abrendan_dev/MicDropMessages
1
0
Fork 0
mirror of https://github.com/abrendan/MicDropMessages.git synced 2025-08-25 05:52:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
abrendan
2023-11-30 14:15:19 +00:00
commit e4599df811
5457 changed files with 500139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

480
node_modules/helmet/CHANGELOG.md generated vendored Normal file
View File

@@ -0,0 +1,480 @@
# Changelog
## 3.22.0 - 2020-03-24
### Changed
- Updated `helmet-csp` to v2.10.0
- Add support for the `allow-downloads` sandbox directive. See [helmet-csp#103](https://github.com/helmetjs/csp/pull/103)
### Deprecated
- `helmet.noCache` is deprecated. Use the `nocache` module instead. See [#215](https://github.com/helmetjs/helmet/issues/215)
## 3.21.3 - 2020-02-24
### Changed
- Updated `helmet-csp` to v2.9.5
- Updated `bowser` subdependency from 2.7.0 to 2.9.0
- Fixed an issue some people were having when importing the `bowser` subdependency. See [helmet-csp#96](https://github.com/helmetjs/csp/issues/96) and [#101](https://github.com/helmetjs/csp/pull/101)
## 3.21.2 - 2019-10-21
### Changed
- Updated `helmet-csp` to v2.9.4
- Updated `bowser` subdependency from 2.6.1 to 2.7.0. See [helmet-csp#94](https://github.com/helmetjs/csp/pull/94)
## 3.21.1 - 2019-09-20
### Fixed
- Updated `helmet-csp` to v2.9.2
- Fixed a bug where a request from Firefox 4 could delete `default-src` from future responses
- Fixed tablet PC detection by updating `bowser` subdependency to latest version
## 3.21.0 - 2019-09-04
### Added
- Updated `x-xss-protection` to v1.3.0
- Added `mode: null` to disable `mode=block`
### Changed
- Updated `helmet-csp` to v2.9.1
- Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [helmet-csp#88](https://github.com/helmetjs/csp/pull/88)
## 3.20.1 - 2019-08-28
### Changed
- Updated `helmet-csp` to v2.9.0
## 3.20.0 - 2019-07-24
### Changed
- Updated `helmet-csp` to v2.8.0
## 3.19.0 - 2019-07-17
### Changed
- Updated `dns-prefetch-control` to v0.2.0
- Updated `dont-sniff-mimetype` to v1.1.0
- Updated `helmet-crossdomain` to v0.4.0
- Updated `hide-powered-by` to v1.1.0
- Updated `x-xss-protection` to v1.2.0
## 3.18.0 - 2019-05-05
### Added
- `featurePolicy` has 19 new features: `ambientLightSensor`, `documentDomain`, `documentWrite`, `encryptedMedia`, `fontDisplayLateSwap`, `layoutAnimations`, `legacyImageFormats`, `loadingFrameDefaultEager`, `oversizedImages`, `pictureInPicture`, `serial`, `syncScript`, `unoptimizedImages`, `unoptimizedLosslessImages`, `unoptimizedLossyImages`, `unsizedMedia`, `verticalScroll`, `wakeLock`, and `xr`
### Changed
- Updated `expect-ct` to v0.2.0
- Updated `feature-policy` to v0.3.0
- Updated `frameguard` to v3.1.0
- Updated `nocache` to v2.1.0
## 3.17.0 - 2019-05-03
### Added
- `referrerPolicy` now supports multiple values
### Changed
- Updated `referrerPolicy` to v1.2.0
## 3.16.0 - 2019-03-10
### Added
- Add email to `bugs` field in `package.json`
### Changed
- Updated `hsts` to v2.2.0
- Updated `ienoopen` to v1.1.0
- Changelog is now in the [Keep A Changelog](https://keepachangelog.com/) format
- Dropped support for Node <4. See [the commit](https://github.com/helmetjs/helmet/commit/a49cec3ca58cce484d2d05e1f908549caa92ed03) for more information
- Updated Adam Baldwin's contact information
### Deprecated
- `helmet.hsts`'s `setIf` option has been deprecated and will be removed in `hsts@3`. See [helmetjs/hsts#22](https://github.com/helmetjs/hsts/issues/22) for more
* The `includeSubdomains` option (with a lowercase `d`) has been deprecated and will be removed in `hsts@3`. Use the uppercase-D `includeSubDomains` option instead. See [helmetjs/hsts#21](https://github.com/helmetjs/hsts/issues/21) for more
## 3.15.1 - 2019-02-10
### Deprecated
- The `hpkp` middleware has been deprecated. If you still need to use this module, install the standalone `hpkp` module from npm. See [#180](https://github.com/helmetjs/helmet/issues/180) for more.
## 3.15.0 - 2018-11-07
### Added
- `helmet.featurePolicy` now supports four new features
## 3.14.0 - 2018-10-09
### Added
- `helmet.featurePolicy` middleware
## 3.13.0 - 2018-07-22
### Added
- `helmet.permittedCrossDomainPolicies` middleware
## 3.12.2 - 2018-07-20
### Fixed
- Removed `lodash.reduce` dependency from `csp`
## 3.12.1 - 2018-05-16
### Fixed
- `expectCt` should use comma instead of semicolon as delimiter
## 3.12.0 - 2018-03-02
### Added
- `xssFilter` now supports `reportUri` option
## 3.11.0 - 2018-02-09
### Added
- Main Helmet middleware is now named to help with debugging
## 3.10.0 - 2018-01-23
### Added
- `csp` now supports `prefix-src` directive
### Fixed
- `csp` no longer loads JSON files internally, helping some module bundlers
- `false` should be able to disable a CSP directive
## 3.9.0 - 2017-10-13
### Added
- `csp` now supports `strict-dynamic` value
- `csp` now supports `require-sri-for` directive
### Changed
- Removed `connect` dependency
## 3.8.2 - 2017-09-27
### Changed
- Updated `connect` dependency to latest
## 3.8.1 - 2017-07-28
### Fixed
- `csp` does not automatically set `report-to` when setting `report-uri`
## 3.8.0 - 2017-07-21
### Changed
- `hsts` no longer cares whether it's HTTPS and always sets the header
## 3.7.0 - 2017-07-21
### Added
- `csp` now supports `report-to` directive
### Changed
- Throw an error when used incorrectly
- Add a few documentation files to `npmignore`
## 3.6.1 - 2017-05-21
### Changed
- Bump `connect` version
## 3.6.0 - 2017-05-04
### Added
- `expectCt` middleware for setting the `Expect-CT` header
## 3.5.0 - 2017-03-06
### Added
- `csp` now supports the `worker-src` directive
## 3.4.1 - 2017-02-24
### Changed
- Bump `connect` version
## 3.4.0 - 2017-01-13
### Added
- `csp` now supports more `sandbox` directives
## 3.3.0 - 2016-12-31
### Added
- `referrerPolicy` allows `strict-origin` and `strict-origin-when-cross-origin` directives
### Changed
- Bump `connect` version
## 3.2.0 - 2016-12-22
### Added
- `csp` now allows `manifest-src` directive
## 3.1.0 - 2016-11-03
### Added
- `csp` now allows `frame-src` directive
## 3.0.0 - 2016-10-28
### Changed
- `csp` will check your directives for common mistakes and throw errors if it finds them. This can be disabled with `loose: true`.
- Empty arrays are no longer allowed in `csp`. For source lists (like `script-src` or `object-src`), use the standard `scriptSrc: ["'none'"]`. The `sandbox` directive can be `sandbox: true` to block everything.
- `false` can disable a CSP directive. For example, `scriptSrc: false` is the same as not specifying it.
- In CSP, `reportOnly: true` no longer requires a `report-uri` to be set.
- `hsts`'s `maxAge` now defaults to 180 days (instead of 1 day)
- `hsts`'s `maxAge` parameter is seconds, not milliseconds
- `hsts` includes subdomains by default
