@digitalbazaar/zcap - npm Package Compare versions

Comparing version 7.2.2 to 8.0.0

lib/CapabilityDelegation.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
+import {CapabilityProofPurpose} from './CapabilityProofPurpose.js';
+import * as utils from './utils.js';
 
-const CapabilityProofPurpose = require('./CapabilityProofPurpose');
-const utils = require('./utils');
+/**
+ * @typedef InspectCapabilityChain
+ */
 
-module.exports = class CapabilityDelegation extends CapabilityProofPurpose {
+export class CapabilityDelegation extends CapabilityProofPurpose {
   /**
-   * @param {object} [parentCapability] - An alternative to passing
+   * @param {object} options - The options.
+   * @param {object} [options.parentCapability] - An alternative to passing
    *   `capabilityChain` when creating a proof; passing `parentCapability` will
    *   enable the capability chain to be auto-computed.
-   * @param {boolean} [allowTargetAttenuation=false] - Allow the
+   * @param {boolean} [options.allowTargetAttenuation=false] - Allow the
    *   invocationTarget of a delegation chain to be increasingly restrictive
    *   based on a hierarchical RESTful URL structure.
-   * @param {string|Date|number} [date] - Used during proof verification as the
-   *   expected date for the creation of the proof (within a maximum timestamp
-   *   delta) and for checking to see if a capability has expired; if not
-   *   passed the current date will be used.
-   * @param {string|array} [expectedRootCapability] - The expected root
+   * @param {string|Date|number} [options.date] - Used during proof
+   *   verification as the expected date for the creation of the proof
+   *   (within a maximum timestamp delta) and for checking to see if a
+   *   capability has expired; if not passed the current date will be used.
+   * @param {string|Array} [options.expectedRootCapability] - The expected root
    *   capability for the delegation chain (this can be a single root
    *   capability ID expressed as a string or, if there is more than one
    *   acceptable root capability, several root capability IDs in an array.
-   * @param {object} [controller] - The description of the controller, if it
-   *   is not to be dereferenced via a `documentLoader`.
-   * @param {InspectCapabilityChain} [inspectCapabilityChain] - An async
-   *   function that can be used to check for revocations related to any of
-   *   verified capabilities.
-   * @param {number} [maxChainLength=10] - The maximum length of the capability
-   *   delegation chain.
-   * @param {number} [maxClockSkew=300] - A maximum number of seconds that
-   *   clocks may be skewed when checking capability expiration date-times
+   * @param {object} [options.controller] - The description of the controller,
+   *   if it is not to be dereferenced via a `documentLoader`.
+   * @param {InspectCapabilityChain} [options.inspectCapabilityChain] - An
+   *   async function that can be used to check for revocations related to any
+   *   of verified capabilities.
+   * @param {number} [options.maxChainLength=10] - The maximum length of the
+   *   capability delegation chain.
+   * @param {number} [options.maxClockSkew=300] - A maximum number of seconds
+   *   that clocks may be skewed when checking capability expiration date-times
    *   against `date`.
-   * @param {number} [maxDelegationTtl=Infinity] - The maximum milliseconds to
-   *   live for a delegated zcap as measured by the time difference between
-   *   `expires` and `created` on the delegation proof.
-   * @param {object|array} suite - The jsonld-signature suite(s) to use to
-   *   verify the capability chain.
+   * @param {number} [options.maxDelegationTtl=Infinity] - The maximum
+   *   milliseconds to live for a delegated zcap as measured by the time
+   *   difference between *   `expires` and `created` on the delegation proof.
+   * @param {object|Array} options.suite - The jsonld-signature suite(s) to
+   *   use to verify the capability chain.
+   * @param {object} options._verifiedParentCapability - Private.
+   * @param {object} options._capabilityChain - Private.
+   * @param {boolean} options._skipLocalValidationForTesting - Private.
    */
@@ -46,5 +52,9 @@ constructor({
     allowTargetAttenuation,
-    controller, date,
-    expectedRootCapability, inspectCapabilityChain,
-    maxChainLength, maxClockSkew, maxDelegationTtl,
+    controller,
+    date,
+    expectedRootCapability,
+    inspectCapabilityChain,
+    maxChainLength,
+    maxClockSkew,
+    maxDelegationTtl,
     suite,
@@ -300,2 +310,2 @@ _verifiedParentCapability,
   }
-};
+}

lib/CapabilityInvocation.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
+import {CapabilityDelegation} from './CapabilityDelegation.js';
+import {CapabilityProofPurpose} from './CapabilityProofPurpose.js';
+import * as utils from './utils.js';
 
-const CapabilityDelegation = require('./CapabilityDelegation');
-const CapabilityProofPurpose = require('./CapabilityProofPurpose');
-const utils = require('./utils');
+/**
+ * @typedef InspectCapabilityChain
+ */
 
-module.exports = class CapabilityInvocation extends CapabilityProofPurpose {
+export class CapabilityInvocation extends CapabilityProofPurpose {
   /**
-   * @param {string|object} [capability] - The capability that is to be
+   * @param {object} options - The options.
+   * @param {string|object} [options.capability] - The capability that is to be
    *   added/referenced in a created proof (a root zcap MUST be passed as
    *   a string and a delegated zcap as an object).
-   * @param {string} [capabilityAction] - The capability action that is
+   * @param {string} [options.capabilityAction] - The capability action that is
    *   to be added to a proof.
-   * @param {string} [invocationTarget] - The invocation target to use; this
-   *   is required and can be used to attenuate the capability's invocation
-   *   target if the verifier supports target attentuation.
-   * @param {boolean} [allowTargetAttenuation=false] - Allow the
+   * @param {string} [options.invocationTarget] - The invocation target to
+   *   use; this is required and can be used to attenuate the capability's
+   *   invocation target if the verifier supports target attentuation.
+   * @param {boolean} [options.allowTargetAttenuation=false] - Allow the
    *   invocationTarget of a delegation chain to be increasingly restrictive
    *   based on a hierarchical RESTful URL structure.
-   * @param {object} [controller] - The description of the controller, if it
-   *   is not to be dereferenced via a `documentLoader`.
-   * @param {string|Date|number} [date] - Used during proof verification as the
-   *   expected date for the creation of the proof (within a maximum timestamp
-   *   delta) and for checking to see if a capability has expired; if not
-   *   passed the current date will be used.
-   * @param {string} [expectedAction] - the capability action that is expected
-   *   when validating a proof.
-   * @param {string|array} [expectedRootCapability] - The expected root
+   * @param {object} [options.controller] - The description of the controller,
+   *   if it is not to be dereferenced via a `documentLoader`.
+   * @param {string|Date|number} [options.date] - Used during proof
+   *   verification as the expected date for the creation of the proof
+   *   (within a maximum timestamp delta) and for checking to see if a
+   *   capability has expired; if not passed the current date will be used.
+   * @param {string} [options.expectedAction] - The capability action that is
+   *   expected when validating a proof.
+   * @param {string|Array} [options.expectedRootCapability] - The expected root
    *   capability for the delegation chain (this can be a single root
    *   capability ID expressed as a string or, if there is more than one
    *   acceptable root capability, several root capability IDs in an array.
-   * @param {string} [expectedTarget] - The target we expect a capability to
-   *   apply to (URI).
-   * @param {InspectCapabilityChain} [inspectCapabilityChain] - An async
+   * @param {string} [options.expectedTarget] - The target we expect a
+   *   capability to apply to (URI).
+   * @param {InspectCapabilityChain} [options.inspectCapabilityChain] - An async
    *   function that can be used to check for revocations related to any of
    *   verified capabilities.
-   * @param {number} [maxChainLength=10] - The maximum length of the capability
-   *   delegation chain.
-   * @param {number} [maxClockSkew=300] - A maximum number of seconds that
-   *   clocks may be skewed when checking capability expiration date-times
+   * @param {number} [options.maxChainLength=10] - The maximum length of the
+   *   capability delegation chain.
+   * @param {number} [options.maxClockSkew=300] - A maximum number of seconds
+   *   that clocks may be skewed when checking capability expiration date-times
    *   against `date` and when comparing invocation proof creation time against
    *   delegation proof creation time.
-   * @param {number} [maxDelegationTtl=Infinity] - The maximum milliseconds to
-   *   live for a delegated zcap as measured by the time difference between
-   *   `expires` and `created` on the delegation proof.
-   * @param {number} [maxTimestampDelta=Infinity] - A maximum number of seconds
-   *   that "created" date on the capability invocation proof can deviate from
-   *   `date`, defaults to `Infinity`.
-   * @param {object|array} suite - The jsonld-signature suite(s) to use to
-   *   verify the capability chain.
+   * @param {number} [options.maxDelegationTtl=Infinity] - The maximum
+   *   milliseconds to live for a delegated zcap as measured by the time
+   *   difference between `expires` and `created` on the delegation proof.
+   * @param {number} [options.maxTimestampDelta=Infinity] - A maximum number
+   *   of seconds that "created" date on the capability invocation proof
+   *   can deviate from *   `date`, defaults to `Infinity`.
+   * @param {object|Array} options.suite - The jsonld-signature suite(s) to use
+   *   to verify the capability chain.
    */
   constructor({
     // proof creation params
-    capability, capabilityAction, invocationTarget,
+    capability,
+    capabilityAction,
+    invocationTarget,
     // proof verification params
-    allowTargetAttenuation, controller, date,
-    expectedAction, expectedRootCapability, expectedTarget,
+    allowTargetAttenuation,
+    controller,
+    date,
+    expectedAction,
+    expectedRootCapability,
+    expectedTarget,
     inspectCapabilityChain,
@@ -314,2 +323,2 @@ maxChainLength,
   }
-};
+}

