sri-toolbox - npm Package Compare versions

Comparing version 0.1.3 to 0.2.0

generate.js

@@ -15,3 +15,2 @@ /*
             delimiter: options.delimiter || " ",
-            type: options.type,
             full: options.full || false
@@ -30,16 +29,6 @@ };
             .createHash(algorithm)
-            .update(data)
+            .update(data, 'utf8')
             .digest("base64");
     },
 
-    // Format content-type
-    type = function (options) {
-        if (!options.type) {
-            return undefined;
-        }
-
-        // Cut string at whitespace, then remove any non-whitelisted chars.
-        return options.type.replace(/(\s.*)|[^\w\/\!\#\$\&\-\^\+\.]/g, "");
-    },
-
     // Generate list of hashes
@@ -58,5 +47,2 @@ hashes = function (options, data) {
 
-        // Content-type
-        output += (sri.type) ? "type:" + sri.type + options.delimiter : "";
-
         // Hash list
@@ -76,3 +62,2 @@ output += Object.keys(sri.hashes).map(function (algorithm) {
             hashes: hashes(options, data),
-            type: type(options),
             integrity: undefined
@@ -79,0 +64,0 @@ };

package.json

 {
   "name": "sri-toolbox",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "Subresource Integrity tools",
@@ -5,0 +5,0 @@ "author": {

README.md

@@ -21,6 +21,5 @@ # sri-toolbox [![Build Status](https://travis-ci.org/neftaly/npm-sri-toolbox.svg?branch=master)](https://travis-ci.org/neftaly/npm-sri-toolbox) [![Coverage Status](https://coveralls.io/repos/neftaly/npm-sri-toolbox/badge.svg?branch=master)](https://coveralls.io/r/neftaly/npm-sri-toolbox?branch=master)
 var integrity = sriToolbox.generate({
-    type: "application/javascript",
-    algorithms: ["sha256"],
+    algorithms: ["sha256"]
 }, jquerySourceCode);
-//=> "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
+//=> "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
 ```
@@ -31,4 +30,3 @@
 var integrityObject = sriToolbox.generate({
-    full: true,
-    type: "application/javascript; charset: utf8"
+    full: true
 }, jquerySourceCode);
@@ -42,4 +40,3 @@ //=> object
     },
-    "type": "application/javascript",
-    "integrity": "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
+    "integrity": "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
 }
@@ -65,6 +62,3 @@ ```
 
-* string **type** *= ""*  
-    Content-type of file
-
 * boolean **full** *= false*  
     Return a string if false, object if true. See example.

test/tests.js

@@ -20,9 +20,16 @@ "use strict";
 
+    it("Unicode chars", function () {
+        var options = {};
+        var unicodeSourceCode = "console.log('I ♡ WebAppSec!');\n";
+        var expect = "sha256-TH5eRuwfOSKZE0EKVF4WZ6gVQ/zUch4CZE2knqpS4MU=";
+        var result = sriToolbox.generate(options, unicodeSourceCode);
+        assert.equal(expect, result);
+    });
+
     it("Custom", function () {
         var options = {
-            type: "application/javascript",
             algorithms: ["sha512"],
             delimiter: "  "
         };
-        var expect = "type:application/javascript  sha512-OqaFaP8lkurUEqDH9cOavDesVi8At8Fq8HzV7/iBqtznfscQQLNsCtnC0qpO3XdE+nKw9Ey4tIXU8oOxtJwhQQ==";
+        var expect = "sha512-OqaFaP8lkurUEqDH9cOavDesVi8At8Fq8HzV7/iBqtznfscQQLNsCtnC0qpO3XdE+nKw9Ey4tIXU8oOxtJwhQQ==";
         var result = sriToolbox.generate(options, sourceCode);
@@ -34,4 +41,3 @@ assert.equal(expect, result);
         var options = {
-            full: true,
-            type: "application/javascript; charset: utf8"
+            full: true
         };
@@ -42,4 +48,3 @@ var expect = {
             },
-            type: "application/javascript",
-            integrity: "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
+            integrity: "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
         };
@@ -50,20 +55,2 @@ var result = sriToolbox.generate(options, sourceCode);
 
-    it("Malformed type", function () {
-        var options = {
-            type: "application/javascr\"ipt; IGNORE THIS ",
-        };
-        var expect = "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=";
-        var result = sriToolbox.generate(options, sourceCode);
-        assert.equal(expect, result);
-    });
-
-    it("RFC-6838 chars", function () {
-        var options = {
-            type: "text/aA!#$&-^_+.",
-        };
-        var expect = "type:text/aA!#$&-^_+. sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=";
-        var result = sriToolbox.generate(options, sourceCode);
-        assert.equal(expect, result);
-    });
-
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

99901

decreased by-1.21%

Lines of code

104

decreased by-18.75%

Number of lines in readme file

61

decreased by-8.96%

No dependency changes