yauzl - npm Package Compare versions
Comparing version 2.8.0 to 2.9.0
@@ -212,3 +212,3 @@ var fs = require("fs"); | ||
| if (!self.lazyEntries) self.readEntry(); | ||
| if (!self.lazyEntries) self._readEntry(); | ||
| } | ||
@@ -232,2 +232,6 @@ ZipFile.prototype.close = function() { | ||
| ZipFile.prototype.readEntry = function() { | ||
| if (!this.lazyEntries) throw new Error("readEntry() called without lazyEntries:true"); | ||
| this._readEntry(); | ||
| }; | ||
| ZipFile.prototype._readEntry = function() { | ||
| var self = this; | ||
@@ -297,2 +301,3 @@ if (self.entryCount === self.entriesRead) { | ||
| console.log("central entry: " + entry.fileName); | ||
| // 46+n - Extra field | ||
@@ -420,3 +425,3 @@ var fileCommentStart = entry.fileNameLength + entry.extraFieldLength; | ||
| if (!self.lazyEntries) self.readEntry(); | ||
| if (!self.lazyEntries) self._readEntry(); | ||
| }); | ||
@@ -423,0 +428,0 @@ }); |
| { | ||
| "name": "yauzl", | ||
| "version": "2.8.0", | ||
| "version": "2.9.0", | ||
| "description": "yet another unzip library for node", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -37,2 +37,3 @@ # yauzl | ||
| // An entry's fileName implicitly requires its parent directories to exist. | ||
| zipfile.readEntry(); | ||
| } else { | ||
@@ -488,2 +489,23 @@ // file entry | ||
| Here is a way to create a spec-conformant .zip file using the `zip` command line program (Info-ZIP) | ||
| available in most unix-like environments, that is (nearly) impossible to parse correctly with a streaming parser: | ||
| ``` | ||
| $ echo -ne '\x50\x4b\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' > file.txt | ||
| $ zip -q0 - file.txt | cat > out.zip | ||
| ``` | ||
| This .zip file contains a single file entry that uses General Purpose Bit 3, | ||
| which means the Local File Header doesn't know the size of the file. | ||
| Any streaming parser that encounters this situation will either immediately fail, | ||
| or attempt to search for the Data Descriptor after the file's contents. | ||
| The file's contents is a sequence of 16-bytes crafted to exactly mimic a valid Data Descriptor for an empty file, | ||
| which will fool any parser that gets this far into thinking that the file is empty rather than containing 16-bytes. | ||
| What follows the file's real contents is the file's real Data Descriptor, | ||
| which will likely cause some kind of signature mismatch error for a streaming parser (if one hasn't occurred already). | ||
| By using General Purpose Bit 3 (and compression method 0), | ||
| it's possible to create arbitrarily ambiguous .zip files that | ||
| distract parsers with file contents that contain apparently valid .zip file metadata. | ||
| ### Limitted ZIP64 Support | ||
@@ -568,2 +590,4 @@ | ||
| * 2.9.0 | ||
| * Throw an exception if `readEntry()` is called without `lazyEntries:true`. Previously this caused undefined behavior. [issue #63](https://github.com/thejoshwolfe/yauzl/issues/63) | ||
| * 2.8.0 | ||
@@ -570,0 +594,0 @@ * Added option `validateEntrySizes`. [issue #53](https://github.com/thejoshwolfe/yauzl/issues/53) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.8%
62969
- Lines of code
- increased by0.69%
729
- Number of lines in readme file
- increased by3.95%
632