- `domain` parameter in `frameguard` cannot be empty
### Removed
- `noEtag` option no longer present in `noCache`
- iOS Chrome `connect-src` workaround in CSP module
## 2.3.0 - 2016-09-30
### Added
- `hpkp` middleware now supports the `includeSubDomains` property with a capital D
### Fixed
- `hpkp` was setting `includeSubdomains` instead of `includeSubDomains`
## 2.2.0 - 2016-09-16
### Added
- `referrerPolicy` middleware
## 2.1.3 - 2016-09-07
### Changed
- Top-level aliases (like `helmet.xssFilter`) are no longer dynamically required
## 2.1.2 - 2016-07-27
### Deprecated
- `nocache`'s `noEtag` option is now deprecated
### Fixed
- `csp` now better handles Firefox on mobile
## 2.1.1 - 2016-06-10
### Changed
- Remove several dependencies from `helmet-csp`
### Fixed
- `frameguard` had a documentation error about its default value
- `frameguard` docs in main Helmet readme said `frameguard`, not `helmet.frameguard`
## 2.1.0 - 2016-05-18
### Added
- `csp` lets you dynamically set `reportOnly`
## 2.0.0 - 2016-04-29
### Added
- Pass configuration to enable/disable default middlewares
### Changed
- `dnsPrefetchControl` middleware is now enabled by default
### Removed
- No more module aliases. There is now just one way to include each middleware
- `frameguard` can no longer be initialized with strings; you must use an object
### Fixed
- Make `hpkp` lowercase in documentation
- Update `hpkp` spec URL in readmes
- Update `frameguard` header name in readme
## 1.3.0 - 2016-03-01
### Added
- `hpkp` has a `setIf` option to conditionally set the header
## 1.2.0 - 2016-02-29
### Added
- `csp` now has a `browserSniff` option to disable all user-agent sniffing
### Changed
- `frameguard` can now be initialized with options
- Add `npmignore` file to speed up installs slightly
## 1.1.0 - 2016-01-12
### Added
- Code of conduct
- `dnsPrefetchControl` middleware
### Fixed
- `csp` readme had syntax errors
## 1.0.2 - 2016-01-08
### Fixed
- `csp` wouldn't recognize `IE Mobile` browsers
- `csp` had some errors in its readme
- Main readme had a syntax error
## 1.0.1 - 2015-12-19
### Fixed
- `csp` with no User Agent would cause errors
## 1.0.0 - 2015-12-18
### Added
- `csp` module supports dynamically-generated values
### Changed
- `csp` directives are now under the `directives` key
- `hpkp`'s `Report-Only` header is now opt-in, not opt-out
- Tweak readmes of every sub-repo
### Removed
- `crossdomain` middleware
- `csp` no longer throws errors when some directives aren't quoted (`'self'`, for example)
- `maxage` option in the `hpkp` middleware
- `safari5` option from `csp` module
### Fixed
- Old Firefox Content-Security-Policy behavior for `unsafe-inline` and `unsafe-eval`
- Dynamic `csp` policies is no longer recursive
## 0.15.0 - 2015-11-26
### Changed
- `hpkp` allows a `report-uri` without the `Report-Only` header
## 0.14.0 - 2015-11-01
### Added
- `nocache` now sends the `Surrogate-Control` header
### Changed
- `nocache` no longer contains the `private` directive in the `Cache-Control` header
## 0.13.0 - 2015-10-23
### Added
- `xssFilter` now has a function name
- Added new CSP docs to readme
### Changed
- HSTS option renamed from `includeSubdomains` to `includeSubDomains`
## 0.11.0 - 2015-09-18
### Added
- `csp` now supports Microsoft Edge
- CSP Level 2 support
### Changed
- Updated `connect` to 3.4.0
- Updated `depd` to 1.1.0
### Fixed
- Added `license` key to `csp`'s `package.json`
- Empty `csp` directives now support every directive, not just `sandbox`
## 0.10.0 - 2015-07-08
### Added
- Add "Handling CSP violations" to `csp` readme
- Add license to `package.json`
### Changed
- `hpkp` had a link to the wrong place in its readme
- `hpkp` requires 2 or more pins
### Fixed
- `hpkp` might have miscalculated `maxAge` slightly wrong
## 0.9.0 - 2015-04-24
### Changed
- `nocache` adds `private` to its `Cache-Control` directive
- Added a description to `package.json`
## 0.8.0 - 2015-04-21
### Changed
- Removed hefty Lodash dependency from HSTS and CSP
- Updated string detection module in Frameguard
- Changed readme slightly to better reflect project's focus
### Deprecated
- Deprecated `crossdomain` middleware
### Removed
- `crossdomain` is no longer a default middleware
## 0.7.1 - 2015-03-23
### Changed
- Updated all outdated dependencies (insofar as possible)
- HSTS now uses Lodash like all the rest of the libraries
## 0.7.0 - 2015-03-05
### Added
- `hpkp` middleware
### Changed
- Travis CI should test 0.10 and 0.12
- Minor code cleanup
## 0.6.2 - 2015-03-01
### Changed
- Improved `xssFilter` performance
- Updated Lodash versions
## 0.6.1 - 2015-02-13
### Added
- "Other recommended modules" in README
### Changed
- Updated Lodash version
### Fixed
- `frameguard` middleware exported a function called `xframe`
## 0.6.0 - 2015-01-21
### Added
- You can disable `csp` for Android
### Fixed
- `csp` on Chrome Mobile on Android and iOS
## 0.5.4 - 2014-12-21
### Changed
- `nocache` should force revalidation
## 0.5.3 - 2014-12-08
### Changed
- `platform` version in CSP and X-XSS-Protection
### Fixed
- Updated bad wording in frameguard docs
## 0.5.2 - 2014-11-16
### Changed
- Updated Connect version
### Fixed
- Fixed minor `csp` bugfixes
## 0.5.1 - 2014-11-09
### Changed
- Updated URLs in `package.json` for new URL
### Fixed
- CSP would set all headers forever after receiving an unknown user agent
## 0.5.0 - 2014-10-28
### Added
- Most middlewares have some aliases now
### Changed
- `xframe` now called `frameguard` (though `xframe` still works)
- `frameguard` chooses sameorigin by default
- `frameguard` understands "SAME-ORIGIN" in addition to "SAMEORIGIN"
- `nocache` removed from default middleware stack
- Middleware split out into their own modules
- Documentation
- Updated supported Node version to at least 0.10.0
- Bumped Connect version
### Removed
- Deprecation warnings
### Fixed
- Readme link was broken
## 0.4.2 - 2014-10-16
### Added
- Support preload in HSTS header
## 0.4.1 - 2014-08-24
### Added
- Use [helmet-crossdomain](https://github.com/helmetjs/crossdomain) to test the waters
- 2 spaces instead of 4 throughout the code
## 0.4.0 - 2014-07-17
### Added
- `nocache` now sets the Expires and Pragma headers
- `nocache` now allows you to crush ETags
### Changed
- Improved the docs for nosniff
- Reverted HSTS behavior of requiring a specified max-age
### Fixed
- Allow HSTS to have a max-age of 0
## 0.3.2 - 2014-06-30
### Added
- All middleware functions are named
- Throw error with non-positive HSTS max-age
### Changed
- Added semicolons in README
- Make some Errors more specific
### Removed
- Removed all comment headers; refer to the readme
### Fixed
- `helmet()` was having issues
- Fixed Syntax errors in README
This changelog was created after the release of 0.3.1.

