New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
streampng - npm Package Compare versions
Comparing version 0.1.2 to 0.1.4
@@ -31,3 +31,3 @@ var BitReader = require('bitreader'); | ||
| var Constructor = Chunk[type] || Chunk.Unknown; | ||
| var chunk = new Constructor(rawData, this.header); | ||
| var chunk = new Constructor(rawData, this.header, type); | ||
@@ -41,3 +41,4 @@ // #TODO: check data against CRC. | ||
| Chunk.Unknown = function (data, header) { | ||
| Chunk.Unknown = function (data, header, type) { | ||
| this.type = type; | ||
| this.data = data; | ||
@@ -44,0 +45,0 @@ this.header = header; |
@@ -5,3 +5,3 @@ { | ||
| "description": "Streaming PNG encoder/decoder, compatible with latest PNG extensions (PNGEXT 1.4.0)", | ||
| "version": "0.1.2", | ||
| "version": "0.1.4", | ||
| "homepage": "https://github.com/brianloveswords/streampng", | ||
@@ -19,4 +19,4 @@ "repository": { | ||
| "buffer-equal": "~0.0.0", | ||
| "errs": "git://github.com/brianloveswords/errs.git#d1756bbf93706ab6a56334e59f7b3e39b31730bb", | ||
| "bitwriter": "~0.0.4", | ||
| "errs": "~0.2.4", | ||
| "bitwriter": "~0.0.5", | ||
| "bitreader": "~0.0.1" | ||
@@ -23,0 +23,0 @@ }, |
@@ -7,6 +7,8 @@ var fs = require('fs'); | ||
| var FILENAME = __dirname + '/pngs/tEXt-iTXt.png'; | ||
| var BAD_CHUNK_FILENAME = __dirname + '/pngs/unknown-chunk.png'; | ||
| var SAMPLE_BUFFER = fs.readFileSync(FILENAME); | ||
| function newStream(opts) { | ||
| opts = opts || {} | ||
| return fs.createReadStream(FILENAME, opts); | ||
| var file = opts.file || FILENAME; | ||
| return fs.createReadStream(file, opts); | ||
| } | ||
@@ -101,2 +103,14 @@ | ||
| test('reading a file with unknown chunks', function (t) { | ||
| var filestream = newStream({ file: BAD_CHUNK_FILENAME }); | ||
| var png = new StreamPng(filestream); | ||
| png.once('end', function (chunks) { | ||
| t.same(chunks.filter(function (chunk) { | ||
| return chunk.type == 'roFL'; | ||
| }).length, 1); | ||
| t.end(); | ||
| }); | ||
| }); | ||
| test('writing out', function (t) { | ||
@@ -103,0 +117,0 @@ var png = StreamPng(newStream()); |
Fixed alerts
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.16%
1024045
- Number of package files
- increased by0.3%
339
- Lines of code
- increased by0.53%
2471
- Number of high supply chain risk alerts
- decreased by-100%
0
Dependency changes
Updatedbitwriter@~0.0.5
Updatederrs@~0.2.4