kpfleming/pkg-proxy
1
0
Fork 0
forked from mirrors/pkg-proxy
Code Pull requests Activity
132 commits 4 branches 1 tag 854 KiB
Commit graph

2 commits

Author SHA1 Message Date
Andrew Nesbitt
8b762ffb39
 		Fix silent truncation of large npm metadata responses 
ReadMetadata used io.LimitReader which silently truncated responses at
the size limit. For packages like drizzle-orm (~92MB metadata), this
produced invalid JSON that was served to clients.

Now returns ErrMetadataTooLarge when the limit is exceeded, and bumps
the limit from 50MB to 100MB.

Fixes #78
 2026-04-08 16:02:30 +01:00
Andrew Nesbitt
0e1a06c5e6
 		Add size limits on request bodies and upstream metadata reads 
POST endpoints (/api/outdated, /api/bulk) now reject bodies over 1 MB
using http.MaxBytesReader. Upstream metadata reads (npm, pypi, composer,
nuget, pub) now use io.LimitReader capped at 50 MB to prevent OOM from
unexpectedly large responses.
 2026-03-13 07:28:20 +00:00