lib/CapabilityProofPurpose.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
-
-const jsigs = require('jsonld-signatures');
-const utils = require('./utils');
+import jsigs from 'jsonld-signatures';
+import * as utils from './utils.js';
 const {ControllerProofPurpose} = jsigs.purposes;
@@ -13,35 +11,41 @@
 
-module.exports = class CapabilityProofPurpose extends ControllerProofPurpose {
+/**
+ * @typedef InspectCapabilityChain
+ */
+
+export class CapabilityProofPurpose extends ControllerProofPurpose {
   /**
-   * @param {boolean} [allowTargetAttenuation=false] - Allow the
+   * @param {object} options - The options.
+   * @param {boolean} [options.allowTargetAttenuation=false] - Allow the
    *   invocationTarget of a delegation chain to be increasingly restrictive
    *   based on a hierarchical RESTful URL structure.
-   * @param {object} [controller] - The description of the controller, if it
-   *   is not to be dereferenced via a `documentLoader`.
-   * @param {string|Date|number} [date] - Used during proof verification as the
-   *   expected date for the creation of the proof (within a maximum timestamp
-   *   delta) and for checking to see if a capability has expired; if not
-   *   passed the current date will be used.
-   * @param {string|array} [expectedRootCapability] - The expected root
+   * @param {object} [options.controller] - The description of the controller,
+   *   if it is not to be dereferenced via a `documentLoader`.
+   * @param {string|Date|number} [options.date] - Used during proof
+   *   verification as the expected date for the creation of the proof
+   *   (within a maximum timestamp delta) and for checking to see if a
+   *   capability has expired; if not passed the current date will be used.
+   * @param {string|Array} [options.expectedRootCapability] - The expected root
    *   capability for the delegation chain (this can be a single root
    *   capability ID expressed as a string or, if there is more than one
    *   acceptable root capability, several root capability IDs in an array.
-   * @param {InspectCapabilityChain} [inspectCapabilityChain] - An async
-   *   function that can be used to check for revocations related to any of
-   *   verified capabilities.
-   * @param {number} [maxChainLength=10] - The maximum length of the capability
+   * @param {InspectCapabilityChain} [options.inspectCapabilityChain] - An
+   *   async function that can be used to check for revocations related to any
+   *   of verified capabilities.
+   * @param {number} [options.maxChainLength=10] - The maximum length of the
+   *  capability
    *   delegation chain.
-   * @param {number} [maxClockSkew=300] - A maximum number of seconds that
-   *   clocks may be skewed checking capability expiration date-times against
-   *   `date` and when comparing invocation proof creation time against
+   * @param {number} [options.maxClockSkew=300] - A maximum number of seconds
+   *   that clocks may be skewed checking capability expiration date-times
+   *   against `date` and when comparing invocation proof creation time against
    *   delegation proof creation time.
-   * @param {number} [maxDelegationTtl=Infinity] - The maximum milliseconds to
-   *   live for a delegated zcap as measured by the time difference between
-   *   `expires` and `created` on the delegation proof.
-   * @param {number} [maxTimestampDelta=Infinity] - A maximum number of seconds
-   *   that a capability invocation proof (only used by this proof type)
-   *   "created" date can deviate from `date`, defaults to `Infinity`.
-   * @param {object|array} suite - the jsonld-signature suites to use to
-   *   verify the capability chain.
