stellar-sdk - npm Package Compare versions

Comparing version 0.7.3 to 0.7.4

docs/reference/readme.md

 ---
 title: Overview
 ---
-The JavaScript Stellar SDK facilitates client integration
-with the [Stellar Horizon API server](https://github.com/stellar/horizon) and submission of Stellar transactions. It has two main uses: [querying Horizon](#querying-horizon) and [building, signing, and submitting transactions to the Stellar network](#building-transactions).
+The JavaScript Stellar SDK facilitates integration with the [Stellar Horizon API server](https://github.com/stellar/horizon) and submission of Stellar transactions, either on Node.js or in the browser. It has two main uses: [querying Horizon](#querying-horizon) and [building, signing, and submitting transactions to the Stellar network](#building-transactions).
 
@@ -7,0 +6,0 @@ [Building and installing js-stellar-sdk](https://github.com/stellar/js-stellar-sdk)<br>

gulpfile.js

@@ -104,2 +104,3 @@ 'use strict';
 
+
 gulp.task('test:browser', ["build:browser"], function (done) {
@@ -106,0 +107,0 @@ var Server = require('karma').Server;

lib/call_builder.js

@@ -42,2 +42,3 @@ "use strict";
     this.filter = [];
+    this.originalSegments = this.url.segment() || [];
   }
@@ -56,4 +57,7 @@
         }
+
         if (this.filter.length === 1) {
-          this.url.segment(this.filter[0]);
+          //append filters to original segments
+          var newSegment = this.originalSegments.concat(this.filter[0]);
+          this.url.segment(newSegment);
         }
@@ -60,0 +64,0 @@ }

lib/federation_server.js

@@ -34,2 +34,7 @@ "use strict";
 
+// FEDERATION_RESPONSE_MAX_SIZE is the maximum size of response from a federation server
+var FEDERATION_RESPONSE_MAX_SIZE = 100 * 1024;
+
+exports.FEDERATION_RESPONSE_MAX_SIZE = FEDERATION_RESPONSE_MAX_SIZE;
+
 var FederationServer = exports.FederationServer = (function () {
@@ -117,3 +122,6 @@ /**
       value: function _sendRequest(url) {
-        return axios.get(url.toString()).then(function (response) {
+        return axios.get(url.toString(), { maxContentLength: FEDERATION_RESPONSE_MAX_SIZE }).then(function (response) {
+          if (typeof response.data.memo != "undefined" && typeof response.data.memo != "string") {
+            throw new Error("memo value should be of type string");
+          }
           return response.data;
@@ -120,0 +128,0 @@ })["catch"](function (response) {

lib/index.js

@@ -18,5 +18,13 @@ "use strict";
 exports.Server = require("./server").Server;
-exports.FederationServer = require("./federation_server").FederationServer;
-exports.StellarTomlResolver = require("./stellar_toml_resolver").StellarTomlResolver;
 
+var _federation_server = require("./federation_server");
+
+exports.FederationServer = _federation_server.FederationServer;
+exports.FEDERATION_RESPONSE_MAX_SIZE = _federation_server.FEDERATION_RESPONSE_MAX_SIZE;
+
+var _stellar_toml_resolver = require("./stellar_toml_resolver");
+
+exports.StellarTomlResolver = _stellar_toml_resolver.StellarTomlResolver;
+exports.STELLAR_TOML_MAX_SIZE = _stellar_toml_resolver.STELLAR_TOML_MAX_SIZE;
+
 // expose classes and functions from stellar-base
@@ -23,0 +31,0 @@

lib/server.js

@@ -97,3 +97,3 @@ "use strict";
                 var tx = encodeURIComponent(transaction.toEnvelope().toXDR().toString("base64"));
-                var promise = axios.post(URI(this.serverURL).path("transactions").toString(), "tx=" + tx, { timeout: SUBMIT_TRANSACTION_TIMEOUT }).then(function (response) {
+                var promise = axios.post(URI(this.serverURL).segment("transactions").toString(), "tx=" + tx, { timeout: SUBMIT_TRANSACTION_TIMEOUT }).then(function (response) {
                     return response.data;
@@ -149,3 +149,3 @@ })["catch"](function (response) {
              * ```
-             * server.offers('accounts', accountId)
+             * server.offers('accounts', accountId).call()
              *  .then(function(offers) {
@@ -152,0 +152,0 @@ *    console.log(offers);

lib/stellar_toml_resolver.js

@@ -21,2 +21,6 @@ "use strict";
 
