@depup/nodemailer 8.0.1-depup.0 → 8.0.3-depup.0

package/CHANGELOG.md

@@ -1,5 +1,22 @@
 # CHANGELOG
 
+## [8.0.3](https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3) (2026-03-18)
+
+
+### Bug Fixes
+
+* clean up addressparser and fix group name fallback producing undefined ([9d55877](https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd))
+* fix cookie bugs, remove dead code, and improve hot-path efficiency ([e8c8b92](https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524))
+* refactor smtp-connection for clarity and add Node.js 6 syntax compat test ([c5b48ea](https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7))
+* remove familySupportCache that broke DNS resolution tests ([c803d90](https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa))
+
+## [8.0.2](https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2) (2026-03-09)
+
+
+### Bug Fixes
+
+* merge fragmented display names with unquoted commas in addressparser ([fe27f7f](https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9))
+
 ## [8.0.1](https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1) (2026-02-07)
 
 

package/README.md

@@ -1,86 +1,25 @@
-# Nodemailer
+# @depup/nodemailer
 
-[![Nodemailer](https://raw.githubusercontent.com/nodemailer/nodemailer/master/assets/nm_logo_200x136.png)](https://nodemailer.com/about/)
+> Dependency-bumped version of [nodemailer](https://www.npmjs.com/package/nodemailer)
 
-Send emails from Node.js – easy as cake! 🍰✉️
+Generated by [DepUp](https://github.com/depup/npm) -- all production
+dependencies bumped to latest versions.
 
-[![NPM](https://nodei.co/npm/nodemailer.png?downloads=true&downloadRank=true&stars=true)](https://nodemailer.com/about/)
+## Installation
 
-See [nodemailer.com](https://nodemailer.com/) for documentation and terms.
-
-> [!TIP]
-> Check out **[EmailEngine](https://emailengine.app/?utm_source=github-nodemailer&utm_campaign=nodemailer&utm_medium=readme-link)** – a self-hosted email gateway that allows making **REST requests against IMAP and SMTP servers**. EmailEngine also sends webhooks whenever something changes on the registered accounts.\
-> \
-> Using the email accounts registered with EmailEngine, you can receive and [send emails](https://emailengine.app/sending-emails?utm_source=github-nodemailer&utm_campaign=nodemailer&utm_medium=readme-link). EmailEngine supports OAuth2, delayed sends, opens and clicks tracking, bounce detection, etc. All on top of regular email accounts without an external MTA service.
-
-## Having an issue?
-
-#### First review the docs
-
-Documentation for Nodemailer can be found at [nodemailer.com](https://nodemailer.com/about/).
-
-#### Nodemailer throws a SyntaxError for "..."
-
-You are using an older Node.js version than v6.0. Upgrade Node.js to get support for the spread operator. Nodemailer supports all Node.js versions starting from Node.js@v6.0.0.
-
-#### I'm having issues with Gmail
-
-Gmail either works well, or it does not work at all. It is probably easier to switch to an alternative service instead of fixing issues with Gmail. If Gmail does not work for you, then don't use it. Read more about it [here](https://nodemailer.com/usage/using-gmail/).
-
-#### I get ETIMEDOUT errors
-
-Check your firewall settings. Timeout usually occurs when you try to open a connection to a firewalled port either on the server or on your machine. Some ISPs also block email ports to prevent spamming.
-
-#### Nodemailer works on one machine but not in another
-
-It's either a firewall issue, or your SMTP server blocks authentication attempts from some servers.
-
-#### I get TLS errors
-
-- If you are running the code on your machine, check your antivirus settings. Antiviruses often mess around with email ports usage. Node.js might not recognize the MITM cert your antivirus is using.
-- Latest Node versions allow only TLS versions 1.2 and higher. Some servers might still use TLS 1.1 or lower. Check Node.js docs on how to get correct TLS support for your app. You can change this with [tls.minVersion](https://nodejs.org/dist/latest-v16.x/docs/api/tls.html#tls_tls_createsecurecontext_options) option
-- You might have the wrong value for the `secure` option. This should be set to `true` only for port 465. For every other port, it should be `false`. Setting it to `false` does not mean that Nodemailer would not use TLS. Nodemailer would still try to upgrade the connection to use TLS if the server supports it.
-- Older Node versions do not fully support the certificate chain of the newest Let's Encrypt certificates. Either set [tls.rejectUnauthorized](https://nodejs.org/dist/latest-v16.x/docs/api/tls.html#tlsconnectoptions-callback) to `false` to skip chain verification or upgrade your Node version
-
-```js
-let configOptions = {
-    host: 'smtp.example.com',
-    port: 587,
-    tls: {
-        rejectUnauthorized: true,
-        minVersion: 'TLSv1.2'
-    }
-};
-```
-
-#### I have issues with DNS / hosts file
-
-Node.js uses [c-ares](https://nodejs.org/en/docs/meta/topics/dependencies/#c-ares) to resolve domain names, not the DNS library provided by the system, so if you have some custom DNS routing set up, it might be ignored. Nodemailer runs [dns.resolve4()](https://nodejs.org/dist/latest-v16.x/docs/api/dns.html#dnsresolve4hostname-options-callback) and [dns.resolve6()](https://nodejs.org/dist/latest-v16.x/docs/api/dns.html#dnsresolve6hostname-options-callback) to resolve hostname into an IP address. If both calls fail, then Nodemailer will fall back to [dns.lookup()](https://nodejs.org/dist/latest-v16.x/docs/api/dns.html#dnslookuphostname-options-callback). If this does not work for you, you can hard code the IP address into the configuration like shown below. In that case, Nodemailer would not perform any DNS lookups.
-
-```js
-let configOptions = {
-    host: '1.2.3.4',
-    port: 465,
-    secure: true,
-    tls: {
-        // must provide server name, otherwise TLS certificate check will fail
-        servername: 'example.com'
-    }
-};
+```bash
+npm install @depup/nodemailer
 ```
 
-#### I have an issue with TypeScript types
-
-Nodemailer has official support for Node.js only. For anything related to TypeScript, you need to directly contact the authors of the [type definitions](https://www.npmjs.com/package/@types/nodemailer).
-
-#### I have a different problem
-
-If you are having issues with Nodemailer, then the best way to find help would be [Stack Overflow](https://stackoverflow.com/search?q=nodemailer) or revisit the [docs](https://nodemailer.com/about/).
-
-### License
-
-Nodemailer is licensed under the **MIT No Attribution license**
+| Field | Value |
+|-------|-------|
+| Original | [nodemailer](https://www.npmjs.com/package/nodemailer) @ 8.0.3 |
+| Processed | 2026-03-18 |
+| Smoke test | passed |
+| Deps updated | 0 |
 
 ---
 
-The Nodemailer logo was designed by [Sven Kristjansen](https://www.behance.net/kristjansen).
+Source: https://github.com/depup/npm | Original: https://www.npmjs.com/package/nodemailer
+
+License inherited from the original package.

package/changes.json

@@ -0,0 +1,5 @@
+{
+  "bumped": {},
+  "timestamp": "2026-03-18T16:34:35.570Z",
+  "totalUpdated": 0
+}

package/lib/addressparser/index.js

@@ -10,23 +10,20 @@
 function _handleAddress(tokens, depth) {
     let isGroup = false;
     let state = 'text';
-    let address;
-    let addresses = [];
-    let data = {
+    const addresses = [];
+    const data = {
         address: [],
         comment: [],
         group: [],
         text: [],
-        textWasQuoted: [] // Track which text tokens came from inside quotes
+        textWasQuoted: []
     };
-    let i;
-    let len;
-    let insideQuotes = false; // Track if we're currently inside a quoted string
+    let insideQuotes = false;
 
     // Filter out <addresses>, (comments) and regular text
-    for (i = 0, len = tokens.length; i < len; i++) {
-        let token = tokens[i];
-        let prevToken = i ? tokens[i - 1] : null;
+    for (let i = 0, len = tokens.length; i < len; i++) {
+        const token = tokens[i];
+        const prevToken = i ? tokens[i - 1] : null;
         if (token.type === 'operator') {
             switch (token.value) {
                 case '<':
@@ -43,7 +40,6 @@ function _handleAddress(tokens, depth) {
                     insideQuotes = false;
                     break;
                 case '"':
-                    // Track quote state for text tokens
                     insideQuotes = !insideQuotes;
                     state = 'text';
                     break;
@@ -54,14 +50,12 @@ function _handleAddress(tokens, depth) {
             }
         } else if (token.value) {
             if (state === 'address') {
-                // handle use case where unquoted name includes a "<"
-                // Apple Mail truncates everything between an unexpected < and an address
-                // and so will we
+                // Handle unquoted name that includes a "<".
+                // Apple Mail truncates everything between an unexpected < and an address.
                 token.value = token.value.replace(/^[^<]*<\s*/, '');
             }
 
             if (prevToken && prevToken.noBreak && data[state].length) {
-                // join values
                 data[state][data[state].length - 1] += token.value;
                 if (state === 'text' && insideQuotes) {
                     data.textWasQuoted[data.textWasQuoted.length - 1] = true;
@@ -88,11 +82,9 @@ function _handleAddress(tokens, depth) {
         // Parse group members, but flatten any nested groups (RFC 5322 doesn't allow nesting)
         let groupMembers = [];
         if (data.group.length) {
-            let parsedGroup = addressparser(data.group.join(','), { _depth: depth + 1 });
-            // Flatten: if any member is itself a group, extract its members into the sequence
+            const parsedGroup = addressparser(data.group.join(','), { _depth: depth + 1 });
             parsedGroup.forEach(member => {
                 if (member.group) {
-                    // Nested group detected - flatten it by adding its members directly
                     groupMembers = groupMembers.concat(member.group);
                 } else {
                     groupMembers.push(member);
@@ -101,40 +93,40 @@ function _handleAddress(tokens, depth) {
         }
 
         addresses.push({
-            name: data.text || (address && address.name),
+            name: data.text || '',
             group: groupMembers
         });
     } else {
         // If no address was found, try to detect one from regular text
         if (!data.address.length && data.text.length) {
-            for (i = data.text.length - 1; i >= 0; i--) {
-                // Security fix: Do not extract email addresses from quoted strings
-                // RFC 5321 allows @ inside quoted local-parts like "user@domain"@example.com
-                // Extracting emails from quoted text leads to misrouting vulnerabilities
-                if (!data.textWasQuoted[i] && data.text[i].match(/^[^@\s]+@[^@\s]+$/)) {
+            for (let i = data.text.length - 1; i >= 0; i--) {
+                // Security: Do not extract email addresses from quoted strings.
+                // RFC 5321 allows @ inside quoted local-parts like "user@domain"@example.com.
+                // Extracting emails from quoted text leads to misrouting vulnerabilities.
+                if (!data.textWasQuoted[i] && /^[^@\s]+@[^@\s]+$/.test(data.text[i])) {
                     data.address = data.text.splice(i, 1);
                     data.textWasQuoted.splice(i, 1);
                     break;
                 }
             }
 
-            let _regexHandler = function (address) {
-                if (!data.address.length) {
-                    data.address = [address.trim()];
-                    return ' ';
-                } else {
-                    return address;
-                }
-            };
-
-            // still no address
+            // Try a looser regex match if strict match found nothing
             if (!data.address.length) {
-                for (i = data.text.length - 1; i >= 0; i--) {
-                    // Security fix: Do not extract email addresses from quoted strings
+                let extracted = false;
+                for (let i = data.text.length - 1; i >= 0; i--) {
+                    // Security: Do not extract email addresses from quoted strings
                     if (!data.textWasQuoted[i]) {
-                        // fixed the regex to parse email address correctly when email address has more than one @
-                        data.text[i] = data.text[i].replace(/\s*\b[^@\s]+@[^\s]+\b\s*/, _regexHandler).trim();
-                        if (data.address.length) {
+                        data.text[i] = data.text[i]
+                            .replace(/\s*\b[^@\s]+@[^\s]+\b\s*/, match => {
+                                if (!extracted) {
+                                    data.address = [match.trim()];
+                                    extracted = true;
+                                    return ' ';
+                                }
+                                return match;
+                            })
+                            .trim();
+                        if (extracted) {
                             break;
                         }
                     }
@@ -142,13 +134,13 @@ function _handleAddress(tokens, depth) {
             }
         }
 
-        // If there's still is no text but a comment exixts, replace the two
+        // If there's still no text but a comment exists, replace the two
         if (!data.text.length && data.comment.length) {
             data.text = data.comment;
             data.comment = [];
         }
 
-        // Keep only the first address occurence, push others to regular text
+        // Keep only the first address occurrence, push others to regular text
         if (data.address.length > 1) {
             data.text = data.text.concat(data.address.splice(1));
         }
@@ -157,24 +149,20 @@ function _handleAddress(tokens, depth) {
         data.text = data.text.join(' ');
         data.address = data.address.join(' ');
 
-        if (!data.address && isGroup) {
-            return [];
-        } else {
-            address = {
-                address: data.address || data.text || '',
-                name: data.text || data.address || ''
-            };
+        const address = {
+            address: data.address || data.text || '',
+            name: data.text || data.address || ''
+        };
 
-            if (address.address === address.name) {
-                if ((address.address || '').match(/@/)) {
-                    address.name = '';
-                } else {
-                    address.address = '';
-                }
+        if (address.address === address.name) {
+            if (/@/.test(address.address || '')) {
+                address.name = '';
+            } else {
+                address.address = '';
             }
-
-            addresses.push(address);
         }
+
+        addresses.push(address);
     }
 
     return addresses;
@@ -220,11 +208,11 @@ class Tokenizer {
      * @return {Array} An array of operator|text tokens
      */
     tokenize() {
-        let list = [];
+        const list = [];
 
         for (let i = 0, len = this.str.length; i < len; i++) {
-            let chr = this.str.charAt(i);
-            let nextChr = i < len - 1 ? this.str.charAt(i + 1) : null;
+            const chr = this.str.charAt(i);
+            const nextChr = i < len - 1 ? this.str.charAt(i + 1) : null;
             this.checkChar(chr, nextChr);
         }
 
@@ -325,17 +313,17 @@ const MAX_NESTED_GROUP_DEPTH = 50;
  */
 function addressparser(str, options) {
     options = options || {};
-    let depth = options._depth || 0;
+    const depth = options._depth || 0;
 
     // Prevent stack overflow from deeply nested groups (DoS protection)
     if (depth > MAX_NESTED_GROUP_DEPTH) {
         return [];
     }
 
-    let tokenizer = new Tokenizer(str);
-    let tokens = tokenizer.tokenize();
+    const tokenizer = new Tokenizer(str);
+    const tokens = tokenizer.tokenize();
 
-    let addresses = [];
+    const addresses = [];
     let address = [];
     let parsedAddresses = [];
 
@@ -354,30 +342,41 @@ function addressparser(str, options) {
         addresses.push(address);
     }
 
-    addresses.forEach(address => {
-        address = _handleAddress(address, depth);
-        if (address.length) {
-            parsedAddresses = parsedAddresses.concat(address);
+    addresses.forEach(addr => {
+        const handled = _handleAddress(addr, depth);
+        if (handled.length) {
+            parsedAddresses = parsedAddresses.concat(handled);
         }
     });
 
+    // Merge fragments produced when unquoted display names contain commas.
+    // "Joe Foo, PhD <joe@example.com>" is split on the comma into
+    // [{name:"Joe Foo", address:""}, {name:"PhD", address:"joe@example.com"}].
+    // Recombine: a name-only entry followed by an entry with both name and address.
