Giter Site home page Giter Site logo

tremendous-node's People

Contributors

bpless avatar brianstorti avatar caioicy avatar dependabot[bot] avatar vb-tremendous avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

sturman medialnk sreuter ben-tremendous deepiestwound deriegle mussetcom

tremendous-node's Issues

README example for client var declaration is missing a closing forward slash in URI

I was unable to get the API to work based on the examples listed in the README file. After looking through the tremendous code I noticed that when constructing the URL in the client function there was no forward slash being inserted before adding the path to the URI specified.

Here is the function, notice that when constructing the URL the path value was just being combined with the URI value and since no forward slash was being inserted, you ended up with an invalid URL of https://testflight.tremendous.com/api/v2orders instead of the correct https://testflight.tremendous.com/api/v2/orders

function client(path, method, options, callback) {
var data = _.merge({}, {
url: this.uri + path,
method: method,
headers: {
"User-agent": "Tremendous Node v2.0.0",
"authorization": "Bearer " + this.accessToken
},
json: true
}, method == "GET" ? {qs: options} : {json: options});

return request(data, handleResponse(callback));
};

As such, I simply added a forward slash to the client var declaration and then everything worked as expected. This change simply updates the example description so that others don't get stuck on their first attempts to test the API.

BEFORE MY FIX:

// Sandbox environment
var client = new Tremendous("[SANDBOX_ACCESS_TOKEN]", "https://testflight.tremendous.com/api/v2");

// Production environment
var client = new Tremendous("[PRODUCTION_ACCESS_TOKEN]", "https://www.tremendous.com/api/v2");

AFTER MY FIX - I Simply added a forward slash at the end of the URI

// Sandbox environment
var client = new Tremendous("[SANDBOX_ACCESS_TOKEN]", "https://testflight.tremendous.com/api/v2/");

// Production environment
var client = new Tremendous("[PRODUCTION_ACCESS_TOKEN]", "https://www.tremendous.com/api/v2/");

Critical vulnerabilities in dependencies

After installing tremendous, npm audit reports some vulnerabilities in the dependencies. They are not fixable with npm audit fix

$ npm audit
# npm audit report

bl  <1.2.3
Severity: high
Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r
No fix available
node_modules/bl
  request  2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
  Depends on vulnerable versions of bl
  Depends on vulnerable versions of hawk
  Depends on vulnerable versions of tunnel-agent
  node_modules/request
    tremendous  *
    Depends on vulnerable versions of request
    node_modules/tremendous

cryptiles  <=4.1.1
Severity: critical
Insufficient Entropy in cryptiles - https://github.com/advisories/GHSA-rq8g-5pc5-wrhr
Depends on vulnerable versions of boom
No fix available
node_modules/cryptiles
  hawk  0.0.6 - 6.0.2
  Depends on vulnerable versions of boom
  Depends on vulnerable versions of cryptiles
  Depends on vulnerable versions of hoek
  Depends on vulnerable versions of sntp
  node_modules/hawk
    request  2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
    Depends on vulnerable versions of bl
    Depends on vulnerable versions of hawk
    Depends on vulnerable versions of tunnel-agent
    node_modules/request
      tremendous  *
      Depends on vulnerable versions of request
      node_modules/tremendous

hoek  <4.2.1
Severity: moderate
Prototype Pollution in hoek - https://github.com/advisories/GHSA-jp4x-w63m-7wgm
No fix available
node_modules/hoek
  boom  <=3.1.2
  Depends on vulnerable versions of hoek
  node_modules/boom
    cryptiles  <=4.1.1
    Depends on vulnerable versions of boom
    node_modules/cryptiles
      hawk  0.0.6 - 6.0.2
      Depends on vulnerable versions of boom
      Depends on vulnerable versions of cryptiles
      Depends on vulnerable versions of hoek
      Depends on vulnerable versions of sntp
      node_modules/hawk
        request  2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
        Depends on vulnerable versions of bl
        Depends on vulnerable versions of hawk
        Depends on vulnerable versions of tunnel-agent
        node_modules/request
          tremendous  *
          Depends on vulnerable versions of request
          node_modules/tremendous
  sntp  0.0.0 || 0.1.1 - 2.0.0
  Depends on vulnerable versions of hoek
  node_modules/sntp

tunnel-agent  <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - https://github.com/advisories/GHSA-xc7v-wxcw-j472
No fix available
node_modules/tunnel-agent
  request  2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
  Depends on vulnerable versions of bl
  Depends on vulnerable versions of hawk
  Depends on vulnerable versions of tunnel-agent
  node_modules/request
    tremendous  *
    Depends on vulnerable versions of request
    node_modules/tremendous

9 vulnerabilities (5 moderate, 1 high, 3 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.