+// STELLAR_TOML_MAX_SIZE is the maximum size of stellar.toml file
+var STELLAR_TOML_MAX_SIZE = 5 * 1024;
+
+exports.STELLAR_TOML_MAX_SIZE = STELLAR_TOML_MAX_SIZE;
 /**
@@ -64,3 +68,3 @@ * StellarTomlResolver allows resolving `stellar.toml` files.
                 }
-                return axios.get("" + protocol + "://" + domain + "/.well-known/stellar.toml").then(function (response) {
+                return axios.get("" + protocol + "://" + domain + "/.well-known/stellar.toml", { maxContentLength: STELLAR_TOML_MAX_SIZE }).then(function (response) {
                     try {
@@ -67,0 +71,0 @@ var tomlObject = toml.parse(response.data);

package.json

 {
   "name": "stellar-sdk",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "description": "stellar-sdk is a library for working with the Stellar Horizon server.",
   "main": "lib/index.js",
   "scripts": {
-    "test": "babel-node ./node_modules/gulp/bin/gulp.js test:node",
-    "docs": "./node_modules/.bin/jsdoc ./src/ -d docs/ -r ./docs/readme.md",
+    "test": "babel-node ./node_modules/.bin/gulp test",
+    "docs": "jsdoc ./src/ -d docs/ -r ./docs/readme.md",
     "preversion": "gulp test",
@@ -57,2 +57,3 @@ "version": "gulp build",
     "istanbul": "~0.3.2",
+    "jsdoc": "^3.4.1",
     "jshint-stylish": "^1.0.1",
@@ -66,3 +67,3 @@ "karma": "^0.13.2",
     "karma-phantomjs-launcher": "^0.1.4",
-    "karma-sauce-launcher": "^0.2.14",
+    "karma-sauce-launcher": "^1.1.0",
     "karma-sinon": "^1.0.4",
@@ -86,7 +87,6 @@ "karma-sinon-chai": "^0.3.0",
     "eventsource": "^0.2.1",
-    "jsdoc": "^3.4.1",
     "lodash": "^4.0.1",
-    "stellar-base": "^0.7.4",
+    "stellar-base": "^0.7.5",
     "toml": "^2.3.0"
   }
 }

README.md

@@ -8,3 +8,3 @@ # js-stellar-sdk
 
-js-stellar-sdk is a client-side Stellar Javascript library for communicating with a [Stellar Horizon server](https://github.com/stellar/horizon). It is used for building Stellar apps either on Node.js or in the browser.
+js-stellar-sdk is a Javascript library for communicating with a [Stellar Horizon server](https://github.com/stellar/horizon). It is used for building Stellar apps either on Node.js or in the browser.
 
@@ -11,0 +11,0 @@ It provides:

src/call_builder.js

@@ -22,2 +22,3 @@ import {NotFoundError, NetworkError, BadRequestError} from "./errors";
     this.filter = [];
+    this.originalSegments = this.url.segment() || [];
   }
@@ -31,5 +32,8 @@
       throw new BadRequestError("Too many filters specified", this.filter);
-    } 
+    }
+
     if (this.filter.length === 1) {
-      this.url.segment(this.filter[0]);
+      //append filters to original segments
+      let newSegment = this.originalSegments.concat(this.filter[0]);
+      this.url.segment(newSegment);
     }        
@@ -36,0 +40,0 @@ }

src/federation_server.js

@@ -10,2 +10,5 @@ import axios from 'axios';
 