27
node_modules/helmet/CODE_OF_CONDUCT.md generated vendored Normal file
View File

@@ -0,0 +1,27 @@
# Contributor Code of Conduct
As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing other's private information, such as physical or electronic addresses, without explicit permission
* Other unethical or unprofessional conduct
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a project maintainer at <me@evanhahn.com>. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. Maintainers are obligated to maintain confidentiality with regard to the reporter of an incident.
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.3.0, available at [http://contributor-covenant.org/version/1/3/0/][version].
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/3/0/

18
node_modules/helmet/CONTRIBUTING.md generated vendored Normal file
View File

@@ -0,0 +1,18 @@
Contributing to Helmet
======================
Helmet welcomes contributors! This guide should help you submit issues and pull requests.
Got a question, problem, or feature request?
--------------------------------------------
The documentation and [Stack Overflow](http://stackoverflow.com/questions/tagged/helmet.js) are good places to start.
Feel free to [add an issue](https://github.com/helmetjs/helmet/issues) if those don't help!
Want to submit a change?
------------------------
If you're not sure whether your change will be welcomed, [add an issue](https://github.com/helmetjs/helmet/issues) to ask.
Once you're ready to make your change, make a pull request. If you're having trouble making a pull request (it's tricky!), check out [GitHub's guide](https://help.github.com/articles/using-pull-requests/) or add an issue. We'll make it work!

23
node_modules/helmet/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,23 @@
(The MIT License)
Copyright (c) 2012-2020 Evan Hahn, Adam Baldwin
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

77
node_modules/helmet/README.md generated vendored Normal file
View File

@@ -0,0 +1,77 @@
Helmet
======
[![npm version](https://badge.fury.io/js/helmet.svg)](http://badge.fury.io/js/helmet)
[![npm dependency status](https://david-dm.org/helmetjs/helmet.svg)](https://david-dm.org/helmetjs/helmet)
[![Build Status](https://travis-ci.org/helmetjs/helmet.svg?branch=master)](https://travis-ci.org/helmetjs/helmet)
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fhelmetjs%2Fhelmet.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fhelmetjs%2Fhelmet?ref=badge_shield)
Helmet helps you secure your Express apps by setting various HTTP headers. *It's not a silver bullet*, but it can help!
[Looking for a version of Helmet that supports the Koa framework?](https://github.com/venables/koa-helmet)
Quick start
-----------
First, run `npm install helmet --save` for your app. Then, in an Express (or Connect) app:
```js
const express = require('express')
const helmet = require('helmet')
const app = express()
app.use(helmet())
// ...
```
It's best to `use` Helmet early in your middleware stack so that its headers are sure to be set.
You can also use its pieces individually:
```js
app.use(helmet.xssFilter())
app.use(helmet.frameguard())
```
You can disable a middleware that's normally enabled by default. This will disable `frameguard` but include the other defaults.
```js
app.use(helmet({
frameguard: false
}))
```
You can also set options for a middleware. Setting options like this will *always* include the middleware, whether or not it's a default.
```js
app.use(helmet({
frameguard: {
action: 'deny'
}
}))
```
*If you're using Express 3, make sure these middlewares are listed before `app.router`.*
How it works
------------
Helmet is a collection of 12 smaller middleware functions that set HTTP response headers. Running `app.use(helmet())` will not include all of these middleware functions by default.
| Module | Default? |
|---|---|
| [contentSecurityPolicy](https://helmetjs.github.io/docs/csp/) for setting Content Security Policy | |
| [crossdomain](https://helmetjs.github.io/docs/crossdomain/) for handling Adobe products' crossdomain requests | |
| [dnsPrefetchControl](https://helmetjs.github.io/docs/dns-prefetch-control) controls browser DNS prefetching | ✓ |
| [expectCt](https://helmetjs.github.io/docs/expect-ct/) for handling Certificate Transparency | |
| [featurePolicy](https://helmetjs.github.io/docs/feature-policy/) to limit your site's features | |
| [frameguard](https://helmetjs.github.io/docs/frameguard/) to prevent clickjacking | ✓ |
| [hidePoweredBy](https://helmetjs.github.io/docs/hide-powered-by) to remove the X-Powered-By header | ✓ |
| [hsts](https://helmetjs.github.io/docs/hsts/) for HTTP Strict Transport Security | ✓ |
| [ieNoOpen](https://helmetjs.github.io/docs/ienoopen) sets X-Download-Options for IE8+ | ✓ |
| [noSniff](https://helmetjs.github.io/docs/dont-sniff-mimetype) to keep clients from sniffing the MIME type | ✓ |
| [referrerPolicy](https://helmetjs.github.io/docs/referrer-policy) to hide the Referer header | |
| [xssFilter](https://helmetjs.github.io/docs/xss-filter) adds some small XSS protections | ✓ |
You can see more in [the documentation](https://helmetjs.github.io/docs/).

