Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@block65/kms-jsonwebtoken

Package Overview
Dependencies
Maintainers
2
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@block65/kms-jsonwebtoken - npm Package Compare versions

Comparing version
4.1.0
 to
5.0.0
+11
-16
dist/aws-crypto.js

@@ -1,9 +0,6 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getPublicKey = exports.asymmetricSign = void 0;
const client_kms_1 = require("@aws-sdk/client-kms");
const pMemoize = require("p-memoize");
const error_1 = require("./error");
async function asymmetricSign(client, keyId, message) {
const signatureResult = await client.send(new client_kms_1.SignCommand({
import { GetPublicKeyCommand, SignCommand, } from '@aws-sdk/client-kms';
import pMemoize from 'p-memoize';
import { KmsJsonWebTokenError } from './error.js';
export async function asymmetricSign(client, keyId, message) {
const signatureResult = await client.send(new SignCommand({
KeyId: keyId,

@@ -15,3 +12,3 @@ MessageType: 'RAW',

if (!signatureResult.Signature) {
throw new error_1.KmsJsonWebTokenError('Empty signature returned').debug({
throw new KmsJsonWebTokenError('Empty signature returned').debug({
signatureResult,

@@ -22,12 +19,10 @@ });

}
exports.asymmetricSign = asymmetricSign;
exports.getPublicKey = pMemoize(async function awsGetPublicKey(client, keyId) {
var _a;
const publicKey = await client.send(new client_kms_1.GetPublicKeyCommand({ KeyId: keyId }));
export const getPublicKey = pMemoize(async function awsGetPublicKey(client, keyId) {
const publicKey = await client.send(new GetPublicKeyCommand({ KeyId: keyId }));
if (!publicKey.PublicKey) {
throw new error_1.KmsJsonWebTokenError('Missing Public Key').debug({ publicKey });
throw new KmsJsonWebTokenError('Missing Public Key').debug({ publicKey });
}
if (publicKey.KeyUsage !== 'SIGN_VERIFY' ||
!((_a = publicKey.CustomerMasterKeySpec) === null || _a === void 0 ? void 0 : _a.startsWith('RSA'))) {
throw new error_1.KmsJsonWebTokenError('Incompatible Public Key').debug({
!publicKey.KeySpec?.startsWith('RSA')) {
throw new KmsJsonWebTokenError('Incompatible Public Key').debug({
publicKey,

@@ -34,0 +29,0 @@ });

+3
-3
dist/aws.d.ts
/// <reference types="node" />
import type { KMSClient } from '@aws-sdk/client-kms';
import * as jsonwebtoken from 'jsonwebtoken';
import jsonwebtoken from 'jsonwebtoken';
export declare function awsKmsSign(payload: string | Buffer | object, client: KMSClient, options: Omit<jsonwebtoken.SignOptions, 'algorithm'> & {
resolveKeyId?: (kid: string) => string | Promise<string>;
}): Promise<string>;
export declare function awsKmsVerify(token: string, client: KMSClient, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms'> & {
export declare function awsKmsVerify(token: string, client: KMSClient, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms' | 'complete'> & {
resolveKeyId?: (kid: string) => string | Promise<string>;
}): Promise<object>;
}): Promise<jsonwebtoken.Jwt>;
+13
-18
dist/aws.js

@@ -1,13 +0,10 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.awsKmsVerify = exports.awsKmsSign = void 0;
const sign_1 = require("./sign");
const verify_1 = require("./verify");
const aws_crypto_1 = require("./aws-crypto");
const error_1 = require("./error");
async function awsKmsSign(payload, client, options) {
import { sign } from './sign.js';
import { verify } from './verify.js';
import { asymmetricSign, getPublicKey } from './aws-crypto.js';
import { KmsJsonWebTokenError } from './error.js';
export async function awsKmsSign(payload, client, options) {
const { resolveKeyId, ...jwtOptions } = options;
return sign_1.sign(payload, async (message, { keyid }) => {
return sign(payload, async (message, { keyid }) => {
if (!keyid) {
throw new error_1.KmsJsonWebTokenError('Missing Key Id in Header').debug({
throw new KmsJsonWebTokenError('Missing Key Id in Header').debug({
message: message.toString('base64'),