+// FEDERATION_RESPONSE_MAX_SIZE is the maximum size of response from a federation server
+export const FEDERATION_RESPONSE_MAX_SIZE = 100 * 1024;
+
 export class FederationServer {
@@ -161,5 +164,10 @@ /**
   _sendRequest(url) {
-    return axios.get(url.toString())
-      .then(response => response.data)
-      .catch(function (response) {
+    return axios.get(url.toString(), {maxContentLength: FEDERATION_RESPONSE_MAX_SIZE})
+      .then(response => {
+        if (typeof response.data.memo != "undefined" && typeof response.data.memo != 'string') {
+          throw new Error("memo value should be of type string");
+        }
+        return response.data;
+      })
+      .catch(response => {
         if (response instanceof Error) {
@@ -166,0 +174,0 @@ return Promise.reject(response);

src/index.js

@@ -7,4 +7,4 @@ require('es6-promise').polyfill();
 export {Server} from "./server";
-export {FederationServer} from "./federation_server";
-export {StellarTomlResolver} from "./stellar_toml_resolver";
+export {FederationServer, FEDERATION_RESPONSE_MAX_SIZE} from "./federation_server";
+export {StellarTomlResolver, STELLAR_TOML_MAX_SIZE} from "./stellar_toml_resolver";
 
@@ -11,0 +11,0 @@ // expose classes and functions from stellar-base

src/server.js

@@ -56,3 +56,3 @@ import {NotFoundError, NetworkError, BadRequestError} from "./errors";
         var promise = axios.post(
-              URI(this.serverURL).path('transactions').toString(),
+              URI(this.serverURL).segment('transactions').toString(),
               `tx=${tx}`,
@@ -102,3 +102,3 @@ {timeout: SUBMIT_TRANSACTION_TIMEOUT}
      * ```
-     * server.offers('accounts', accountId)
+     * server.offers('accounts', accountId).call()
      *  .then(function(offers) {
@@ -105,0 +105,0 @@ *    console.log(offers);

src/stellar_toml_resolver.js

@@ -6,2 +6,5 @@ import axios from 'axios';
 
+// STELLAR_TOML_MAX_SIZE is the maximum size of stellar.toml file
+export const STELLAR_TOML_MAX_SIZE = 5 * 1024;
+
 /**
@@ -39,3 +42,3 @@ * StellarTomlResolver allows resolving `stellar.toml` files.
     }
-    return axios.get(`${protocol}://${domain}/.well-known/stellar.toml`)
+    return axios.get(`${protocol}://${domain}/.well-known/stellar.toml`, {maxContentLength: STELLAR_TOML_MAX_SIZE})
       .then(response => {
@@ -42,0 +45,0 @@ try {

test/unit/federation_server_test.js

@@ -0,1 +1,3 @@
+import http from "http";
+
 describe("federation-server.js tests", function () {
@@ -177,3 +179,3 @@ beforeEach(function () {
             memo_type: 'id',
-            memo: 100
+            memo: '100'
           }
@@ -187,3 +189,3 @@ }));
           memo_type: 'id',
-          memo: 100
+          memo: '100'
         })
@@ -196,3 +198,37 @@ .notify(done);
     });
+
+    it("fails when memo is not string", function (done) {
+      this.axiosMock.expects('get')
+        .withArgs(sinon.match('https://acme.com:1337/federation?type=name&q=bob%2Astellar.org'))
+        .returns(Promise.resolve({
+          data: {
+            stellar_address: 'bob*stellar.org',
+            account_id: 'GB5XVAABEQMY63WTHDQ5RXADGYF345VWMNPTN2GFUDZT57D57ZQTJ7PS',
+            memo_type: 'id',
+            memo: 100
+          }
+        }));
+
+      this.server.resolveAddress('bob*stellar.org')
+        .should.be.rejectedWith(/memo value should be of type string/).notify(done);
+    });
+
+    it("fails when response exceeds the limit", function (done) {
+      // Unable to create temp server in a browser
+      if (typeof window != 'undefined') {
+        return done();
+      }
+      var response = Array(StellarSdk.FEDERATION_RESPONSE_MAX_SIZE+10).join('a');
+      let tempServer = http.createServer((req, res) => {
+        res.setHeader('Content-Type', 'application/json; charset=UTF-8');
+        res.end(response);
+      }).listen(4444, () => {
+        new StellarSdk.FederationServer('http://localhost:4444/federation', 'stellar.org', {allowHttp: true})
+          .resolveAddress('bob*stellar.org')
+          .should.be.rejectedWith(/maxContentLength size of [0-9]+ exceeded/)
+          .notify(done)
+          .then(() => tempServer.close());
+      });
+    });
   });
 });

