-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: use Node.js net lib and reject malformed addresses #144
base: main
Are you sure you want to change the base?
Conversation
Is this getting merged in? |
The maintainer is very inactive. He has no obligation to continue maintaining this library, but I'd suggest switching to a different actively maintained library. |
@indutny Can you please review/merge this PR? |
Is this PR getting merged? |
I came across a couple of maintained forks of Both forks are a few months old, so there's not enough activity for me to tell whether they're likely to be maintained in the long term. That said, they may be a good solution for folks who aren't yet ready to switch to an alternative. |
Hi, when can we expect a new release that includes this patch? @ljharb |
@charIeszhao why are you pinging me? i'm not a maintainer here. |
Sorry, I think that was a mistake. I saw you were the reviewer so I assumed you were the maintainer. My appologies for the ping. |
See #143. Given the current API of this library, I believe that it's not suitable to support malformed addresses like
0x7f.1
. It's hard to parse them correctly in all cases. It's better to throw errors for them.This PR uses the Node.js
net
library so it should be reliable.I suggest releasing v3 after merging this, because:
net.SocketAddress
is added in Node v15.14.0 and v14.18.0. I think it's reasonable to drop support for older Node versions because Node 12 has reached end-of-life since 2022-04-30. If the user cares about security, they should use a new Node version.We could try to (partially) fix the security concerns in a compatible way in v2 (and v1) in another pull request.