-   * @param {string} term - The term `capabilityInvocation` or
+   * @param {number} [options.maxDelegationTtl=Infinity] - The maximum
+   *   milliseconds to live for a delegated zcap as measured by the time
+   *   difference between `expires` and `created` on the delegation proof.
+   * @param {number} [options.maxTimestampDelta=Infinity] - A maximum number
+   *   of seconds that a capability invocation proof (only used by this proof
+   *   type) "created" date can deviate from `date`, defaults to `Infinity`.
+   * @param {object|Array} options.suite - The jsonld-signature suites to use
+   *   to verify the capability chain.
+   * @param {string} options.term - The term `capabilityInvocation` or
    *   `capabilityDelegation` to look for in an LD proof.
@@ -51,3 +55,5 @@ */
     // proof verification params (and common to all derived classes)
-    allowTargetAttenuation = false, controller, date,
+    allowTargetAttenuation = false,
+    controller,
+    date,
     expectedRootCapability,
@@ -291,2 +297,9 @@ inspectCapabilityChain,
   /**
+   * @typedef class
+   */
+  /**
+   * @typedef CapabilityMeta
+   */
+
+  /**
    * Verifies the given dereferenced capability chain. This involves ensuring
@@ -297,17 +310,20 @@ * that the root zcap in the chain is as expected (for the endpoint where an
    *
-   * @param {class} CapabilityDelegation - The CapabilityDelegation class; this
-   *   must be passed to avoid circular references in this module.
-   * @param {CapabilityMeta[]} capabilityChainMeta - The array of results
-   *   for inspecting the capability chain; if this has a value when passed,
-   *   then it is presumed to be the verify result for the tail capability and
-   *   that tail capability will not be verified internally by this function
-   *   to avoid duplicating work; all verification results (including the
-   *   tail's -- either computed locally or reused from what was passed) will
-   *   be added to this array in order from root => tail.
-   * @param {array} dereferencedChain - The dereferenced capability chain for
-   *   `capability`, starting at the root capability and ending at `capability`.
-   * @param {function} documentLoader - A configured jsonld documentLoader.
-   * @param {object} expansionMap - A configured jsonld expansionMap.
+   * @param {object} options - The options.
+   * @param {class} options.CapabilityDelegation - The CapabilityDelegation
+   *   class; this must be passed to avoid circular references in this module.
+   * @param {CapabilityMeta[]} options.capabilityChainMeta - The array of
+   *   results for inspecting the capability chain; if this has a value when
+   *   passed, then it is presumed to be the verify result for the tail
+   *   capability and that tail capability will not be verified internally by
+   *   this function to avoid duplicating work; all verification results
+   *   (including the tail's -- either computed locally or reused from what
+   *   was passed) will be added to this array in order from root => tail.
+   * @param {Array} options.dereferencedChain - The dereferenced capability
+   *   chain for `capability`, starting at the root capability and ending at
+   *   `capability`.
+   * @param {Function} options.documentLoader - A configured jsonld
+   *   documentLoader.
+   * @param {object} options.expansionMap - A configured jsonld expansionMap.
    *
-   * @return {object} {verified, error}.
+   * @returns {object} {verified, error}.
    */
@@ -525,2 +541,2 @@ async _verifyCapabilityChain({
   }
-};
+}

lib/constants.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
+export {
+  CONTEXT as ZCAP_CONTEXT,
+  CONTEXT_URL as ZCAP_CONTEXT_URL
+} from '@digitalbazaar/zcap-context';
 