test/unit/stellar_toml_resolver_test.js

@@ -0,1 +1,3 @@
+import http from "http";
+
 describe("stellar_toml_resolver.js tests", function () {
@@ -90,3 +92,20 @@ beforeEach(function () {
     });
+
+    it("fails when response exceeds the limit", function (done) {
+      // Unable to create temp server in a browser
+      if (typeof window != 'undefined') {
+        return done();
+      }
+      var response = Array(StellarSdk.STELLAR_TOML_MAX_SIZE+10).join('a');
+      let tempServer = http.createServer((req, res) => {
+        res.setHeader('Content-Type', 'text/x-toml; charset=UTF-8');
+        res.end(response);
+      }).listen(4444, () => {
+        StellarSdk.StellarTomlResolver.resolve("localhost:4444", {allowHttp: true})
+          .should.be.rejectedWith(/maxContentLength size of [0-9]+ exceeded/)
+          .notify(done)
+          .then(() => tempServer.close());
+      });
+    });
   });
 });

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Improved metrics

Dependency count

9

decreased by-10%

Worsened metrics

Total package byte prevSize

3343065

decreased by-1.39%

Dev dependency count

47

increased by2.17%

Lines of code

64347

decreased by-2.17%

Number of medium supply chain risk alerts

3

increased by200%

Dependency changes

• - Removedjsdoc@^3.4.1

• - Removed@babel/helper-string-parser@7.25.9(transitive)

• - Removed@babel/helper-validator-identifier@7.25.9(transitive)

• - Removed@babel/parser@7.26.9(transitive)

• - Removed@babel/types@7.26.9(transitive)

• - Removed@types/linkify-it@5.0.0(transitive)

• - Removed@types/markdown-it@12.2.3(transitive)

• - Removed@types/mdurl@2.0.0(transitive)

• - Removedargparse@2.0.1(transitive)

• - Removedcatharsis@0.9.0(transitive)

• - Removedentities@2.1.0(transitive)

• - Removedescape-string-regexp@2.0.0(transitive)

• - Removedgraceful-fs@4.2.11(transitive)

• - Removedjs2xmlparser@4.0.2(transitive)

• - Removedjsdoc@3.6.11(transitive)

• - Removedklaw@3.0.0(transitive)

• - Removedlinkify-it@3.0.3(transitive)

• - Removedmarkdown-it@12.3.2(transitive)

• - Removedmarkdown-it-anchor@8.6.7(transitive)

• - Removedmarked@4.3.0(transitive)

• - Removedmdurl@1.0.1(transitive)

• - Removedmkdirp@1.0.4(transitive)

• - Removedrequizzle@0.2.4(transitive)

• - Removedstrip-json-comments@3.1.1(transitive)

• - Removedtaffydb@2.6.2(transitive)

• - Removeduc.micro@1.0.6(transitive)

• - Removedunderscore@1.13.7(transitive)

• - Removedxmlcreate@2.0.4(transitive)

• Updatedstellar-base@^0.7.5