send - npm Package Compare versions

Comparing version 1.0.0-beta.1 to 1.0.0-beta.2

HISTORY.md

@@ -0,1 +1,6 @@
+1.0.0-beta.2 / 2024-03-04
+=========================
+
+  * Changes from 0.18.0
+
 1.0.0-beta.1 / 2022-02-04
@@ -19,2 +24,17 @@ =========================
 
+0.18.0 / 2022-03-23
+===================
+
+  * Fix emitted 416 error missing headers property
+  * Limit the headers removed for 304 response
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: destroy@1.2.0
+  * deps: http-errors@2.0.0
+    - deps: depd@2.0.0
+    - deps: statuses@2.0.1
+  * deps: on-finished@2.4.1
+  * deps: statuses@2.0.1
+
 0.17.2 / 2021-12-11
@@ -21,0 +41,0 @@ ===================

index.js

 /*!
  * send
  * Copyright(c) 2012 TJ Holowaychuk
- * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
  * MIT Licensed
@@ -169,9 +169,7 @@ */
   if (hasListeners(this, 'error')) {
-    return this.emit('error', createError(status, err, {
-      expose: false
-    }))
+    return this.emit('error', createHttpError(status, err))
   }
 
   var res = this.res
-  var msg = statuses[status] || String(status)
+  var msg = statuses.message[status] || String(status)
   var doc = createHtmlDocument('Error', escapeHtml(msg))
@@ -252,3 +250,3 @@
 /**
- * Strip content-* header fields.
+ * Strip various content header fields for a change in entity.
  *
@@ -260,10 +258,8 @@ * @private
   var res = this.res
-  var headers = getHeaderNames(res)
 
-  for (var i = 0; i < headers.length; i++) {
-    var header = headers[i]
-    if (header.substr(0, 8) === 'content-' && header !== 'content-location') {
-      res.removeHeader(header)
-    }
-  }
+  res.removeHeader('Content-Encoding')
+  res.removeHeader('Content-Language')
+  res.removeHeader('Content-Length')
+  res.removeHeader('Content-Range')
+  res.removeHeader('Content-Type')
 }
@@ -683,4 +679,2 @@
 SendStream.prototype.stream = function stream (path, options) {
-  // TODO: this is all lame, refactor meeee
-  var finished = false
   var self = this
@@ -694,17 +688,15 @@ var res = this.res
 
-  // response finished, done with the fd
-  onFinished(res, function onfinished () {
-    finished = true
-    destroy(stream)
-  })
+  // cleanup
+  function cleanup () {
+    destroy(stream, true)
+  }
 
-  // error handling code-smell
+  // response finished, cleanup
+  onFinished(res, cleanup)
+
+  // error handling
   stream.on('error', function onerror (err) {
-    // request already finished
-    if (finished) return
+    // clean up stream early
+    cleanup()
 
-    // clean up stream
-    finished = true
-    destroy(stream)
-
     // error
@@ -867,2 +859,20 @@ self.onStatError(err)
 /**
+ * Create a HttpError object from simple arguments.
+ *
+ * @param {number} status
+ * @param {Error|object} err
+ * @private
+ */
+
+function createHttpError (status, err) {
+  if (!err) {
+    return createError(status)
+  }
+
+  return err instanceof Error
+    ? createError(status, err, { expose: false })
+    : createError(status, err)
+}
+
+/**
  * decodeURIComponent.
@@ -869,0 +879,0 @@ *

package.json

 {
   "name": "send",
   "description": "Better streaming static file server with Range and conditional-GET support",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0-beta.2",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
@@ -20,3 +20,3 @@ "contributors": [
     "debug": "3.1.0",
-    "destroy": "~1.0.4",
+    "destroy": "1.2.0",
     "encodeurl": "~1.0.2",
@@ -26,8 +26,8 @@ "escape-html": "~1.0.3",
     "fresh": "0.5.2",
-    "http-errors": "1.8.1",
+    "http-errors": "2.0.0",
     "mime-types": "~2.1.34",
     "ms": "2.1.3",
-    "on-finished": "~2.3.0",
+    "on-finished": "2.4.1",
     "range-parser": "~1.2.1",
-    "statuses": "~1.5.0"
+    "statuses": "2.0.1"
   },
@@ -38,3 +38,3 @@ "devDependencies": {
     "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.3",
+    "eslint-plugin-import": "2.25.4",
     "eslint-plugin-markdown": "2.2.1",
@@ -44,5 +44,5 @@ "eslint-plugin-node": "11.1.0",
     "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.1.3",
+    "mocha": "9.2.2",
     "nyc": "15.1.0",
-    "supertest": "6.1.6"
+    "supertest": "6.2.2"
   },
@@ -53,2 +53,3 @@ "files": [
     "README.md",
+    "SECURITY.md",
     "index.js"
@@ -55,0 +56,0 @@ ],

README.md

@@ -314,4 +314,4 @@ # send
 [coveralls-url]: https://coveralls.io/r/pillarjs/send?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=ci
-[github-actions-ci-url]: https://github.com/pillarjs/send/actions?query=workflow%3Aci
+[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=linux
+[github-actions-ci-url]: https://github.com/pillarjs/send/actions/workflows/ci.yml
 [node-image]: https://badgen.net/npm/node/send
@@ -318,0 +318,0 @@ [node-url]: https://nodejs.org/en/download/

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

47956

increased by4.02%

Number of package files

6

increased by20%

Lines of code

837

increased by0.84%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• + Addeddepd@2.0.0(transitive)

• + Addeddestroy@1.2.0(transitive)

• + Addedhttp-errors@2.0.0(transitive)

• + Addedon-finished@2.4.1(transitive)

• + Addedstatuses@2.0.1(transitive)

• - Removeddepd@1.1.2(transitive)

• - Removeddestroy@1.0.4(transitive)

• - Removedhttp-errors@1.8.1(transitive)

• - Removedon-finished@2.3.0(transitive)

• - Removedstatuses@1.5.0(transitive)

• Updateddestroy@1.2.0

• Updatedhttp-errors@2.0.0

• Updatedon-finished@2.4.1

• Updatedstatuses@2.0.1