useragent - npm Package Compare versions

Comparing version 2.1.11 to 2.1.12

index.js

@@ -409,2 +409,30 @@ 'use strict';
 /**
+ * Check if the userAgent is something we want to parse with regexp's.
+ *
+ * @param {String} userAgent The userAgent.
+ * @returns {Boolean}
+ */
+function isSafe(userAgent) {
+  var consecutive = 0
+    , code = 0;
+
+  for (var i = 0; i < userAgent.length; i++) {
+    code = userAgent.charCodeAt(i);
+    // numbers between 0 and 9
+    if (code >= 48 && code <= 57) {
+      consecutive++;
+    } else {
+      consecutive = 0;
+    }
+
+    if (consecutive >= 100) {
+      return false;
+    }
+  }
+
+  return true
+}
+
+
+/**
  * Parses the user agent string with the generated parsers from the
@@ -419,3 +447,3 @@ * ua-parser project on google code.
 exports.parse = function parse(userAgent, jsAgent) {
-  if (!userAgent) return new Agent();
+  if (!userAgent || !isSafe(userAgent)) return new Agent();
 
@@ -422,0 +450,0 @@ var length = agentparserslength

lib/update.js

@@ -8,3 +8,4 @@ 'use strict';
   , fs = require('fs')
-  , vm = require('vm');
+  , vm = require('vm')
+  , tmp = require('tmp');
 
@@ -41,9 +42,18 @@ /**
 
-          if (source && !err) {
-            fs.writeFile(exports.output, source, function idk(err) {
-              if (err) {
-                console.error('Failed to save the generated file due to reasons', err);
-              }
+          if (!source || err) return;
+
+          //
+          // Save to a tmp file to avoid potential concurrency issues.
+          //
+          tmp.file(function (err, tempFilePath) {
+            if (err) return;
+
+            fs.writeFile(tempFilePath, source, function idk(err) {
+              if (err) return
+
+              fs.rename(tempFilePath, exports.output, function(err) {
+
+              });
             });
-          }
+          });
         });
@@ -50,0 +60,0 @@ });

package.json

 {
   "name": "useragent",
-  "version": "2.1.11",
+  "version": "2.1.12",
   "description": "Fastest, most accurate & effecient user agent string parser, uses Browserscope's research for parsing",
@@ -47,3 +47,6 @@ "author": "Arnout Kazemier",
   },
-  "pre-commit": ["test", "update"],
+  "pre-commit": [
+    "test",
+    "update"
+  ],
   "scripts": {
@@ -56,4 +59,5 @@ "test": "mocha $(find test -name '*.test.js')",
   "dependencies": {
-    "lru-cache": "2.2.x"
+    "lru-cache": "2.2.x",
+    "tmp": "0.0.x"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

227440

increased by0.51%

Lines of code

7124

increased by0.61%

Worsened metrics

Dependency count

2

increased by100%

Dependency changes

• + Addedtmp@0.0.x

• + Addedos-tmpdir@1.0.2(transitive)

• + Addedtmp@0.0.33(transitive)