9
node_modules/helmet/SECURITY.md generated vendored Normal file
View File

@@ -0,0 +1,9 @@
# Security Issue Reporting & Disclosure Process
If you feel you have found a security issue or concern with Helmet please email the maintainers.
Email Evan Hahn at <me@evanhahn.com> or Adam Baldwin at <adam@npmjs.com>.
## Expectations
We will do everything we can to communicate in a timely manner and address your concerns, but realize that we do have day jobs and this is in open source project so have a little patience if you don't hear back from us immediatly.

76
node_modules/helmet/index.js generated vendored Normal file
View File

@@ -0,0 +1,76 @@
var deprecate = require('depd')('helmet')
var DEFAULT_MIDDLEWARE = [
'dnsPrefetchControl',
'frameguard',
'hidePoweredBy',
'hsts',
'ieNoOpen',
'noSniff',
'xssFilter'
]
var middlewares
function helmet (options) {
options = options || {}
if (options.constructor.name === 'IncomingMessage') {
throw new Error('It appears you have done something like `app.use(helmet)`, but it should be `app.use(helmet())`.')
}
var stack = middlewares.reduce(function (result, middlewareName) {
var middleware = helmet[middlewareName]
var middlewareOptions = options[middlewareName]
var isDefault = DEFAULT_MIDDLEWARE.indexOf(middlewareName) !== -1
if (middlewareOptions === false) {
return result
} else if (middlewareOptions === true) {
middlewareOptions = {}
}
if (middlewareOptions != null) {
return result.concat(middleware(middlewareOptions))
} else if (isDefault) {
return result.concat(middleware({}))
}
return result
}, [])
return function helmet (req, res, next) {
var index = 0
function internalNext () {
if (arguments.length > 0) { return next.apply(null, arguments) }
var middleware = stack[index]
if (!middleware) { return next() }
index++
middleware(req, res, internalNext)
}
internalNext()
}
}
helmet.contentSecurityPolicy = require('helmet-csp')
helmet.dnsPrefetchControl = require('dns-prefetch-control')
helmet.expectCt = require('expect-ct')
helmet.featurePolicy = require('feature-policy')
helmet.frameguard = require('frameguard')
helmet.hidePoweredBy = require('hide-powered-by')
helmet.hsts = require('hsts')
helmet.ieNoOpen = require('ienoopen')
helmet.noSniff = require('dont-sniff-mimetype')
helmet.permittedCrossDomainPolicies = require('helmet-crossdomain')
helmet.referrerPolicy = require('referrer-policy')
helmet.xssFilter = require('x-xss-protection')
helmet.hpkp = deprecate.function(require('hpkp'), 'helmet.hpkp is deprecated and will be removed in helmet@4. You can use the `hpkp` module instead. For more, see https://github.com/helmetjs/helmet/issues/180.')
helmet.noCache = deprecate.function(require('nocache'), 'helmet.noCache is deprecated and will be removed in helmet@4. You can use the `nocache` module instead. For more, see https://github.com/helmetjs/helmet/issues/215.')
middlewares = Object.keys(helmet)
module.exports = helmet

103
node_modules/helmet/node_modules/depd/History.md generated vendored Normal file
View File

@@ -0,0 +1,103 @@
2.0.0 / 2018-10-26
==================
* Drop support for Node.js 0.6
* Replace internal `eval` usage with `Function` constructor
* Use instance methods on `process` to check for listeners
1.1.2 / 2018-01-11
==================
* perf: remove argument reassignment
* Support Node.js 0.6 to 9.x
1.1.1 / 2017-07-27
==================
* Remove unnecessary `Buffer` loading
* Support Node.js 0.6 to 8.x
1.1.0 / 2015-09-14
==================
* Enable strict mode in more places
* Support io.js 3.x
* Support io.js 2.x
* Support web browser loading
- Requires bundler like Browserify or webpack
1.0.1 / 2015-04-07
==================
* Fix `TypeError`s when under `'use strict'` code
* Fix useless type name on auto-generated messages
* Support io.js 1.x
* Support Node.js 0.12
1.0.0 / 2014-09-17
==================
* No changes
0.4.5 / 2014-09-09
==================
* Improve call speed to functions using the function wrapper
* Support Node.js 0.6
0.4.4 / 2014-07-27
==================
* Work-around v8 generating empty stack traces
0.4.3 / 2014-07-26
==================
* Fix exception when global `Error.stackTraceLimit` is too low
0.4.2 / 2014-07-19
==================
* Correct call site for wrapped functions and properties
0.4.1 / 2014-07-19
==================
* Improve automatic message generation for function properties
0.4.0 / 2014-07-19
==================
* Add `TRACE_DEPRECATION` environment variable
* Remove non-standard grey color from color output
* Support `--no-deprecation` argument
* Support `--trace-deprecation` argument
* Support `deprecate.property(fn, prop, message)`
0.3.0 / 2014-06-16
==================
* Add `NO_DEPRECATION` environment variable
0.2.0 / 2014-06-15
==================
* Add `deprecate.property(obj, prop, message)`
* Remove `supports-color` dependency for node.js 0.8
0.1.0 / 2014-06-15
==================
* Add `deprecate.function(fn, message)`
* Add `process.on('deprecation', fn)` emitter
* Automatically generate message when omitted from `deprecate()`
0.0.1 / 2014-06-15
==================
* Fix warning for dynamic calls at singe call site
0.0.0 / 2014-06-15
==================
* Initial implementation

22
node_modules/helmet/node_modules/depd/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,22 @@
(The MIT License)
Copyright (c) 2014-2018 Douglas Christopher Wilson
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

