on-headers @1.0.2
Execute a listener when a response is about to write headers
Maintainers
Keywords
Dev Dependencies (10)
| Package | Constraint | Registry Status |
|---|---|---|
| mocha | 6.0.1 | auto_approved |
| eslint | 5.14.1 | auto_approved |
| istanbul | 0.4.5 | No greenflagged match |
| supertest | 3.4.2 | auto_approved |
| eslint-plugin-node | 8.0.1 | No greenflagged match |
| eslint-plugin-import | 2.16.0 | auto_approved |
| eslint-plugin-promise | 4.0.1 | auto_approved |
| eslint-config-standard | 12.0.0 | auto_approved |
| eslint-plugin-markdown | 1.0.0 | auto_approved |
| eslint-plugin-standard | 4.0.0 | auto_approved |
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-76c9-3jph-rj3q |
osv | reject | AI | AI (osv): Advisory affects all versions < 1.1.0 with a fix available in 1.1.0; this verdict generalizes to every version in the affected range. |
SAST Findings (2)
[Always reject] CVSS 3.4 (LOW) — CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N ### Impact A bug in on-headers versions `< 1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()` ### Patches Users should upgrade to `1.1.0` ### Workarounds Uses are encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3).
Commit: c05140cde9bb Browse source
Published to npm: