yub
Advanced tools
Comparing version 0.10.8 to 0.10.9
@@ -30,7 +30,7 @@ // lookup table for modhex codes | ||
| hex += toHex(dst << 4 | b); | ||
| } | ||
| } | ||
| // return as hexadecimal number | ||
| return hex; | ||
| } | ||
| } | ||
| // return as hexadecimal number | ||
| return hex; | ||
| } | ||
@@ -37,0 +37,0 @@ |
@@ -155,3 +155,4 @@ var crypto = require('crypto'); | ||
| encryptedHex: modhex.decode(encrypted), | ||
| serial: modhex.decodeInt(identity) | ||
| serial: modhex.decodeInt(identity), | ||
| valid: false | ||
| }; | ||
@@ -158,0 +159,0 @@ |
| { | ||
| "name": "yub", | ||
| "version": "0.10.8", | ||
| "version": "0.10.9", | ||
| "description": "Yubico Yubikey API Client for Node.js", | ||
@@ -15,6 +15,6 @@ "main": "index.js", | ||
| "author": "Glynn Bird", | ||
| "license": "BSD", | ||
| "license": "Apache-2.0", | ||
| "dependencies": { | ||
| "request": "2.27.0" | ||
| "request": "2.60.0" | ||
| } | ||
| } |
@@ -36,5 +36,5 @@ # YUB | ||
| * a Yubikey | ||
| * node.js | ||
| * npm | ||
| * a [Yubikey](http://www.yubico.com/) | ||
| * [node.js](http://nodejs.org/) | ||
| * [npm](https://npmjs.org/) | ||
@@ -49,3 +49,3 @@ ## Installation | ||
| You'll also need a Yubico API Key from here: https://upgrade.yubico.com/getapikey/. This gives you the | ||
| You'll also need a Yubico API Key from here: [https://upgrade.yubico.com/getapikey/]([https://upgrade.yubico.com/getapikey/). This gives you the | ||
| client_id and secret_key that must be passed to "yub.init()", see below. | ||
@@ -81,3 +81,4 @@ | ||
| identity: 'cccaccbtbvkw', | ||
| serial: 123456 | ||
| serial: 123456, | ||
| valid: true | ||
| } | ||
@@ -101,2 +102,3 @@ ``` | ||
| * serial - the serial number of the Yubikey. This is derived by decoding the identity's modhex encoding. | ||
| * valid - this is true if the status = 'OK', the signature is verified and the nonce is verified | ||
@@ -108,3 +110,4 @@ ## Offline verification | ||
| from the OTP without any network access. This is, of course, far less secure, but is useful | ||
| for offline applications. | ||
| for offline applications. As we cannot validate the status online, "valid" is always false in | ||
| offline mode. | ||
@@ -128,3 +131,4 @@ ## Further examples | ||
| nonceVerified: true, | ||
| identity: 'cccaccbtbvkw'} | ||
| identity: 'cccaccbtbvkw', | ||
| valid: true } | ||
| ``` | ||
@@ -131,0 +135,0 @@ |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
SPDX disjunction
LicenseSPDX disjunction for an artifact's license information
Found 1 instance in 1 package
Fixed alerts
SPDX disjunction
LicenseSPDX disjunction for an artifact's license information
Found 1 instance in 1 package
Non-permissive License
License(Experimental) A license not known to be considered permissive was found
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.68%
53240
- Number of low license alerts
- decreased by-50%
1
- Lines of code
- increased by0.46%
218
- Number of lines in readme file
- increased by2.96%
139
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedansi-regex@2.1.1(transitive)
+ Addedansi-styles@2.2.1(transitive)
+ Addedasync@2.6.4(transitive)
+ Addedaws-sign2@0.5.0(transitive)
+ Addedbl@1.0.3(transitive)
+ Addedbluebird@2.11.0(transitive)
+ Addedboom@2.10.1(transitive)
+ Addedcaseless@0.11.0(transitive)
+ Addedchalk@1.1.3(transitive)
+ Addedcombined-stream@1.0.8(transitive)
+ Addedcommander@2.20.3(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addedcryptiles@2.0.5(transitive)
+ Addeddelayed-stream@1.0.0(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedextend@3.0.2(transitive)
+ Addedforever-agent@0.6.1(transitive)
+ Addedform-data@1.0.1(transitive)
+ Addedgenerate-function@2.3.1(transitive)
+ Addedgenerate-object-property@1.2.0(transitive)
+ Addedhar-validator@1.8.0(transitive)
+ Addedhas-ansi@2.0.0(transitive)
+ Addedhawk@3.1.3(transitive)
+ Addedhoek@2.16.3(transitive)
+ Addedhttp-signature@0.11.0(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedis-my-ip-valid@1.0.1(transitive)
+ Addedis-my-json-valid@2.20.6(transitive)
+ Addedis-property@1.0.2(transitive)
+ Addedisarray@1.0.0(transitive)
+ Addedisstream@0.1.2(transitive)
+ Addedjsonpointer@5.0.1(transitive)
+ Addedlodash@4.17.21(transitive)
+ Addedmime-db@1.52.0(transitive)
+ Addedmime-types@2.1.35(transitive)
+ Addedoauth-sign@0.8.2(transitive)
+ Addedprocess-nextick-args@1.0.7(transitive)
+ Addedpsl@1.9.0(transitive)
+ Addedpunycode@2.3.1(transitive)
+ Addedqs@4.0.0(transitive)
+ Addedquerystringify@2.2.0(transitive)
+ Addedreadable-stream@2.0.6(transitive)
+ Addedrequest@2.60.0(transitive)
+ Addedrequires-port@1.0.0(transitive)
+ Addedsntp@1.0.9(transitive)
+ Addedstring_decoder@0.10.31(transitive)
+ Addedstringstream@0.0.6(transitive)
+ Addedstrip-ansi@3.0.1(transitive)
+ Addedsupports-color@2.0.0(transitive)
+ Addedtough-cookie@4.1.4(transitive)
+ Addedtunnel-agent@0.4.3(transitive)
+ Addeduniversalify@0.2.0(transitive)
+ Addedurl-parse@1.5.10(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedxtend@4.0.2(transitive)
- Removedasync@0.9.2(transitive)
- Removedaws-sign@0.3.0(transitive)
- Removedboom@0.4.2(transitive)
- Removedcombined-stream@0.0.7(transitive)
- Removedcookie-jar@0.3.0(transitive)
- Removedcryptiles@0.2.2(transitive)
- Removeddelayed-stream@0.0.5(transitive)
- Removedforever-agent@0.5.2(transitive)
- Removedform-data@0.1.4(transitive)
- Removedhawk@1.0.0(transitive)
- Removedhoek@0.9.1(transitive)
- Removedhttp-signature@0.10.1(transitive)
- Removedmime@1.2.11(transitive)
- Removedoauth-sign@0.3.0(transitive)
- Removedqs@0.6.6(transitive)
- Removedrequest@2.27.0(transitive)
- Removedsntp@0.2.4(transitive)
- Removedtunnel-agent@0.3.0(transitive)
Updatedrequest@2.60.0