280
node_modules/helmet/node_modules/depd/Readme.md generated vendored Normal file
View File

@@ -0,0 +1,280 @@
# depd
[![NPM Version][npm-version-image]][npm-url]
[![NPM Downloads][npm-downloads-image]][npm-url]
[![Node.js Version][node-image]][node-url]
[![Linux Build][travis-image]][travis-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Coverage Status][coveralls-image]][coveralls-url]
Deprecate all the things
> With great modules comes great responsibility; mark things deprecated!
## Install
This module is installed directly using `npm`:
```sh
$ npm install depd
```
This module can also be bundled with systems like
[Browserify](http://browserify.org/) or [webpack](https://webpack.github.io/),
though by default this module will alter it's API to no longer display or
track deprecations.
## API
<!-- eslint-disable no-unused-vars -->
```js
var deprecate = require('depd')('my-module')
```
This library allows you to display deprecation messages to your users.
This library goes above and beyond with deprecation warnings by
introspection of the call stack (but only the bits that it is interested
in).
Instead of just warning on the first invocation of a deprecated
function and never again, this module will warn on the first invocation
of a deprecated function per unique call site, making it ideal to alert
users of all deprecated uses across the code base, rather than just
whatever happens to execute first.
The deprecation warnings from this module also include the file and line
information for the call into the module that the deprecated function was
in.
**NOTE** this library has a similar interface to the `debug` module, and
this module uses the calling file to get the boundary for the call stacks,
so you should always create a new `deprecate` object in each file and not
within some central file.
### depd(namespace)
Create a new deprecate function that uses the given namespace name in the
messages and will display the call site prior to the stack entering the
file this function was called from. It is highly suggested you use the
name of your module as the namespace.
### deprecate(message)
Call this function from deprecated code to display a deprecation message.
This message will appear once per unique caller site. Caller site is the
first call site in the stack in a different file from the caller of this
function.
If the message is omitted, a message is generated for you based on the site
of the `deprecate()` call and will display the name of the function called,
similar to the name displayed in a stack trace.
### deprecate.function(fn, message)
Call this function to wrap a given function in a deprecation message on any
call to the function. An optional message can be supplied to provide a custom
message.
### deprecate.property(obj, prop, message)
Call this function to wrap a given property on object in a deprecation message
on any accessing or setting of the property. An optional message can be supplied
to provide a custom message.
The method must be called on the object where the property belongs (not
inherited from the prototype).
If the property is a data descriptor, it will be converted to an accessor
descriptor in order to display the deprecation message.
### process.on('deprecation', fn)
This module will allow easy capturing of deprecation errors by emitting the
errors as the type "deprecation" on the global `process`. If there are no
listeners for this type, the errors are written to STDERR as normal, but if
there are any listeners, nothing will be written to STDERR and instead only
emitted. From there, you can write the errors in a different format or to a
logging source.
The error represents the deprecation and is emitted only once with the same
rules as writing to STDERR. The error has the following properties:
- `message` - This is the message given by the library
- `name` - This is always `'DeprecationError'`
- `namespace` - This is the namespace the deprecation came from
- `stack` - This is the stack of the call to the deprecated thing
Example `error.stack` output:
```
DeprecationError: my-cool-module deprecated oldfunction
at Object.<anonymous> ([eval]-wrapper:6:22)
at Module._compile (module.js:456:26)
at evalScript (node.js:532:25)
at startup (node.js:80:7)
at node.js:902:3
```
### process.env.NO_DEPRECATION
As a user of modules that are deprecated, the environment variable `NO_DEPRECATION`
is provided as a quick solution to silencing deprecation warnings from being
output. The format of this is similar to that of `DEBUG`:
```sh
$ NO_DEPRECATION=my-module,othermod node app.js
```
This will suppress deprecations from being output for "my-module" and "othermod".
The value is a list of comma-separated namespaces. To suppress every warning
across all namespaces, use the value `*` for a namespace.
Providing the argument `--no-deprecation` to the `node` executable will suppress
all deprecations (only available in Node.js 0.8 or higher).
**NOTE** This will not suppress the deperecations given to any "deprecation"
event listeners, just the output to STDERR.
### process.env.TRACE_DEPRECATION
As a user of modules that are deprecated, the environment variable `TRACE_DEPRECATION`
is provided as a solution to getting more detailed location information in deprecation
warnings by including the entire stack trace. The format of this is the same as
`NO_DEPRECATION`:
```sh
$ TRACE_DEPRECATION=my-module,othermod node app.js
```
This will include stack traces for deprecations being output for "my-module" and
"othermod". The value is a list of comma-separated namespaces. To trace every
warning across all namespaces, use the value `*` for a namespace.
Providing the argument `--trace-deprecation` to the `node` executable will trace
all deprecations (only available in Node.js 0.8 or higher).
**NOTE** This will not trace the deperecations silenced by `NO_DEPRECATION`.
## Display
![message](files/message.png)
When a user calls a function in your library that you mark deprecated, they
will see the following written to STDERR (in the given colors, similar colors
and layout to the `debug` module):
```
bright cyan bright yellow
| | reset cyan
| | | |
▼ ▼ ▼ ▼
my-cool-module deprecated oldfunction [eval]-wrapper:6:22
▲ ▲ ▲ ▲
| | | |
namespace | | location of mycoolmod.oldfunction() call
| deprecation message
the word "deprecated"
```
If the user redirects their STDERR to a file or somewhere that does not support
colors, they see (similar layout to the `debug` module):
```
Sun, 15 Jun 2014 05:21:37 GMT my-cool-module deprecated oldfunction at [eval]-wrapper:6:22
▲ ▲ ▲ ▲ ▲
| | | | |
timestamp of message namespace | | location of mycoolmod.oldfunction() call
| deprecation message
the word "deprecated"
```
## Examples
### Deprecating all calls to a function
This will display a deprecated message about "oldfunction" being deprecated
from "my-module" on STDERR.
```js
var deprecate = require('depd')('my-cool-module')
// message automatically derived from function name
// Object.oldfunction
exports.oldfunction = deprecate.function(function oldfunction () {
// all calls to function are deprecated
})
// specific message
exports.oldfunction = deprecate.function(function () {
// all calls to function are deprecated
}, 'oldfunction')
```
### Conditionally deprecating a function call
This will display a deprecated message about "weirdfunction" being deprecated
from "my-module" on STDERR when called with less than 2 arguments.
```js
var deprecate = require('depd')('my-cool-module')
exports.weirdfunction = function () {
if (arguments.length < 2) {
// calls with 0 or 1 args are deprecated
deprecate('weirdfunction args < 2')
}
}
```
When calling `deprecate` as a function, the warning is counted per call site
within your own module, so you can display different deprecations depending
on different situations and the users will still get all the warnings:
```js
var deprecate = require('depd')('my-cool-module')
exports.weirdfunction = function () {
if (arguments.length < 2) {
// calls with 0 or 1 args are deprecated
deprecate('weirdfunction args < 2')
} else if (typeof arguments[0] !== 'string') {
// calls with non-string first argument are deprecated
deprecate('weirdfunction non-string first arg')
}
}
```
### Deprecating property access
This will display a deprecated message about "oldprop" being deprecated
from "my-module" on STDERR when accessed. A deprecation will be displayed
when setting the value and when getting the value.
```js
var deprecate = require('depd')('my-cool-module')
exports.oldprop = 'something'
// message automatically derives from property name
deprecate.property(exports, 'oldprop')
// explicit message
deprecate.property(exports, 'oldprop', 'oldprop >= 0.10')
```
## License
[MIT](LICENSE)
[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/nodejs-depd/master?label=windows
[appveyor-url]: https://ci.appveyor.com/project/dougwilson/nodejs-depd
[coveralls-image]: https://badgen.net/coveralls/c/github/dougwilson/nodejs-depd/master
[coveralls-url]: https://coveralls.io/r/dougwilson/nodejs-depd?branch=master
[node-image]: https://badgen.net/npm/node/depd
[node-url]: https://nodejs.org/en/download/
[npm-downloads-image]: https://badgen.net/npm/dm/depd
[npm-url]: https://npmjs.org/package/depd
[npm-version-image]: https://badgen.net/npm/v/depd
[travis-image]: https://badgen.net/travis/dougwilson/nodejs-depd/master?label=linux
[travis-url]: https://travis-ci.org/dougwilson/nodejs-depd

538
node_modules/helmet/node_modules/depd/index.js generated vendored Normal file
View File

@@ -0,0 +1,538 @@
/*!
* depd
* Copyright(c) 2014-2018 Douglas Christopher Wilson
* MIT Licensed
*/
/**
* Module dependencies.
*/
var relative = require('path').relative
/**
* Module exports.
*/
module.exports = depd
/**
* Get the path to base files on.
*/
var basePath = process.cwd()
/**
* Determine if namespace is contained in the string.
*/
function containsNamespace (str, namespace) {
var vals = str.split(/[ ,]+/)
var ns = String(namespace).toLowerCase()
for (var i = 0; i < vals.length; i++) {
var val = vals[i]
// namespace contained
if (val && (val === '*' || val.toLowerCase() === ns)) {
return true
}
}
return false
}
/**
* Convert a data descriptor to accessor descriptor.
*/
function convertDataDescriptorToAccessor (obj, prop, message) {
var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
var value = descriptor.value
descriptor.get = function getter () { return value }
if (descriptor.writable) {
descriptor.set = function setter (val) { return (value = val) }
}
delete descriptor.value
delete descriptor.writable
Object.defineProperty(obj, prop, descriptor)
return descriptor
}
/**
* Create arguments string to keep arity.
*/
function createArgumentsString (arity) {
var str = ''
for (var i = 0; i < arity; i++) {
str += ', arg' + i
}
return str.substr(2)
}
/**
* Create stack string from stack.
*/
function createStackString (stack) {
var str = this.name + ': ' + this.namespace
if (this.message) {
str += ' deprecated ' + this.message
}
for (var i = 0; i < stack.length; i++) {
str += '\n at ' + stack[i].toString()
}
return str
}
/**
* Create deprecate for namespace in caller.
*/
function depd (namespace) {
if (!namespace) {
throw new TypeError('argument namespace is required')
}
var stack = getStack()
var site = callSiteLocation(stack[1])
var file = site[0]
function deprecate (message) {
// call to self as log
log.call(deprecate, message)
}
deprecate._file = file
deprecate._ignored = isignored(namespace)
deprecate._namespace = namespace
deprecate._traced = istraced(namespace)
deprecate._warned = Object.create(null)
deprecate.function = wrapfunction
deprecate.property = wrapproperty
return deprecate
}
/**
* Determine if event emitter has listeners of a given type.
*
* The way to do this check is done three different ways in Node.js >= 0.8
* so this consolidates them into a minimal set using instance methods.
*
* @param {EventEmitter} emitter
* @param {string} type
* @returns {boolean}
* @private
*/
function eehaslisteners (emitter, type) {
var count = typeof emitter.listenerCount !== 'function'
? emitter.listeners(type).length
: emitter.listenerCount(type)
return count > 0
}
/**
* Determine if namespace is ignored.
*/
function isignored (namespace) {
if (process.noDeprecation) {
// --no-deprecation support
return true
}
var str = process.env.NO_DEPRECATION || ''
// namespace ignored
return containsNamespace(str, namespace)
}
/**
* Determine if namespace is traced.
*/
function istraced (namespace) {
if (process.traceDeprecation) {
// --trace-deprecation support
return true
}
var str = process.env.TRACE_DEPRECATION || ''
// namespace traced
return containsNamespace(str, namespace)
}
/**
* Display deprecation message.
*/
function log (message, site) {
var haslisteners = eehaslisteners(process, 'deprecation')
// abort early if no destination
if (!haslisteners && this._ignored) {
return
}
var caller
var callFile
var callSite
var depSite
var i = 0
var seen = false
var stack = getStack()
var file = this._file
if (site) {
// provided site
depSite = site
callSite = callSiteLocation(stack[1])
callSite.name = depSite.name
file = callSite[0]
} else {
// get call site
i = 2
depSite = callSiteLocation(stack[i])
callSite = depSite
}
// get caller of deprecated thing in relation to file
for (; i < stack.length; i++) {
caller = callSiteLocation(stack[i])
callFile = caller[0]
if (callFile === file) {
seen = true
} else if (callFile === this._file) {
file = this._file
} else if (seen) {
break
}
}
var key = caller
? depSite.join(':') + '__' + caller.join(':')
: undefined
if (key !== undefined && key in this._warned) {
// already warned
return
}
this._warned[key] = true
// generate automatic message from call site
var msg = message
if (!msg) {
msg = callSite === depSite || !callSite.name
? defaultMessage(depSite)
: defaultMessage(callSite)
}
// emit deprecation if listeners exist
if (haslisteners) {
var err = DeprecationError(this._namespace, msg, stack.slice(i))
process.emit('deprecation', err)
return
}
// format and write message
var format = process.stderr.isTTY
? formatColor
: formatPlain
var output = format.call(this, msg, caller, stack.slice(i))
process.stderr.write(output + '\n', 'utf8')
}
/**
* Get call site location as array.
*/
function callSiteLocation (callSite) {
var file = callSite.getFileName() || '<anonymous>'
var line = callSite.getLineNumber()
var colm = callSite.getColumnNumber()
if (callSite.isEval()) {
file = callSite.getEvalOrigin() + ', ' + file
}
