yml - npm Package Compare versions

Comparing version 0.0.5 to 1.0.0

build/main.js

 (function() {
-  var YamlLoader, _, extend, fs, ursa, yaml;
+  var YamlLoader, _, crypto, extend, fs, rsa, yaml;
 
-  ursa = require('ursa');
+  crypto = require('crypto');
 
@@ -14,2 +14,17 @@ fs = require('fs');
 
+  rsa = {
+    decrypt: function(str, private_key) {
+      var buffer, decrypted;
+      buffer = new Buffer(str, 'base64');
+      decrypted = crypto.privateDecrypt(private_key, buffer);
+      return decrypted.toString('utf8');
+    },
+    encrypt: function(str, public_key) {
+      var buffer, encrypted;
+      buffer = new Buffer(str);
+      encrypted = crypto.publicEncrypt(public_key, buffer);
+      return encrypted.toString('base64');
+    }
+  };
+
   YamlLoader = (function() {
@@ -23,3 +38,3 @@ function YamlLoader(path1, options1) {
       if (this.options.key != null) {
-        this.key_file = ursa.createPrivateKey(fs.readFileSync(this.options.key));
+        this.key_file = fs.readFileSync(this.options.key);
       }
@@ -59,3 +74,3 @@ this.env = this.options.env || process.env.NODE_ENV || 'development';
           matches = /decrypt\((.+)\)/.exec(obj);
-          return this.key_file.decrypt(matches[1], 'base64', 'utf8');
+          return rsa.decrypt(matches[1], this.key_file);
         } else {
@@ -88,5 +103,3 @@ return obj;
     encrypt: function(phrase, public_key) {
-      var crt;
-      crt = ursa.createPublicKey(fs.readFileSync(public_key));
-      return crt.encrypt(phrase, 'utf8', 'base64');
+      return rsa.encrypt(phrase, fs.readFileSync(public_key));
     }
@@ -93,0 +106,0 @@ };

package.json

 {
   "name": "yml",
-  "version": "0.0.5",
+  "version": "1.0.0",
   "description": "Read Yaml files based on NODE_ENV or passed env + support for encryption",
   "main": "build/main",
   "dependencies": {
-    "js-yaml": "^3.3.0",
-    "lodash": "^3.2.0",
-    "node.extend": "^1.1.3",
-    "ursa": "^0.9.1"
+    "js-yaml": "^3.9.0",
+    "lodash": "^4.17.4",
+    "node.extend": "^2.0.0"
   },
@@ -12,0 +11,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10840

increased by3.86%

Dependency count

3

decreased by-25%

Lines of code

95

increased by14.46%

Number of low quality alerts

1

decreased by-50%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedfunction-bind@1.1.2(transitive)

• + Addedhasown@2.0.2(transitive)

• + Addedlodash@4.17.21(transitive)

• + Addednode.extend@2.0.3(transitive)

• - Removedursa@^0.9.1

• - Removedbindings@1.5.0(transitive)

• - Removedfile-uri-to-path@1.0.0(transitive)

• - Removedhas@1.0.4(transitive)

• - Removedlodash@3.10.1(transitive)

• - Removednan@2.22.0(transitive)

• - Removednode.extend@1.1.8(transitive)

• - Removedursa@0.9.4(transitive)

• Updatedjs-yaml@^3.9.0

• Updatedlodash@^4.17.4

• Updatednode.extend@^2.0.0