-const {CONTEXT: ZCAP_CONTEXT, CONTEXT_URL: ZCAP_CONTEXT_URL} =
-  require('@digitalbazaar/zcap-context');
-
-module.exports = {
-  CAPABILITY_VOCAB_URL: 'https://w3id.org/security#',
-  ZCAP_CONTEXT_URL,
-  ZCAP_CONTEXT,
-  ZCAP_ROOT_PREFIX: 'urn:zcap:root:',
-  // 6 is probably more reasonable for Kevin Bacon reasons? but picking a
-  // power of 10
-  MAX_CHAIN_LENGTH: 10
-};
+export const CAPABILITY_VOCAB_URL = 'https://w3id.org/security#';
+export const ZCAP_ROOT_PREFIX = 'urn:zcap:root:';
+// 6 is probably more reasonable for Kevin Bacon reasons? but picking a
+// power of 10
+export const MAX_CHAIN_LENGTH = 10;

lib/index.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
+import jsigs from 'jsonld-signatures';
 
-const jsigs = require('jsonld-signatures');
-
 /* Core API */
-exports.CapabilityInvocation = require('./CapabilityInvocation');
-exports.CapabilityDelegation = require('./CapabilityDelegation');
-const {createRootCapability} = require('./utils');
-exports.createRootCapability = createRootCapability;
-exports.constants = require('./constants');
+export {CapabilityInvocation} from './CapabilityInvocation.js';
+export {CapabilityDelegation} from './CapabilityDelegation.js';
+export {createRootCapability} from './utils.js';
+import * as constants from './constants.js';
+export {constants};
 
 // enable external document loaders to extend an internal one that loads
 // ZCAP context(s)
-exports.extendDocumentLoader = function extendDocumentLoader(documentLoader) {
+export function extendDocumentLoader(documentLoader) {
   return async function loadZcapContexts(url) {
-    if(url === exports.constants.ZCAP_CONTEXT_URL) {
+    if(url === constants.ZCAP_CONTEXT_URL) {
       return {
         contextUrl: null,
         documentUrl: url,
-        document: exports.constants.ZCAP_CONTEXT,
+        document: constants.ZCAP_CONTEXT,
         tag: 'static'
@@ -29,6 +27,6 @@ };
   };
-};
+}
 
 // default doc loader; only loads ZCAP and jsigs contexts
-exports.documentLoader = exports.extendDocumentLoader(
+export const documentLoader = extendDocumentLoader(
   jsigs.strictDocumentLoader);

lib/utils.js

 /*!
  * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
  */
-'use strict';
-
-const {
+import {
   MAX_CHAIN_LENGTH, ZCAP_CONTEXT_URL, ZCAP_ROOT_PREFIX
-} = require('./constants');
+} from './constants.js';
 
@@ -14,8 +12,9 @@ /**
  *
- * @param {string|array} controller - The root controller.
- * @param {string} invocationTarget - The root invocation target.
+ * @param {object} options - The options.
+ * @param {string|Array} options.controller - The root controller.
+ * @param {string} options.invocationTarget - The root invocation target.
  *
- * @return {object} The root capability.
+ * @returns {object} The root capability.
  */
-exports.createRootCapability = ({controller, invocationTarget}) => {
+export function createRootCapability({controller, invocationTarget}) {
   return {
@@ -27,3 +26,3 @@ '@context': ZCAP_CONTEXT_URL,
   };
-};
+}
 
@@ -33,7 +32,8 @@ /**
  *
- * @param {object} capability - The authorization capability (zcap).
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability (zcap).
  *
- * @return {Array} The controller(s) for the capability.
+ * @returns {Array} The controller(s) for the capability.
  */
-exports.getControllers = ({capability}) => {
+export function getControllers({capability}) {
   const {controller} = capability;
@@ -44,3 +44,3 @@ if(!controller) {
   return Array.isArray(controller) ? controller : [controller];
-};
+}
 
@@ -51,12 +51,14 @@ /**
  *
- * @param {object} capability - The authorization capability (zcap).
- * @param {object} verificationMethod - The verification method to check.
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability (zcap).
+ * @param {object} options.verificationMethod - The verification method to
+ *   check.
  *
- * @return {boolean} `true` if the controller matches, `false` if not.
+ * @returns {boolean} `true` if the controller matches, `false` if not.
  */
-exports.isController = ({capability, verificationMethod}) => {
-  const controllers = exports.getControllers({capability});
+export function isController({capability, verificationMethod}) {
+  const controllers = getControllers({capability});
   return controllers.includes(verificationMethod.controller) ||
     controllers.includes(verificationMethod.id);
-};
+}
 
