ssh-tun - npm Package Compare versions

Comparing version 1.5.0 to 1.6.0

index.js

@@ -26,2 +26,4 @@ 'use strict';
      * @param {number} [opts.connectTimeout=10000] ssh connect timeout
+     * @param {boolean} [opts.strictHostKeyChecking=true] verify host authenticity
+     * @param {string} [opts.identity] private key for public key authentication
      */
@@ -42,2 +44,4 @@ __constructor: function (opts) {
         this._closeDeferred = q.defer();
+        this._strictHostKeyChecking = opts.strictHostKeyChecking === undefined ? true : opts.strictHostKeyChecking;
+        this._identity = opts.identity;
     },
@@ -129,5 +133,7 @@
             '-v',
+            this._strictHostKeyChecking === false ? '-o StrictHostKeyChecking=no' : '',
+            this._identity ? util.format('-i %s', this._identity) : '',
             util.format('-p %d', this._sshPort),
             (this.user ? this.user + '@' : '') + this.host
-        ];
+        ].filter(Boolean);
     },
@@ -134,0 +140,0 @@

package.json

 {
   "name": "ssh-tun",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "Module for establishing ssh tunnel",
@@ -5,0 +5,0 @@ "keywords": [

test/index.js

@@ -121,2 +121,26 @@ var Tunnel = require('../'),
 
+                it('should spawn tunnel with StrictHostKeyChecking=no if host verification is disabled', function () {
+                    tunnel = createTunnel({
+                        strictHostKeyChecking: false
+                    });
+
+                    tunnel.open();
+
+                    var sshArgs = childProcess.spawn.lastCall.args[1];
+
+                    expect(sshArgs).to.contain('-o StrictHostKeyChecking=no');
+                });
+
+                it('should spawn tunnel with provided identity file disabled', function () {
+                    tunnel = createTunnel({
+                        identity: '~/.ssh/id_rsa_alt'
+                    });
+
+                    tunnel.open();
+
+                    var sshArgs = childProcess.spawn.lastCall.args[1];
+
+                    expect(sshArgs).to.contain('-i ~/.ssh/id_rsa_alt');
+                });
+
                 it('should resolve promise if tunnel successfully created', function () {
@@ -123,0 +147,0 @@ tunnel = createTunnel();

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20478

increased by7.12%

Lines of code

403

increased by5.77%

Number of medium supply chain risk alerts

2

decreased by-33.33%

No dependency changes