialized memory | ||
| test('SafeBuffer.allocRaw(number)', function (t) { | ||
| var buf = SafeBuffer.allocRaw(100) // unitialized memory | ||
| t.equal(buf.length, 100) | ||
@@ -65,32 +52,32 @@ t.equal(SafeBuffer.isBuffer(buf), true) | ||
| test('SafeBuffer.alloc() throws with non-number types', function (t) { | ||
| test('SafeBuffer.allocRaw() throws with non-number types', function (t) { | ||
| t.plan(4) | ||
| t.throws(function () { | ||
| SafeBuffer.alloc('hey') | ||
| SafeBuffer.allocRaw('hey') | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.alloc('hey', 'utf8') | ||
| SafeBuffer.allocRaw('hey', 'utf8') | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.alloc([1, 2, 3]) | ||
| SafeBuffer.allocRaw([1, 2, 3]) | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.alloc({}) | ||
| SafeBuffer.allocRaw({}) | ||
| }) | ||
| }) | ||
| test('SafeBuffer.zalloc() throws with non-number types', function (t) { | ||
| test('SafeBuffer.alloc() throws with non-number types', function (t) { | ||
| t.plan(4) | ||
| t.throws(function () { | ||
| SafeBuffer.zalloc('hey') | ||
| SafeBuffer.alloc('hey') | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.zalloc('hey', 'utf8') | ||
| SafeBuffer.alloc('hey', 'utf8') | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.zalloc([1, 2, 3]) | ||
| SafeBuffer.alloc([1, 2, 3]) | ||
| }) | ||
| t.throws(function () { | ||
| SafeBuffer.zalloc({}) | ||
| SafeBuffer.alloc({}) | ||
| }) | ||
| }) |
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-3.03%
17169
- Lines of code
- decreased by-13.27%
98
- Number of lines in readme file
- decreased by-1.43%
345
No dependency changes