+    for (let i = parsedAddresses.length - 2; i >= 0; i--) {
+        const current = parsedAddresses[i];
+        const next = parsedAddresses[i + 1];
+        if (current.address === '' && current.name && !current.group && next.address && next.name) {
+            next.name = current.name + ', ' + next.name;
+            parsedAddresses.splice(i, 1);
+        }
+    }
+
     if (options.flatten) {
-        let addresses = [];
-        let walkAddressList = list => {
-            list.forEach(address => {
-                if (address.group) {
-                    return walkAddressList(address.group);
-                } else {
-                    addresses.push(address);
+        const flatAddresses = [];
+        const walkAddressList = list => {
+            list.forEach(entry => {
+                if (entry.group) {
+                    return walkAddressList(entry.group);
                 }
+                flatAddresses.push(entry);
             });
         };
         walkAddressList(parsedAddresses);
-        return addresses;
+        return flatAddresses;
     }
 
     return parsedAddresses;
 }
 
-// expose to the world
 module.exports = addressparser;

package/lib/base64/index.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const Transform = require('stream').Transform;
+const { Transform } = require('stream');
 
 /**
  * Encodes a Buffer into a base64 encoded string
@@ -31,11 +31,12 @@ function wrap(str, lineLength) {
         return str;
     }
 
-    let result = [];
+    const result = [];
     let pos = 0;
-    let chunkLength = lineLength * 1024;
+    const chunkLength = lineLength * 1024;
+    const wrapRegex = new RegExp('.{' + lineLength + '}', 'g');
     while (pos < str.length) {
-        let wrappedLines = str.substr(pos, chunkLength).replace(new RegExp('.{' + lineLength + '}', 'g'), '$&\r\n');
+        const wrappedLines = str.substr(pos, chunkLength).replace(wrapRegex, '$&\r\n');
         result.push(wrappedLines);
         pos += chunkLength;
     }
@@ -94,7 +95,7 @@ class Encoder extends Transform {
         if (this.options.lineLength) {
             b64 = wrap(b64, this.options.lineLength);
 
-            let lastLF = b64.lastIndexOf('\n');
+            const lastLF = b64.lastIndexOf('\n');
             if (lastLF < 0) {
                 this._curLine = b64;
                 b64 = '';

package/lib/dkim/index.js

@@ -6,7 +6,7 @@
 const MessageParser = require('./message-parser');
 const RelaxedBody = require('./relaxed-body');
 const sign = require('./sign');
-const PassThrough = require('stream').PassThrough;
+const { PassThrough } = require('stream');
 const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
@@ -96,7 +96,7 @@ class DKIMSigner {
             }
             return this.createReadCache();
         }
-        let chunk = this.chunks[this.readPos++];
+        const chunk = this.chunks[this.readPos++];
         if (this.output.write(chunk) === false) {
             return this.output.once('drain', () => {
                 this.sendNextChunk();
@@ -107,13 +107,13 @@ class DKIMSigner {
 
     sendSignedOutput() {
         let keyPos = 0;
-        let signNextKey = () => {
+        const signNextKey = () => {
             if (keyPos >= this.keys.length) {
                 this.output.write(this.parser.rawHeaders);
                 return setImmediate(() => this.sendNextChunk());
             }
-            let key = this.keys[keyPos++];
-            let dkimField = sign(this.headers, this.hashAlgo, this.bodyHash, {
+            const key = this.keys[keyPos++];
+            const dkimField = sign(this.headers, this.hashAlgo, this.bodyHash, {
                 domainName: key.domainName,
                 keySelector: key.keySelector,
                 privateKey: key.privateKey,
@@ -211,7 +211,7 @@ class DKIM {
     }
 
     sign(input, extraOptions) {
-        let output = new PassThrough();
+        const output = new PassThrough();
         let inputStream = input;
         let writeValue = false;
 
@@ -225,18 +225,10 @@ class DKIM {
 
         let options = this.options;
         if (extraOptions && Object.keys(extraOptions).length) {
-            options = {};
-            Object.keys(this.options || {}).forEach(key => {
-                options[key] = this.options[key];
-            });
-            Object.keys(extraOptions || {}).forEach(key => {
-                if (!(key in options)) {
-                    options[key] = extraOptions[key];
-                }
-            });
+            options = Object.assign({}, extraOptions, this.options);
         }
 
-        let signer = new DKIMSigner(options, this.keys, inputStream, output);
+        const signer = new DKIMSigner(options, this.keys, inputStream, output);
         setImmediate(() => {
             signer.signStream();
             if (writeValue) {

package/lib/dkim/message-parser.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const Transform = require('stream').Transform;
+const { Transform } = require('stream');
 
 /**
  * MessageParser instance is a transform stream that separates message headers
@@ -24,8 +24,8 @@ class MessageParser extends Transform {
      * @param {Buffer} data Next data chunk from the stream
      */
     updateLastBytes(data) {
-        let lblen = this.lastBytes.length;
-        let nblen = Math.min(data.length, lblen);
+        const lblen = this.lastBytes.length;
+        const nblen = Math.min(data.length, lblen);
 
         // shift existing bytes
         for (let i = 0, len = lblen - nblen; i < len; i++) {
@@ -50,9 +50,8 @@ class MessageParser extends Transform {
             return true;
         }
 
-        let lblen = this.lastBytes.length;
+        const lblen = this.lastBytes.length;
         let headerPos = 0;
-        this.curLinePos = 0;
         for (let i = 0, len = this.lastBytes.length + data.length; i < len; i++) {
             let chr;
             if (i < lblen) {
@@ -61,8 +60,8 @@ class MessageParser extends Transform {
                 chr = data[i - lblen];
             }
             if (chr === 0x0a && i) {
-                let pr1 = i - 1 < lblen ? this.lastBytes[i - 1] : data[i - 1 - lblen];
-                let pr2 = i > 1 ? (i - 2 < lblen ? this.lastBytes[i - 2] : data[i - 2 - lblen]) : false;
+                const pr1 = i - 1 < lblen ? this.lastBytes[i - 1] : data[i - 1 - lblen];
+                const pr2 = i > 1 ? (i - 2 < lblen ? this.lastBytes[i - 2] : data[i - 2 - lblen]) : false;
                 if (pr1 === 0x0a) {
                     this.headersParsed = true;
                     headerPos = i - lblen + 1;
@@ -83,17 +82,17 @@ class MessageParser extends Transform {
             this.headerChunks = null;
             this.emit('headers', this.parseHeaders());
             if (data.length - 1 > headerPos) {
-                let chunk = data.slice(headerPos);
+                const chunk = data.slice(headerPos);
                 this.bodySize += chunk.length;
                 // this would be the first chunk of data sent downstream
                 setImmediate(() => this.push(chunk));
             }
             return false;
-        } else {
-            this.headerBytes += data.length;
-            this.headerChunks.push(data);
         }
 
+        this.headerBytes += data.length;
+        this.headerChunks.push(data);
+
         // store last 4 bytes to catch header break
         this.updateLastBytes(data);
 
@@ -127,7 +126,7 @@ class MessageParser extends Transform {
 
     _flush(callback) {
         if (this.headerChunks) {
-            let chunk = Buffer.concat(this.headerChunks, this.headerBytes);
+            const chunk = Buffer.concat(this.headerChunks, this.headerBytes);
             this.bodySize += chunk.length;
             this.push(chunk);
             this.headerChunks = null;
@@ -136,7 +135,7 @@ class MessageParser extends Transform {
     }
 
     parseHeaders() {
-        let lines = (this.rawHeaders || '').toString().split(/\r?\n/);
+        const lines = (this.rawHeaders || '').toString().split(/\r?\n/);
         for (let i = lines.length - 1; i > 0; i--) {
             if (/^\s/.test(lines[i])) {
                 lines[i - 1] += '\n' + lines[i];

package/lib/dkim/relaxed-body.js

@@ -2,7 +2,7 @@
 
 // streams through a message body and calculates relaxed body hash
 
-const Transform = require('stream').Transform;
+const { Transform } = require('stream');
 const crypto = require('crypto');
 
 class RelaxedBody extends Transform {
@@ -29,7 +29,7 @@ class RelaxedBody extends Transform {
         // If we get another chunk that does not match this description then we can restore the previously processed data
         let state = 'file';
         for (let i = chunk.length - 1; i >= 0; i--) {
-            let c = chunk[i];
+            const c = chunk[i];
 
             if (state === 'file' && (c === 0x0a || c === 0x0d)) {
                 // do nothing, found \n or \r at the end of chunk, stil end of file