var site = [file, line, colm]
site.callSite = callSite
site.name = callSite.getFunctionName()
return site
}
/**
* Generate a default message from the site.
*/
function defaultMessage (site) {
var callSite = site.callSite
var funcName = site.name
// make useful anonymous name
if (!funcName) {
funcName = '<anonymous@' + formatLocation(site) + '>'
}
var context = callSite.getThis()
var typeName = context && callSite.getTypeName()
// ignore useless type name
if (typeName === 'Object') {
typeName = undefined
}
// make useful type name
if (typeName === 'Function') {
typeName = context.name || typeName
}
return typeName && callSite.getMethodName()
? typeName + '.' + funcName
: funcName
}
/**
* Format deprecation message without color.
*/
function formatPlain (msg, caller, stack) {
var timestamp = new Date().toUTCString()
var formatted = timestamp +
' ' + this._namespace +
' deprecated ' + msg
// add stack trace
if (this._traced) {
for (var i = 0; i < stack.length; i++) {
formatted += '\n at ' + stack[i].toString()
}
return formatted
}
if (caller) {
formatted += ' at ' + formatLocation(caller)
}
return formatted
}
/**
* Format deprecation message with color.
*/
function formatColor (msg, caller, stack) {
var formatted = '\x1b[36;1m' + this._namespace + '\x1b[22;39m' + // bold cyan
' \x1b[33;1mdeprecated\x1b[22;39m' + // bold yellow
' \x1b[0m' + msg + '\x1b[39m' // reset
// add stack trace
if (this._traced) {
for (var i = 0; i < stack.length; i++) {
formatted += '\n \x1b[36mat ' + stack[i].toString() + '\x1b[39m' // cyan
}
return formatted
}
if (caller) {
formatted += ' \x1b[36m' + formatLocation(caller) + '\x1b[39m' // cyan
}
return formatted
}
/**
* Format call site location.
*/
function formatLocation (callSite) {
return relative(basePath, callSite[0]) +
':' + callSite[1] +
':' + callSite[2]
}
/**
* Get the stack as array of call sites.
*/
function getStack () {
var limit = Error.stackTraceLimit
var obj = {}
var prep = Error.prepareStackTrace
Error.prepareStackTrace = prepareObjectStackTrace
Error.stackTraceLimit = Math.max(10, limit)
// capture the stack
Error.captureStackTrace(obj)
// slice this function off the top
var stack = obj.stack.slice(1)
Error.prepareStackTrace = prep
Error.stackTraceLimit = limit
return stack
}
/**
* Capture call site stack from v8.
*/
function prepareObjectStackTrace (obj, stack) {
return stack
}
/**
* Return a wrapped function in a deprecation message.
*/
function wrapfunction (fn, message) {
if (typeof fn !== 'function') {
throw new TypeError('argument fn must be a function')
}
var args = createArgumentsString(fn.length)
var stack = getStack()
var site = callSiteLocation(stack[1])
site.name = fn.name
// eslint-disable-next-line no-new-func
var deprecatedfn = new Function('fn', 'log', 'deprecate', 'message', 'site',
'"use strict"\n' +
'return function (' + args + ') {' +
'log.call(deprecate, message, site)\n' +
'return fn.apply(this, arguments)\n' +
'}')(fn, log, this, message, site)
return deprecatedfn
}
/**
* Wrap property in a deprecation message.
*/
function wrapproperty (obj, prop, message) {
if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
throw new TypeError('argument obj must be object')
}
var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
if (!descriptor) {
throw new TypeError('must call property on owner object')
}
if (!descriptor.configurable) {
throw new TypeError('property must be configurable')
}
var deprecate = this
var stack = getStack()
var site = callSiteLocation(stack[1])
// set site name
site.name = prop
// convert data descriptor
if ('value' in descriptor) {
descriptor = convertDataDescriptorToAccessor(obj, prop, message)
}
var get = descriptor.get
var set = descriptor.set
// wrap getter
if (typeof get === 'function') {
descriptor.get = function getter () {
log.call(deprecate, message, site)
return get.apply(this, arguments)
}
}
// wrap setter
if (typeof set === 'function') {
descriptor.set = function setter () {
log.call(deprecate, message, site)
return set.apply(this, arguments)
}
}
Object.defineProperty(obj, prop, descriptor)
}
/**
* Create DeprecationError for deprecation
*/
function DeprecationError (namespace, message, stack) {
var error = new Error()
var stackString
Object.defineProperty(error, 'constructor', {
value: DeprecationError
})
Object.defineProperty(error, 'message', {
configurable: true,
enumerable: false,
value: message,
writable: true
})
Object.defineProperty(error, 'name', {
enumerable: false,
configurable: true,
value: 'DeprecationError',
writable: true
})
Object.defineProperty(error, 'namespace', {
configurable: true,
enumerable: false,
value: namespace,
writable: true
})
Object.defineProperty(error, 'stack', {
configurable: true,
enumerable: false,
get: function () {
if (stackString !== undefined) {
return stackString
}
// prepare stack trace
return (stackString = createStackString.call(this, stack))
},
set: function setter (val) {
stackString = val
}
})
return error
}

77
node_modules/helmet/node_modules/depd/lib/browser/index.js generated vendored Normal file
View File