@@ -66,5 +68,8 @@ /**
  *
- * @param {object} capability - The authorization capability (zcap).
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability (zcap).
+ *
+ * @returns {Array} Allowed actions.
  */
-exports.getAllowedActions = ({capability}) => {
+export function getAllowedActions({capability}) {
   const {allowedAction} = capability;
@@ -78,3 +83,3 @@ if(!allowedAction) {
   return [allowedAction];
-};
+}
 
@@ -84,8 +89,11 @@ /**
  *
- * @param {object} capability - The authorization capability (zcap).
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability (zcap).
+ *
+ * @returns {string} - Capability target.
  */
-exports.getTarget = ({capability}) => {
+export function getTarget({capability}) {
   // zcaps MUST have an `invocationTarget` that is a string
   return capability.invocationTarget;
-};
+}
 
@@ -97,3 +105,4 @@ /**
  *
- * @param {object} capability - The authorization capability.
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability.
  *
@@ -103,3 +112,3 @@ * @returns {object} Any `capabilityDelegation` proof objects attached to the
  */
-exports.getDelegationProofs = ({capability}) => {
+export function getDelegationProofs({capability}) {
   // capability is root or capability has no `proof`, then it has no relevant
@@ -115,3 +124,3 @@ // delegation proofs
   return proof.filter(p => p && p.proofPurpose === 'capabilityDelegation');
-};
+}
 
@@ -121,3 +130,4 @@ /**
  *
- * @param {object} capability - The authorization capability.
+ * @param {object} options - The options.
+ * @param {object} options.capability - The authorization capability.
  *
@@ -127,3 +137,3 @@ * @returns {object} Any `capabilityDelegation` proof objects attached to the
  */
-exports.getCapabilityChain = ({capability}) => {
+export function getCapabilityChain({capability}) {
   if(!capability.parentCapability) {
@@ -134,3 +144,3 @@ // root capability has no chain
 
-  const proofs = exports.getDelegationProofs({capability});
+  const proofs = getDelegationProofs({capability});
   if(proofs.length !== 1) {
@@ -150,3 +160,3 @@ throw new Error(
   return capabilityChain.slice();
-};
+}
 
@@ -165,5 +175,6 @@ /**
  *
- * @param {string} invocationTarget - The invocation target to check.
- * @param {string} baseInvocationTarget - The base invocation target.
- * @param {boolean} allowTargetAttenuation - `true` to allow target
+ * @param {object} options - The options.
+ * @param {string} options.invocationTarget - The invocation target to check.
+ * @param {string} options.baseInvocationTarget - The base invocation target.
+ * @param {boolean} options.allowTargetAttenuation - `true` to allow target
  *   attenuation.
@@ -173,5 +184,5 @@ *
  */
-exports.isValidTarget = ({
+export function isValidTarget({
   invocationTarget, baseInvocationTarget, allowTargetAttenuation
-}) => {
+}) {
   // direct match, valid
@@ -206,3 +217,3 @@ if(baseInvocationTarget === invocationTarget) {
   return false;
-};
+}
 
@@ -213,11 +224,13 @@ /**
  *
- * @param {object} parentCapability - The parent capability from which to
- *   compute the capability chain.
+ * @param {object} options - The options.
+ * @param {object} options.parentCapability - The parent capability from
+ *   which to compute the capability chain.
+ * @param {boolean} options._skipLocalValidationForTesting - Private.
  *
- * @return {array} The computed capability chain for the capability to be
+ * @returns {Array} The computed capability chain for the capability to be
  *   included in a capability delegation proof.
  */
-exports.computeCapabilityChain = ({
+export function computeCapabilityChain({
   parentCapability, _skipLocalValidationForTesting
-}) => {
+}) {
   // if parent capability is root (string or no parent of its own)
@@ -230,3 +243,3 @@ const type = typeof parentCapability;
     // capability must be a root zcap
-    exports.checkCapability({capability: parentCapability, expectRoot: true});
+    checkCapability({capability: parentCapability, expectRoot: true});
     return [parentCapability.id];
@@ -236,4 +249,4 @@ }
   // capability must be a delegated zcap, check it and get its chain
-  exports.checkCapability({capability: parentCapability, expectRoot: false});
-  const proofs = exports.getDelegationProofs({capability: parentCapability});
+  checkCapability({capability: parentCapability, expectRoot: false});
+  const proofs = getDelegationProofs({capability: parentCapability});
   if(proofs.length !== 1) {
@@ -293,3 +306,3 @@ throw new Error(
   return newChain;
-};
+}
 
