Comparing version 8.7.0 to 8.8.0
@@ -102,26 +102,27 @@ 'use strict'; | ||
try { | ||
const bufferUtil = require('bufferutil'); | ||
module.exports = { | ||
concat, | ||
mask: _mask, | ||
toArrayBuffer, | ||
toBuffer, | ||
unmask: _unmask | ||
}; | ||
module.exports = { | ||
concat, | ||
mask(source, mask, output, offset, length) { | ||
/* istanbul ignore else */ | ||
if (!process.env.WS_NO_BUFFER_UTIL) { | ||
try { | ||
const bufferUtil = require('bufferutil'); | ||
module.exports.mask = function (source, mask, output, offset, length) { | ||
if (length < 48) _mask(source, mask, output, offset, length); | ||
else bufferUtil.mask(source, mask, output, offset, length); | ||
}, | ||
toArrayBuffer, | ||
toBuffer, | ||
unmask(buffer, mask) { | ||
}; | ||
module.exports.unmask = function (buffer, mask) { | ||
if (buffer.length < 32) _unmask(buffer, mask); | ||
else bufferUtil.unmask(buffer, mask); | ||
} | ||
}; | ||
} catch (e) /* istanbul ignore next */ { | ||
module.exports = { | ||
concat, | ||
mask: _mask, | ||
toArrayBuffer, | ||
toBuffer, | ||
unmask: _unmask | ||
}; | ||
}; | ||
} catch (e) { | ||
// Continue regardless of the error. | ||
} | ||
} |
@@ -108,18 +108,19 @@ 'use strict'; | ||
try { | ||
const isValidUTF8 = require('utf-8-validate'); | ||
module.exports = { | ||
isValidStatusCode, | ||
isValidUTF8: _isValidUTF8, | ||
tokenChars | ||
}; | ||
module.exports = { | ||
isValidStatusCode, | ||
isValidUTF8(buf) { | ||
/* istanbul ignore else */ | ||
if (!process.env.WS_NO_UTF_8_VALIDATE) { | ||
try { | ||
const isValidUTF8 = require('utf-8-validate'); | ||
module.exports.isValidUTF8 = function (buf) { | ||
return buf.length < 150 ? _isValidUTF8(buf) : isValidUTF8(buf); | ||
}, | ||
tokenChars | ||
}; | ||
} catch (e) /* istanbul ignore next */ { | ||
module.exports = { | ||
isValidStatusCode, | ||
isValidUTF8: _isValidUTF8, | ||
tokenChars | ||
}; | ||
}; | ||
} catch (e) { | ||
// Continue regardless of the error. | ||
} | ||
} |
{ | ||
"name": "ws", | ||
"version": "8.7.0", | ||
"version": "8.8.0", | ||
"description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -71,2 +71,9 @@ # ws: a Node.js WebSocket library | ||
To not even try to require and use these modules, use the | ||
[`WS_NO_BUFFER_UTIL`](./doc/ws.md#ws_no_buffer_util) and | ||
[`WS_NO_UTF_8_VALIDATE`](./doc/ws.md#ws_no_utf_8_validate) environment | ||
variables. These might be useful to enhance security in systems where a user can | ||
put a package in the package search path of an application of another user, due | ||
to how the Node.js resolver algorithm works. | ||
## API docs | ||
@@ -489,3 +496,2 @@ | ||
[socks-proxy-agent]: https://github.com/TooTallNate/node-socks-proxy-agent | ||
[ws-server-options]: | ||
https://github.com/websockets/ws/blob/master/doc/ws.md#new-websocketserveroptions-callback | ||
[ws-server-options]: ./doc/ws.md#new-websocketserveroptions-callback |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
134267
496
3888
2