Support cc/bcc options nodemailer options

Add attachment support from the common nodemailer options: https://github.com/nodemailer/nodemailer#e-mail-message-fields

Please add support for the X-MSYS-API header documented here.

As far as I can tell, this is the only way to create a true Bcc email (with Bcc header). Using the Nodemailer bcc field does send an email to the Bcc recipients but it does not include the Bcc header (which is important for distinguishing an email as being sent as Bcc).

It doesn't make sense to me why this module would be concerning itself with a security decision such as using a .env file for environmental configuration. It should be left up to the developer to choose how they want to handle configuration for their app per environment.

Also, it seems weird to me that the module wouldn't explicitly ask for the API key, but rather assumes it should be stored in a .env file. What if the app isn't using a .env file for the app's secret configuration information? Now the developer is forced to have a .env file along with their existing environmental configuration implementations. Or, if they choose not to have a .env file, the module will complain about it in the logs. This doesn't make sense to me.

What would make sense to me is if they module just accepted and required a SparkPost API key in the options and left the configuration up to the developer. The module shouldn't have an opinion on how this information is passed to the module.

However it could be suggested by SparkPost to use dotenv module, but that should still only be a suggestion. And, the implementation of a dotenv configuration into an app should be transparent, not hidden within a module's implementation (If I search for the a configuration within my app and don't find it unless I include dependencies in that search, then that's bad for debugging or readability).

I hope I made my case. I suggest that you require the "sparkPostApiKey" option to be set when a transport is created and leave it up to the developer to choose to use dotenv or some other solution for how that key is set within their app.

Path : nodemailer-sparkpost-transport > sparkpost > lodash
Version : "nodemailer-sparkpost-transport": "^2.2.0"

NPM security warning:
Overview
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Remediation
Update to version 4.17.12 or later.

Is it possible to add substitution_data values for individual recipients as supported by the sparkpost API: https://developers.sparkpost.com/api/transmissions?

Is anyone using it in production?
I cant seem to send any emails to SparkPost. I have confirmed sending email using the example CURL command on SP's website, so account is fine.
Here is the transporter code:

function getTransporter(){
  var options = {
  "sparkPostApiKey": "....34xx3....xxxk9...xxxx..",
  "options": {
    "open_tracking": true,
    "click_tracking": true,
    "transactional": true
  } };
  return Nodemailer.createTransport(sparkPostTransport( options ))
}

And, NodeMailer's code:

      var transporter = getTransporter();   //above
      var mailOptions = {
        from:    '[email protected]', // sender address
        "recipients": [
        {
          "address": {
            "email": "[email protected]",
            "name":  "xxxx"
          }
        }],  
        subject: results.subject,               
        reply_to: 'xxxxx',
        html:    results.html
      };
      transporter.use( 'compile', HtmlToText() );
      transporter.sendMail( mailOptions
                           , function( error, info ){
        if(error){
          Logger.errorc( `${fn_pfx}Error sending mail: ${error} and info: ${JSON.stringify(info)}` );   //<-- Error is printed here in the error object
      return done( Error( error ));
        }
        Logger.infoc( `${fn_pfx}Message sent: ${info.response}` );
    return done( null, info);     
      }); 

This library's development dependencies need updating to new releases.

Does this support templates, and if so how can I pass data into the template?

I was able to send email using this fields in Node.js:

{
    to: 'xxx',
    from: 'xxx',
    subject: 'xxx',
    html: 'xxx'
}

but then i change the from field into and object:

{
    to: 'xxx',
    from: {
        name: 'xxx',
        address:'xxx'
    },
    subject: 'xxx',
    html: 'xxx'
}

i got his error:

{
    [SparkPostError: Unprocessable Entity]
    name: 'SparkPostError',
    errors:[
        {
            message: 'required field is missing',
            description: 'content.from.email is a required field',
            code: '1400' 
        } 
    ],
    statusCode: 422 
}

is from in object type not yet supported?

Update release script to use npm version and add instructions.

When I install this package, I see deprecation warnings:

npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

These are coming from the sparkpost package; I submitted a request there as well: SparkPost/node-sparkpost#257.

const nodemailer = require('nodemailer');
var sparkPostTransport = require('nodemailer-sparkpost-transport');

const transporter = nodemailer.createTransport(sparkPostTransport({
    'sparkPostApiKey': 'cfc389be072f1d7b6117fd7c9a2ccc3c........',
    'options': {
        'open_tracking': true,
        'click_tracking': true,
        'transactional': true
    },
    'campaign_id': 'viralchain.net'
}));

  let _config = {
            from: config.mail.active.send,
            to: data.mail,
            subject: config.mail.active.sub,
            text: config.mail.active.text, // plain text body
            html: htmlTemplateEmail // html body
        }

  transporter.sendMail(_config, function (err, info) {
            if (err) {
                console.log('Error: ' + err);
                cb(err, null);
            } else {
                console.log('Success: ' + info);
                cb(null, info);
            }
        });

config like :

{ from: 'Viralchain.net',
  to: '[email protected]',
  subject: 'Viralchain Send Mail active',
  text: 'active acount from link ',
  html: 'html template' }

error Error: SparkPostError: Bad Request

errors:
[ { message: 'Invalid domain',
description: 'No sending domain specified',
code: '7001' } ],
statusCode: 400 }

sorry i updated the key permissions so i got an error

The current implementation manually translates and resolves nodemailer fields to SparkPost transmission request fields. Nodemailer providers a pre-composed message object with read stream interface for accessing a fully-formed message body. Using this would simplify our implementation considerably.

I saw the comments for issue #5 where it mentions that the html, text, subject and from should be part of the "content" object rather than as top level members of the mailOptions object.

However doesn't this actually make the nodemailer-sparkpost transport incompatible with the actual nodemailer API?
This is the example mailOptions given on the nodemailer page:

var mailOptions = {
    from: '"Fred Foo 👥" <[email protected]>', // sender address
    to: '[email protected], [email protected]', // list of receivers
    subject: 'Hello ✔', // Subject line
    text: 'Hello world 🐴', // plaintext body
    html: '<b>Hello world 🐴</b>' // html body
};

From quickly browsing through the other nodemailer transports, it appears they all seem to take the parameters in that format.

Normally I wouldn't worry about this and just change my code to deal with the inconsistency, but I'm using another NPM module (seneca-mail) which internally uses nodemailer, and assumes the standard nodemailer API for all transports.

when using the API key, do we need to set which API we want to hit (eu vs us)?