fix: remove spread of defaultOpts

Author: H4ad

lib/index.js

@@ -22,8 +22,6 @@ const defaultOpts = {
   strict: false,
 }
 
-const ssriOpts = (opts = {}) => ({ ...defaultOpts, ...opts })
-
 const getOptString = options => !options || !options.length
   ? ''
   : `?${options.join('?')}`
@@ -44,27 +42,21 @@ class IntegrityStream extends MiniPass {
     this[_getOptions]()
 
     // options used for calculating stream.  can't be changed.
-    const { algorithms = defaultOpts.algorithms } = opts
+    const algorithms = opts?.algorithms || defaultOpts.algorithms
     this.algorithms = Array.from(
       new Set(algorithms.concat(this.algorithm ? [this.algorithm] : []))
     )
     this.hashes = this.algorithms.map(crypto.createHash)
   }
 
   [_getOptions] () {
-    const {
-      integrity,
-      size,
-      options,
-    } = { ...defaultOpts, ...this.opts }
-
     // For verification
-    this.sri = integrity ? parse(integrity, this.opts) : null
-    this.expectedSize = size
+    this.sri = this.opts?.integrity ? parse(this.opts?.integrity, this.opts) : null
+    this.expectedSize = this.opts?.size
     this.goodSri = this.sri ? !!Object.keys(this.sri).length : false
     this.algorithm = this.goodSri ? this.sri.pickAlgorithm(this.opts) : null
     this.digests = this.goodSri ? this.sri[this.algorithm] : null
-    this.optString = getOptString(options)
+    this.optString = getOptString(this.opts?.options)
   }
 
   on (ev, handler) {
@@ -141,8 +133,7 @@ class Hash {
   }
 
   constructor (hash, opts) {
-    opts = ssriOpts(opts)
-    const strict = !!opts.strict
+    const strict = opts?.strict
     this.source = hash.trim()
 
     // set default values so that we make V8 happy to
@@ -161,7 +152,7 @@ class Hash {
     if (!match) {
       return
     }
-    if (strict && !SPEC_ALGORITHMS.some(a => a === match[1])) {
+    if (strict && !SPEC_ALGORITHMS.includes(match[1])) {
       return
     }
     this.algorithm = match[1]
@@ -182,14 +173,13 @@ class Hash {
   }
 
   toString (opts) {
-    opts = ssriOpts(opts)
-    if (opts.strict) {
+    if (opts?.strict) {
       // Strict mode enforces the standard as close to the foot of the
       // letter as it can.
       if (!(
         // The spec has very restricted productions for algorithms.
         // https://www.w3.org/TR/CSP2/#source-list-syntax
-        SPEC_ALGORITHMS.some(x => x === this.algorithm) &&
+        SPEC_ALGORITHMS.includes(this.algorithm) &&
         // Usually, if someone insists on using a "different" base64, we
         // leave it as-is, since there's multiple standards, and the
         // specified is not a URL-safe variant.
@@ -224,9 +214,8 @@ class Integrity {
   }
 
   toString (opts) {
-    opts = ssriOpts(opts)
-    let sep = opts.sep || ' '
-    if (opts.strict) {
+    let sep = opts?.sep || ' '
+    if (opts?.strict) {
       // Entries must be separated by whitespace, according to spec.
       sep = sep.replace(/\S+/g, ' ')
     }
@@ -238,7 +227,6 @@ class Integrity {
   }
 
   concat (integrity, opts) {
-    opts = ssriOpts(opts)
     const other = typeof integrity === 'string'
       ? integrity
       : stringify(integrity, opts)
@@ -252,7 +240,6 @@ class Integrity {
   // add additional hashes to an integrity value, but prevent
   // *changing* an existing integrity hash.
   merge (integrity, opts) {
-    opts = ssriOpts(opts)
     const other = parse(integrity, opts)
     for (const algo in other) {
       if (this[algo]) {
@@ -268,7 +255,6 @@ class Integrity {
   }
 
   match (integrity, opts) {
-    opts = ssriOpts(opts)
     const other = parse(integrity, opts)
     if (!other) {
       return false
@@ -286,8 +272,7 @@ class Integrity {
   }
 
