xml-crypto - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

lib/signed-xml.js

@@ -214,6 +214,7 @@ var xpath = require('xpath')
  * @param {string} docSubsetXpath - xpath query to get document subset being canonicalized
+ * @param {object} namespaceResolver - xpath namespace resolver
  * @returns {Array} i.e. [{prefix: "saml", namespaceURI: "urn:oasis:names:tc:SAML:2.0:assertion"}]
  */
-function findAncestorNs(doc, docSubsetXpath){
-  var docSubset = xpath.select(docSubsetXpath, doc);
+function findAncestorNs(doc, docSubsetXpath, namespaceResolver){
+  var docSubset = xpath.selectWithResolver(docSubsetXpath, doc, namespaceResolver);
   
@@ -446,3 +447,3 @@ if(!Array.isArray(docSubset) || docSubset.length < 1){
   if(Array.isArray(ref.transforms)){  
-    ref.ancestorNamespaces = findAncestorNs(doc, ref.xpath)
+    ref.ancestorNamespaces = findAncestorNs(doc, ref.xpath, this.namespaceResolver)
   }
@@ -737,2 +738,9 @@
   var existingPrefixes = opts.existingPrefixes || {};
+
+  this.namespaceResolver = {
+    lookupNamespaceURI: function(prefix) {       
+      return existingPrefixes[prefix];
+    }
+  }
+
   // defaults to the root node
@@ -880,3 +888,3 @@ location.reference = location.reference || "/*";
     var ref = this.references[n]
-      , nodes = xpath.select(ref.xpath, doc)
+      , nodes = xpath.selectWithResolver(ref.xpath, doc, this.namespaceResolver)
 
@@ -883,0 +891,0 @@ if (nodes.length==0) {

package.json

 {
   "name": "xml-crypto",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Xml digital signature and encryption library for Node.js",
@@ -13,3 +13,3 @@ "engines": {
   "dependencies": {
-    "xmldom": "0.1.27",
+    "xmldom": "0.5.0",
     "xpath": "0.0.27"
@@ -16,0 +16,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

1

decreased by-50%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

74946

decreased by-3.44%

Number of package files

11

decreased by-21.43%

Lines of code

1366

decreased by-2.57%

Dependency changes

• + Addedxmldom@0.5.0(transitive)

• - Removedxmldom@0.1.27(transitive)

• Updatedxmldom@0.5.0