yml - npm Package Compare versions

Comparing version 0.0.5 to 1.0.0

build/main.js

 (function() {
-  var YamlLoader, _, extend, fs, ursa, yaml;
+  var YamlLoader, _, crypto, extend, fs, rsa, yaml;
 
-  ursa = require('ursa');
+  crypto = require('crypto');
 
@@ -14,2 +14,17 @@ fs = require('fs');
 
+  rsa = {
+    decrypt: function(str, private_key) {
+      var buffer, decrypted;
+      buffer = new Buffer(str, 'base64');
+      decrypted = crypto.privateDecrypt(private_key, buffer);
+      return decrypted.toString('utf8');
+    },
+    encrypt: function(str, public_key) {
+      var buffer, encrypted;
+      buffer = new Buffer(str);
+      encrypted = crypto.publicEncrypt(public_key, buffer);
+      return encrypted.toString('base64');
+    }
+  };
+
   YamlLoader = (function() {
@@ -23,3 +38,3 @@ function YamlLoader(path1, options1) {
       if (this.options.key != null) {
-        this.key_file = ursa.createPrivateKey(fs.readFileSync(this.options.key));
+        this.key_file = fs.readFileSync(this.options.key);
       }
@@ -59,3 +74,3 @@ this.env = this.options.env || process.env.NODE_ENV || 'development';
           matches = /decrypt\((.+)\)/.exec(obj);
-          return this.key_file.decrypt(matches[1], 'base64', 'utf8');
+          return rsa.decrypt(matches[1], this.key_file);
         } else {
@@ -88,5 +103,3 @@ return obj;
     encrypt: function(phrase, public_key) {
-      var crt;
-      crt = ursa.createPublicKey(fs.readFileSync(public_key));
-      return crt.encrypt(phrase, 'utf8', 'base64');
+      return rsa.encrypt(phrase, fs.readFileSync(public_key));
     }
@@ -93,0 +106,0 @@ };

package.json

 {
   "name": "yml",
-  "version": "0.0.5",
+  "version": "1.0.0",
   "description": "Read Yaml files based on NODE_ENV or passed env + support for encryption",
   "main": "build/main",
   "dependencies": {
-    "js-yaml": "^3.3.0",
-    "lodash": "^3.2.0",
-    "node.extend": "^1.1.3",
-    "ursa": "^0.9.1"
+    "js-yaml": "^3.9.0",
+    "lodash": "^4.17.4",
+    "node.extend": "^2.0.0"
   },
@@ -12,0 +11,0 @@ "repository": {

New alerts

AI-detected possible typosquat

Supply chain risk

AI has identified this package as a potential typosquat of a more popular package. This suggests that the package may be intentionally mimicking another package's name, description, or other metadata.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10840

3.86%

Dependency count

3

-25%

Lines of code

95

14.46%

Number of low quality alerts

1

-50%

Worsened metrics

Number of medium supply chain risk alerts

2

Infinity%

Dependency changes

• + Added

  function-bind@1.1.2
  (transitive)

• + Added

  hasown@2.0.2
  (transitive)

• + Added

  lodash@4.17.21
  (transitive)

• + Added

  node.extend@2.0.3
  (transitive)

• - Removed

  ursa@^0.9.1

• - Removed

  bindings@1.5.0
  (transitive)

• - Removed

  file-uri-to-path@1.0.0
  (transitive)

• - Removed

  has@1.0.4
  (transitive)

• - Removed

  lodash@3.10.1
  (transitive)

• - Removed

  nan@2.23.0
  (transitive)

• - Removed

  node.extend@1.1.8
  (transitive)

• - Removed

  ursa@0.9.4
  (transitive)

• Updated

  js-yaml@^3.9.0

• Updated

  lodash@^4.17.4

• Updated

  node.extend@^2.0.0