@@ -18,11 +15,10 @@ keyid,

const keyId = await (resolveKeyId ? resolveKeyId(keyid) : keyid);
return aws_crypto_1.asymmetricSign(client, keyId, message);
return asymmetricSign(client, keyId, message);
}, jwtOptions);
}
exports.awsKmsSign = awsKmsSign;
async function awsKmsVerify(token, client, options = {}) {
export async function awsKmsVerify(token, client, options = {}) {
const { resolveKeyId, ...jwtOptions } = options;
return verify_1.verify(token, async (header) => {
return verify(token, async (header) => {
if (header.alg !== 'RS256') {
throw new error_1.KmsJsonWebTokenError('Header alg is not RS256').debug({
throw new KmsJsonWebTokenError('Header alg is not RS256').debug({
header,

@@ -32,3 +28,3 @@ });

if (!header.kid) {
throw new error_1.KmsJsonWebTokenError('Missing Key Id in Header').debug({
throw new KmsJsonWebTokenError('Missing Key Id in Header').debug({
header,

@@ -40,5 +36,4 @@ });

: header.kid);
return aws_crypto_1.getPublicKey(client, keyId);
return getPublicKey(client, keyId);
}, jwtOptions);
}
exports.awsKmsVerify = awsKmsVerify;
+2
-2
dist/error.d.ts

@@ -1,4 +0,4 @@

import { CustomError } from '@block65/custom-error';
import { CustomError, Status } from '@block65/custom-error';
export declare class KmsJsonWebTokenError extends CustomError {
constructor(msg: string, previous?: Error);
code: Status;
}
+5
-9
dist/error.js

@@ -1,11 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.KmsJsonWebTokenError = void 0;
const custom_error_1 = require("@block65/custom-error");
class KmsJsonWebTokenError extends custom_error_1.CustomError {
constructor(msg, previous) {
super(msg, previous);
this.setName('KmsJsonWebTokenError');
import { CustomError, Status } from '@block65/custom-error';
export class KmsJsonWebTokenError extends CustomError {
constructor() {
super(...arguments);
this.code = Status.INVALID_ARGUMENT;
}
}
exports.KmsJsonWebTokenError = KmsJsonWebTokenError;
+1
-1
dist/gcp-crypto.d.ts
/// <reference types="node" />
import { KeyManagementServiceClient } from '@google-cloud/kms';
export declare function asymmetricSign(client: KeyManagementServiceClient, keyId: string, message: Buffer): Promise<Buffer>;
export declare const getPublicKey: (client: import("@google-cloud/kms/build/src/v1").KeyManagementServiceClient, keyId: string) => Promise<string>;
export declare const getPublicKey: (client: KeyManagementServiceClient, keyId: string) => Promise<string>;
+9
-13
dist/gcp-crypto.js

@@ -1,9 +0,6 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getPublicKey = exports.asymmetricSign = void 0;
const crypto = require("crypto");
const pMemoize = require("p-memoize");
const error_1 = require("./error");
async function asymmetricSign(client, keyId, message) {
const digest = crypto.createHash('sha256');
import { createHash } from 'node:crypto';
import pMemoize from 'p-memoize';
import { KmsJsonWebTokenError } from './error.js';
export async function asymmetricSign(client, keyId, message) {
const digest = createHash('sha256');
digest.update(message);

@@ -17,3 +14,3 @@ const [signResponse] = await client.asymmetricSign({

if (!signResponse.signature) {
throw new error_1.KmsJsonWebTokenError('Empty signature from GCP').debug({
throw new KmsJsonWebTokenError('Empty signature from GCP').debug({
signResponse,

@@ -24,11 +21,10 @@ });

}
exports.asymmetricSign = asymmetricSign;
exports.getPublicKey = pMemoize(async (client, keyId) => {
export const getPublicKey = pMemoize(async (client, keyId) => {
const [publicKey] = await client.getPublicKey({ name: keyId });
if (!publicKey) {
throw new error_1.KmsJsonWebTokenError('Missing Public Key').debug({ publicKey });
throw new KmsJsonWebTokenError('Missing Public Key').debug({ publicKey });
}
if (publicKey.algorithm !== 'RSA_SIGN_PKCS1_2048_SHA256' ||
!publicKey.pem) {
throw new error_1.KmsJsonWebTokenError('Incompatible Public Key').debug({
throw new KmsJsonWebTokenError('Incompatible Public Key').debug({
publicKey,

@@ -35,0 +31,0 @@ });

+3
-3
dist/gcp.d.ts
/// <reference types="node" />
import * as jsonwebtoken from 'jsonwebtoken';
import jsonwebtoken from 'jsonwebtoken';
import { KeyManagementServiceClient } from '@google-cloud/kms';

@@ -7,4 +7,4 @@ export declare function gcpKmsSign(payload: string | Buffer | object, client: KeyManagementServiceClient, options?: Omit<jsonwebtoken.SignOptions, 'algorithm'> & {

}): Promise<string>;
export declare function gcpKmsVerify(token: string, client: KeyManagementServiceClient, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms'> & {
export declare function gcpKmsVerify(token: string, client: KeyManagementServiceClient, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms' | 'complete'> & {
resolveKeyId?: (kid: string) => string | Promise<string>;
}): Promise<object>;
}): Promise<jsonwebtoken.Jwt>;
+13
-18
dist/gcp.js

@@ -1,13 +0,10 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.gcpKmsVerify = exports.gcpKmsSign = void 0;
const sign_1 = require("./sign");
const verify_1 = require("./verify");
const gcp_crypto_1 = require("./gcp-crypto");
const error_1 = require("./error");
async function gcpKmsSign(payload, client, options = {}) {
import { sign } from './sign.js';
import { verify } from './verify.js';
import { asymmetricSign, getPublicKey } from './gcp-crypto.js';
import { KmsJsonWebTokenError } from './error.js';
export async function gcpKmsSign(payload, client, options = {}) {
const { resolveKeyId, ...jwtOptions } = options;
return sign_1.sign(payload, async (message, { keyid }) => {
return sign(payload, async (message, { keyid }) => {
if (!keyid) {
throw new error_1.KmsJsonWebTokenError('Missing Key Id in Header').debug({
throw new KmsJsonWebTokenError('Missing Key Id in Header').debug({
message: message.toString('base64'),

@@ -18,12 +15,11 @@ keyid,

const keyId = await (resolveKeyId ? resolveKeyId(keyid) : keyid);
const signature = await gcp_crypto_1.asymmetricSign(client, keyId, message);
const signature = await asymmetricSign(client, keyId, message);
return Buffer.from(signature);
}, jwtOptions);
}
exports.gcpKmsSign = gcpKmsSign;
async function gcpKmsVerify(token, client, options = {}) {
export async function gcpKmsVerify(token, client, options = {}) {
const { resolveKeyId, ...jwtOptions } = options;
return verify_1.verify(token, async (header) => {
return verify(token, async (header) => {
if (header.alg !== 'RS256') {
throw new error_1.KmsJsonWebTokenError('Header alg is not RS256').debug({
throw new KmsJsonWebTokenError('Header alg is not RS256').debug({
header,

@@ -33,3 +29,3 @@ });

if (!header.kid) {
throw new error_1.KmsJsonWebTokenError('Missing Key Id in Header').debug({
throw new KmsJsonWebTokenError('Missing Key Id in Header').debug({
header,

@@ -41,5 +37,4 @@ });

: header.kid);
return gcp_crypto_1.getPublicKey(client, keyId);
return getPublicKey(client, keyId);
}, jwtOptions);
}
exports.gcpKmsVerify = gcpKmsVerify;
+2
-2
dist/index.d.ts

@@ -1,2 +0,2 @@

export { awsKmsSign, awsKmsVerify } from './aws';
export { gcpKmsSign, gcpKmsVerify } from './gcp';
export { awsKmsSign, awsKmsVerify } from './aws.js';
export { gcpKmsSign, gcpKmsVerify } from './gcp.js';
+2
-9
dist/index.js

@@ -1,9 +0,2 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.gcpKmsVerify = exports.gcpKmsSign = exports.awsKmsVerify = exports.awsKmsSign = void 0;
var aws_1 = require("./aws");
Object.defineProperty(exports, "awsKmsSign", { enumerable: true, get: function () { return aws_1.awsKmsSign; } });
Object.defineProperty(exports, "awsKmsVerify", { enumerable: true, get: function () { return aws_1.awsKmsVerify; } });
var gcp_1 = require("./gcp");
Object.defineProperty(exports, "gcpKmsSign", { enumerable: true, get: function () { return gcp_1.gcpKmsSign; } });
Object.defineProperty(exports, "gcpKmsVerify", { enumerable: true, get: function () { return gcp_1.gcpKmsVerify; } });
export { awsKmsSign, awsKmsVerify } from './aws.js';
export { gcpKmsSign, gcpKmsVerify } from './gcp.js';
+1
-1
dist/sign.d.ts
/// <reference types="node" />
import * as jsonwebtoken from 'jsonwebtoken';
import jsonwebtoken from 'jsonwebtoken';
export declare function sign(payload: string | Buffer | object, signatureFunction: (message: Buffer, options: Omit<jsonwebtoken.SignOptions, 'algorithm'>) => Buffer | Promise<Buffer>, options: Omit<jsonwebtoken.SignOptions, 'algorithm'>): Promise<string>;
+7
-11
dist/sign.js

@@ -1,10 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.sign = void 0;
const jsonwebtoken = require("jsonwebtoken");
const crypto = require("crypto");
const error_1 = require("./error");
async function sign(payload, signatureFunction, options) {
import jsonwebtoken from 'jsonwebtoken';
import { randomBytes } from 'node:crypto';
import { KmsJsonWebTokenError } from './error.js';
export async function sign(payload, signatureFunction, options) {
if (!options.keyid) {
throw new error_1.KmsJsonWebTokenError('Must provide options.keyid').debug({
throw new KmsJsonWebTokenError('Must provide options.keyid').debug({
options,

@@ -17,3 +14,3 @@ });

algorithm: 'none',
jwtid: options.jwtid || crypto.randomBytes(12).toString('base64url'),
jwtid: options.jwtid || randomBytes(12).toString('base64url'),
}, (err, result) => {

@@ -24,3 +21,3 @@ if (err) {

if (!result) {
return reject(new error_1.KmsJsonWebTokenError('Empty token result').debug({ result }));
return reject(new KmsJsonWebTokenError('Empty token result').debug({ result }));
}

@@ -40,2 +37,1 @@ return resolve(result);

}
exports.sign = sign;
+2
-2
dist/verify.d.ts

@@ -1,2 +0,2 @@

import * as jsonwebtoken from 'jsonwebtoken';
export declare function verify(token: string, getSecret: (header: jsonwebtoken.JwtHeader) => jsonwebtoken.Secret | Promise<jsonwebtoken.Secret>, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms'>): Promise<object>;
import jsonwebtoken from 'jsonwebtoken';
export declare function verify(token: string, getSecret: (header: jsonwebtoken.JwtHeader) => jsonwebtoken.Secret | Promise<jsonwebtoken.Secret>, options?: Omit<jsonwebtoken.VerifyOptions, 'algorithms' | 'complete'>): Promise<jsonwebtoken.Jwt>;
+15
-13
dist/verify.js

@@ -1,13 +0,16 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verify = void 0;
const jsonwebtoken = require("jsonwebtoken");
const error_1 = require("./error");
async function verify(token, getSecret, options) {
import jsonwebtoken from 'jsonwebtoken';
import { KmsJsonWebTokenError } from './error.js';
export async function verify(token, getSecret, options) {
const getPublicKeyOrSecret = async (header, callback) => {
Promise.resolve(getSecret(header))
.then((secret) => callback(null, secret))
.catch(callback);
};
const resolvedOptions = {
...options,
algorithms: ['RS256'],
complete: true,
};
return new Promise((resolve, reject) => {
jsonwebtoken.verify(token, async (header, callback) => {
Promise.resolve(getSecret(header))
.then((secret) => callback(null, secret))
.catch(callback);
}, { ...options, algorithms: ['RS256'] }, (err, result) => {
jsonwebtoken.verify(token, getPublicKeyOrSecret, resolvedOptions, (err, result) => {
if (err) {

@@ -17,3 +20,3 @@ return reject(err);

if (!result) {
return reject(new error_1.KmsJsonWebTokenError('Empty token result').debug({ result }));
return reject(new KmsJsonWebTokenError('Empty token result').debug({ result }));
}

@@ -24,2 +27,1 @@ return resolve(result);

}
exports.verify = verify;
+28
-26
package.json
{
"name": "@block65/kms-jsonwebtoken",
"version": "4.1.0",
"version": "5.0.0",
"private": false,
"license": "UNLICENSED",
"type": "module",
"main": "dist/index.js",

@@ -17,38 +18,39 @@ "types": "dist/index.d.ts",

"prepare": "yarn build:clean && yarn build",
"test": "jest"
"test": "NODE_OPTIONS=--experimental-vm-modules jest",
"test:watch": "yarn test --watchAll"
},
"dependencies": {
"@block65/custom-error": "^3.0.0",
"@block65/custom-error": "^8.0.0",
"jsonwebtoken": "^8.5.1",
"p-memoize": "^4.0.1"
"p-memoize": "^6.0.1",
"@types/jsonwebtoken": "^8.5.8"
},
"devDependencies": {
"@aws-sdk/client-kms": "^3.15.0",
"@block65/eslint-config": "4.1.1",
"@google-cloud/kms": "^2.3.1",
"@types/jest": "^26.0.23",
"@types/jsonwebtoken": "^8.5.1",
"@types/node": "^15.0.2",
"@typescript-eslint/eslint-plugin": "^4.23.0",
"@typescript-eslint/parser": "^4.23.0",
"aws-sdk-client-mock": "^0.4.0",
"eslint": "^7.26.0",
"eslint-plugin-formatjs": "^2.15.0",
"eslint-plugin-import": "^2.22.1",
"eslint-plugin-prettier": "^3.4.0",
"eslint-plugin-react": "^7.23.2",
"eslint-plugin-react-hooks": "^4.2.0",
"jest": "^26.6.3",
"prettier": "^2.3.0",
"@aws-sdk/client-kms": "^3.53.0",
"@babel/preset-env": "^7.16.11",
"@babel/preset-typescript": "^7.16.7",
"@block65/eslint-config": "7.0.4",
"@google-cloud/kms": "^2.11.0",
"@jest/globals": "^27.5.1",
"@types/jest": "^27.4.1",
"@types/jsonwebtoken": "^8.5.8",
"@types/node": "^17.0.21",
"@typescript-eslint/eslint-plugin": "^5.12.1",
"@typescript-eslint/parser": "^5.12.1",
"aws-sdk-client-mock": "^0.6.0",
"eslint": "^8.10.0",
"eslint-plugin-import": "^2.25.4",
"eslint-plugin-prettier": "^4.0.0",
"jest": "^27.5.1",
"prettier": "^2.5.1",
"rimraf": "^3.0.2",
"ts-jest": "^26.5.6",
"typescript": "^4.2.4"
"typescript": "^4.5.5"
},
"peerDependencies": {
"@aws-sdk/client-kms": "^3.15.0",
"@google-cloud/kms": "^2.3.1"
"@aws-sdk/client-kms": "^3.53.0",
"@google-cloud/kms": "^2.11.0"
},
"engines": {
"node": ">=15.7.0"
"node": ">=16"
}
}