   pickAlgorithm (opts) {
-    opts = ssriOpts(opts)
-    const pickAlgorithm = opts.pickAlgorithm
+    const pickAlgorithm = opts?.pickAlgorithm || defaultOpts.pickAlgorithm;
     const keys = Object.keys(this)
     return keys.reduce((acc, algo) => {
       return pickAlgorithm(acc, algo) || acc
@@ -300,7 +285,6 @@ function parse (sri, opts) {
   if (!sri) {
     return null
   }
-  opts = ssriOpts(opts)
   if (typeof sri === 'string') {
     return _parse(sri, opts)
   } else if (sri.algorithm && sri.digest) {
@@ -315,7 +299,7 @@ function parse (sri, opts) {
 function _parse (integrity, opts) {
   // 3.4.3. Parse metadata
   // https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
-  if (opts.single) {
+  if (opts?.single) {
     return new Hash(integrity, opts)
   }
   const hashes = integrity.trim().split(/\s+/).reduce((acc, string) => {
@@ -334,7 +318,6 @@ function _parse (integrity, opts) {
 
 module.exports.stringify = stringify
 function stringify (obj, opts) {
-  opts = ssriOpts(opts)
   if (obj.algorithm && obj.digest) {
     return Hash.prototype.toString.call(obj, opts)
   } else if (typeof obj === 'string') {
@@ -346,8 +329,7 @@ function stringify (obj, opts) {
 
 module.exports.fromHex = fromHex
 function fromHex (hexDigest, algorithm, opts) {
-  opts = ssriOpts(opts)
-  const optString = getOptString(opts.options)
+  const optString = getOptString(opts?.options)
   return parse(
     `${algorithm}-${
       Buffer.from(hexDigest, 'hex').toString('base64')
@@ -357,9 +339,8 @@ function fromHex (hexDigest, algorithm, opts) {
 
 module.exports.fromData = fromData
 function fromData (data, opts) {
-  opts = ssriOpts(opts)
-  const algorithms = opts.algorithms
-  const optString = getOptString(opts.options)
+  const algorithms = opts?.algorithms || defaultOpts.algorithms
+  const optString = getOptString(opts?.options)
   return algorithms.reduce((acc, algo) => {
     const digest = crypto.createHash(algo).update(data).digest('base64')
     const hash = new Hash(
@@ -382,7 +363,6 @@ function fromData (data, opts) {
 
 module.exports.fromStream = fromStream
 function fromStream (stream, opts) {
-  opts = ssriOpts(opts)
   const istream = integrityStream(opts)
   return new Promise((resolve, reject) => {
     stream.pipe(istream)
@@ -399,10 +379,9 @@ function fromStream (stream, opts) {
 
 module.exports.checkData = checkData
 function checkData (data, sri, opts) {
-  opts = ssriOpts(opts)
   sri = parse(sri, opts)
   if (!sri || !Object.keys(sri).length) {
-    if (opts.error) {
+    if (opts?.error) {
       throw Object.assign(
         new Error('No valid integrity hashes to check against'), {
           code: 'EINTEGRITY',
@@ -416,7 +395,8 @@ function checkData (data, sri, opts) {
   const digest = crypto.createHash(algorithm).update(data).digest('base64')
   const newSri = parse({ algorithm, digest })
   const match = newSri.match(sri, opts)
-  if (match || !opts.error) {
+  opts = opts || Object.create(null)
+  if (match || !(opts.error)) {
     return match
   } else if (typeof opts.size === 'number' && (data.length !== opts.size)) {
     /* eslint-disable-next-line max-len */
@@ -440,7 +420,7 @@ function checkData (data, sri, opts) {
 
 module.exports.checkStream = checkStream
 function checkStream (stream, sri, opts) {
-  opts = ssriOpts(opts)
+  opts = opts || Object.create(null)
   opts.integrity = sri
   sri = parse(sri, opts)
   if (!sri || !Object.keys(sri).length) {
@@ -465,15 +445,14 @@ function checkStream (stream, sri, opts) {
 }
 
 module.exports.integrityStream = integrityStream
-function integrityStream (opts = {}) {
+function integrityStream (opts = Object.create(null)) {
   return new IntegrityStream(opts)
 }
 
 module.exports.create = createIntegrity
 function createIntegrity (opts) {
-  opts = ssriOpts(opts)
-  const algorithms = opts.algorithms
-  const optString = getOptString(opts.options)
+  const algorithms = opts?.algorithms || defaultOpts.algorithms
+  const optString = getOptString(opts?.options)
 
   const hashes = algorithms.map(crypto.createHash)