ssh-tun - npm Package Compare versions

Comparing version 2.0.6 to 2.1.0

index.js

@@ -32,2 +32,3 @@ 'use strict';
      * @param {number} [opts.inactivityTimeout] inactivity timeout (including keep-alive pings, may degrade performance)
+     * @param {number} [opts.enableDeprecatedSshRsa] add deprecated ssh-rsa to the key algorithms list
      */
@@ -52,2 +53,3 @@ __constructor: function (opts) {
         this._identity = opts.identity;
+        this._enableDeprecatedSshRsa = opts.enableDeprecatedSshRsa;
 
@@ -173,2 +175,3 @@ this._activityWatcher = opts.inactivityTimeout > 0 ?
             this._strictHostKeyChecking === false ? '-o StrictHostKeyChecking=no' : '',
+            this._enableDeprecatedSshRsa && '-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa',
             this._compression !== undefined ?
@@ -175,0 +178,0 @@ util.format('-o Compression=%s', this._compression ? 'yes' : 'no')

package.json

 {
   "name": "ssh-tun",
-  "version": "2.0.6",
+  "version": "2.1.0",
   "description": "Module for establishing ssh tunnel",
@@ -5,0 +5,0 @@ "keywords": [

test/index.js

@@ -189,2 +189,22 @@ var Tunnel = require('../'),
 
+                it('should spawn tunnel without deprecated ssh-rsa key algorithms by default', function () {
+                    tunnel = createTunnel();
+
+                    tunnel.open();
+
+                    var sshArgs = childProcess.spawn.lastCall.args[1];
+
+                    expect(sshArgs).to.not.contain('-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa');
+                });
+
+                it('should spawn tunnel with ssh-rsa if enableDeprecatedSshRsa option was passed', function () {
+                    tunnel = createTunnel({ enableDeprecatedSshRsa: true });
+
+                    tunnel.open();
+
+                    var sshArgs = childProcess.spawn.lastCall.args[1];
+
+                    expect(sshArgs).to.contain('-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa');
+                });
+
                 it('should reject tunnel opening if failed to create tunnel', function () {
@@ -191,0 +211,0 @@ tunnel = createTunnel();

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25884

increased by4.54%

Lines of code

530

increased by2.91%

Worsened metrics

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes