Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
By Sarah Gooding - Sep 30, 2024
@digitalbazaar/security-document-loader
Advanced tools
@digitalbazaar/security-document-loader
A JSON-LD documentLoader library pre-loaded with core commonly used contexts (suites, VC, DIDs).
Core JSON-LD securityLoader (@digitalbazaar/security-document-loader)
A JSON-LD documentLoader library pre-loaded with commonly used security contexts (suites, VC, DIDs).
Table of Contents
Background
This is useful for unit tests, in Node.js and the browser.
It includes several core contexts and DID resolvers that you might want when
testing applications involving Verifiable Credentials, did:key or Veres One
DIDs, as well as Ed25519 signing and verifying.
Note: This library plays a similar role to bedrock-security-context, but is
intended for not just Bedrock style applications, but also for isomorphic libs,
etc.
Included contexts:
https://www.w3.org/ns/did/v1DID Core Context v1https://w3id.org/veres-one/v1Veres One DID Method Context v1https://www.w3.org/2018/credentials/v1Verifiable Credentials v1https://w3id.org/security/suites/ed25519-2020/v1Ed25519Signature2020 Crypto Suitehttps://w3id.org/security/suites/x25519-2020/v1X25519VerificationKey2020 Crypto Suite
Included DID Method drivers:
did:key(via@digitalbazaar/did-method-key)
Other required contexts and did drivers can easily be added (see Usage section below).
Security
TBD
Install
- Node.js 14+ is required.
NPM
To install via NPM:
npm install --save @digitalbazaar/security-document-loader
Development
To install locally (for development):
git clone https://github.com/digitalbazaar/security-document-loader.git
cd security-document-loader
npm install
Usage
The core document loader is easily extensible. For example, to add more contexts:
import {securityLoader} from '@digitalbazaar/security-document-loader';
import secCtx from '@digitalbazaar/security-context';
import webkmsCtx from 'webkms-context';
import zcapCtx from 'zcap-context';
const loader = securityLoader()
loader.addStatic(
secCtx.SECURITY_CONTEXT_V2_URL,
secCtx.contexts.get(secCtx.SECURITY_CONTEXT_V2_URL)
);
loader.addStatic(webkmsCtx.CONTEXT_URL, webkmsCtx.CONTEXT);
loader.addStatic(zcapCtx.CONTEXT_URL, zcapCtx.CONTEXT);
const documentLoader = loader.build();
Adding did resolvers
By default, securityLoader uses did-io's CachedResolver as a harness for
multiple DID method drivers, and supports the did-method-key driver.
To add another did method driver to it:
import {securityLoader} from '@digitalbazaar/security-document-loader';
const loader = securityLoader()
loader.protocolHandlers.get('did').use(didMethodDriver);
Contribute
See the contribute file!
PRs accepted.
If editing the Readme, please conform to the standard-readme specification.
Commercial Support
Commercial support for this library is available upon request from Digital Bazaar: support@digitalbazaar.com
License
New BSD License (3-clause) © Digital Bazaar
3.0.0 - 2024-08-05
Changed
- BREAKING: Require Node.js >=18.
- Update dependencies.
- Switch from
credentials-contextto@digitalbazaar/credentials-contextfor VC 2.0 support. jsonld-document-loader@2.2.0.- Update minor, test, and dev dependencies.
- Switch from
- Use newer testing style to ensure all context packages are checked.
- Use
addDocumentsto simplify context loading.
Keywords
FAQs
A JSON-LD documentLoader library pre-loaded with core commonly used contexts (suites, VC, DIDs).
The npm package @digitalbazaar/security-document-loader receives a total of 254 weekly downloads. As such, @digitalbazaar/security-document-loader popularity was classified as not popular.
We found that @digitalbazaar/security-document-loader demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 06 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Malicious “express-dompurify” npm Package Steals Browser and Cryptocurrency Wallet Data
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
By Socket Research Team - Sep 27, 2024
Security News
ENISA 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply Chain Attacks on Open Source Software
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
By Sarah Gooding - Sep 27, 2024