Douglas Wilson

Ah, gotcha. Where do you find that on npmjs.com (or is this from npms.io)? And say for example morgan had 89%, and thus would not qualify, where do we point...

Nice @brandon-d-mckay ! Say for example morgan had 89%, and thus would not qualify, where do we point the author to to understand how to achieve at least 90% (i.e....

Neat! Obviously we would want all the types to have this behavior, not just the json. There was a plan written out for how we wanted to add this (vety...

If you're wondering, I'm searching for the conversation. From what I recall it was two main APIs, a bodyParser.only() and a bodyParser.none() or something. Basically some way to either (1)...

Because being able to stack things is implied with how middleware works; it is not expected that a middleware will respond to something it cannot handle which is why a...

Makes sense. Can the decryption be done as a stream instead of a sync decryption?

I'm talking about changing the interface here to take a TransformStream, rather than do it prior to calling this module.

Ok, sorry we misunderstood. The _user_ needs to pass in a TransformStream as the decrypt argument. What we have here is still the same DoS vector.

And if possible, please add tests and make sure decryption occurs after inflation.

Setting a specific lifetime is currently not implemented. Currently the tokens last as long as the secret is valid. If you store the secret in a session, then it lasts...