@@ -0,0 +1,77 @@
/*!
* depd
* Copyright(c) 2015 Douglas Christopher Wilson
* MIT Licensed
*/
'use strict'
/**
* Module exports.
* @public
*/
module.exports = depd
/**
* Create deprecate for namespace in caller.
*/
function depd (namespace) {
if (!namespace) {
throw new TypeError('argument namespace is required')
}
function deprecate (message) {
// no-op in browser
}
deprecate._file = undefined
deprecate._ignored = true
deprecate._namespace = namespace
deprecate._traced = false
deprecate._warned = Object.create(null)
deprecate.function = wrapfunction
deprecate.property = wrapproperty
return deprecate
}
/**
* Return a wrapped function in a deprecation message.
*
* This is a no-op version of the wrapper, which does nothing but call
* validation.
*/
function wrapfunction (fn, message) {
if (typeof fn !== 'function') {
throw new TypeError('argument fn must be a function')
}
return fn
}
/**
* Wrap property in a deprecation message.
*
* This is a no-op version of the wrapper, which does nothing but call
* validation.
*/
function wrapproperty (obj, prop, message) {
if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
throw new TypeError('argument obj must be object')
}
var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
if (!descriptor) {
throw new TypeError('must call property on owner object')
}
if (!descriptor.configurable) {
throw new TypeError('property must be configurable')
}
}

80
node_modules/helmet/node_modules/depd/package.json generated vendored Normal file
View File

@@ -0,0 +1,80 @@
{
"_from": "depd@2.0.0",
"_id": "depd@2.0.0",
"_inBundle": false,
"_integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
"_location": "/helmet/depd",
"_phantomChildren": {},
"_requested": {
"type": "version",
"registry": true,
"raw": "depd@2.0.0",
"name": "depd",
"escapedName": "depd",
"rawSpec": "2.0.0",
"saveSpec": null,
"fetchSpec": "2.0.0"
},
"_requiredBy": [
"/helmet"
],
"_resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
"_shasum": "b696163cc757560d09cf22cc8fad1571b79e76df",
"_spec": "depd@2.0.0",
"_where": "/home/runner/Socketio-Chat-Template/node_modules/helmet",
"author": {
"name": "Douglas Christopher Wilson",
"email": "doug@somethingdoug.com"
},
"browser": "lib/browser/index.js",
"bugs": {
"url": "https://github.com/dougwilson/nodejs-depd/issues"
},
"bundleDependencies": false,
"deprecated": false,
"description": "Deprecate all the things",
"devDependencies": {
"beautify-benchmark": "0.2.4",
"benchmark": "2.1.4",
"eslint": "5.7.0",
"eslint-config-standard": "12.0.0",
"eslint-plugin-import": "2.14.0",
"eslint-plugin-markdown": "1.0.0-beta.7",
"eslint-plugin-node": "7.0.1",
"eslint-plugin-promise": "4.0.1",
"eslint-plugin-standard": "4.0.0",
"istanbul": "0.4.5",
"mocha": "5.2.0",
"safe-buffer": "5.1.2",
"uid-safe": "2.1.5"
},
"engines": {
"node": ">= 0.8"
},
"files": [
"lib/",
"History.md",
"LICENSE",
"index.js",
"Readme.md"
],
"homepage": "https://github.com/dougwilson/nodejs-depd#readme",
"keywords": [
"deprecate",
"deprecated"
],
"license": "MIT",
"name": "depd",
"repository": {
"type": "git",
"url": "git+https://github.com/dougwilson/nodejs-depd.git"
},
"scripts": {
"bench": "node benchmark/index.js",
"lint": "eslint --plugin markdown --ext js,md .",
"test": "mocha --reporter spec --bail test/",
"test-ci": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter spec test/ && istanbul report lcovonly text-summary",
"test-cov": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter dot test/ && istanbul report lcov text-summary"
},
"version": "2.0.0"
}

112
node_modules/helmet/package.json generated vendored Normal file
View File

@@ -0,0 +1,112 @@
{
"_from": "helmet@^3.9.0",
"_id": "helmet@3.22.0",
"_inBundle": false,
"_integrity": "sha512-Xrqicn2nm1ZIUxP3YGuTBmbDL04neKsIT583Sjh0FkiwKDXYCMUqGqC88w3NUvVXtA75JyR2Jn6jw6ZEMOD+ZA==",
"_location": "/helmet",
"_phantomChildren": {},
"_requested": {
"type": "range",
"registry": true,
"raw": "helmet@^3.9.0",
"name": "helmet",
"escapedName": "helmet",
"rawSpec": "^3.9.0",
"saveSpec": null,
"fetchSpec": "^3.9.0"
},
"_requiredBy": [
"/server"
],
"_resolved": "https://registry.npmjs.org/helmet/-/helmet-3.22.0.tgz",
"_shasum": "3a6f11d931799145f0aff15dbc563cff9e13131f",
"_spec": "helmet@^3.9.0",
"_where": "/home/runner/Socketio-Chat-Template/node_modules/server",
"author": {
"name": "Adam Baldwin",
"email": "adam@npmjs.com",
"url": "https://evilpacket.net"
},
"bugs": {
"url": "https://github.com/helmetjs/helmet/issues",
"email": "me@evanhahn.com"
},
"bundleDependencies": false,
"contributors": [
{
"name": "Evan Hahn",
"email": "me@evanhahn.com",
"url": "https://evanhahn.com"
}
],
"dependencies": {
"depd": "2.0.0",
"dns-prefetch-control": "0.2.0",
"dont-sniff-mimetype": "1.1.0",
"expect-ct": "0.2.0",
"feature-policy": "0.3.0",
"frameguard": "3.1.0",
"helmet-crossdomain": "0.4.0",
"helmet-csp": "2.10.0",
"hide-powered-by": "1.1.0",
"hpkp": "2.0.0",
"hsts": "2.2.0",
"ienoopen": "1.1.0",
"nocache": "2.1.0",
"referrer-policy": "1.2.0",
"x-xss-protection": "1.3.0"
},
"deprecated": false,
"description": "help secure Express/Connect apps with various HTTP headers",
"devDependencies": {
"connect": "^3.7.0",
"mocha": "^7.1.1",
"sinon": "^9.0.1",
"standard": "^14.3.3",
"supertest": "^4.0.2"
},
"engines": {
"node": ">=4.0.0"
},
"files": [
"CHANGELOG.md",
"CODE_OF_CONDUCT.md",
"CONTRIBUTING.md",
"LICENSE",
"README.md",
"SECURITY.md",
"index.js"
],
"homepage": "https://helmetjs.github.io/",
"keywords": [
"security",
"headers",
"express",
"connect",
"x-frame-options",
"x-powered-by",
"csp",
"hsts",
"clickjack"
],
"license": "MIT",
"main": "index",
"name": "helmet",
"repository": {
"type": "git",
"url": "git://github.com/helmetjs/helmet.git"
},
"scripts": {
"pretest": "standard --fix",
"test": "mocha"
},
"standard": {
"globals": [
"describe",
"it",
"beforeEach",
"afterEach"
]
},
"version": "3.22.0"
}