@@ -319,15 +332,16 @@ /**
  *
- * @param {string|object} capability - The authorization capability (zcap) to
- *   get the chain for.
- * @param {function} getRootCapability - A function for dereferencing the
- *   root capability (the root zcap must be deref'd in a trusted way by the
+ * @param {object} options - The options.
+ * @param {string|object} options.capability - The authorization capability
+ *   (zcap) to get the chain for.
+ * @param {Function} options.getRootCapability - A function for dereferencing
+ *   the root capability (the root zcap must be deref'd in a trusted way by the
  *   verifier, it must not be untrusted input).
- * @param [maxChainLength=10] - The maximum length of the capability delegation
- *   chain (this is inclusive of `capability` itself).
+ * @param {number} [options.maxChainLength=10] - The maximum length of the
+ *   capability delegation chain (this is inclusive of `capability` itself).
  *
- * @return {Promise<object>} {dereferencedChain}.
+ * @returns {Promise<object>} {dereferencedChain}.
  */
-exports.dereferenceCapabilityChain = async ({
+export async function dereferenceCapabilityChain({
   capability, getRootCapability, maxChainLength = MAX_CHAIN_LENGTH
-}) => {
+}) {
   // capability MUST be a string if it is root; root zcaps MUST always be
@@ -339,3 +353,3 @@ // dereferenced via a trusted mechanism provided by the verifier as they
     const {rootCapability} = await getRootCapability({id});
-    exports.checkCapability({capability: rootCapability, expectRoot: true});
+    checkCapability({capability: rootCapability, expectRoot: true});
     if(rootCapability.id !== id) {
@@ -349,3 +363,3 @@ throw new Error(
     // ensure capability itself is valid
-    exports.checkCapability({capability, expectRoot: false});
+    checkCapability({capability, expectRoot: false});
   }
@@ -357,3 +371,3 @@
   // get the underef'd capability chain for the capability
-  const capabilityChain = exports.getCapabilityChain({capability});
+  const capabilityChain = getCapabilityChain({capability});
 
@@ -424,3 +438,3 @@ // ensure capability chain length (add 1 to be inclusive of `capability`)
         // check zcap data model
-        exports.checkCapability({capability: entry, expectRoot: i === 0});
+        checkCapability({capability: entry, expectRoot: i === 0});
       }
@@ -465,3 +479,3 @@
         currentCapabilityChain.length - 1];
-      currentCapabilityChain = exports.getCapabilityChain(
+      currentCapabilityChain = getCapabilityChain(
         {capability: currentCapability});
@@ -480,3 +494,3 @@ } else {
     const {rootCapability} = await getRootCapability({id});
-    exports.checkCapability({capability: rootCapability, expectRoot: true});
+    checkCapability({capability: rootCapability, expectRoot: true});
     if(rootCapability.id !== id) {
@@ -495,5 +509,5 @@ throw new Error(
   return {dereferencedChain};
-};
+}
 
-exports.checkProofContext = ({proof}) => {
+export function checkProofContext({proof}) {
   // zcap context can appear anywhere in the array as it *is* protected
@@ -506,5 +520,5 @@ const {'@context': ctx} = proof;
   }
-};
+}
 
-exports.hasValidAllowedAction = ({allowedAction, parentAllowedAction}) => {
+export function hasValidAllowedAction({allowedAction, parentAllowedAction}) {
   // if the parent's `allowedAction` is `undefined`, then any more restrictive
@@ -526,5 +540,5 @@ // action is allowed in the child
   return (parentAllowedAction === allowedAction);
-};
+}
 
-exports.checkCapability = ({capability, expectRoot}) => {
+export function checkCapability({capability, expectRoot}) {
   const {
@@ -558,3 +572,3 @@ '@context': context,
     }
-    const [proof] = exports.getDelegationProofs({capability});
+    const [proof] = getDelegationProofs({capability});
     if(!proof) {
@@ -600,5 +614,5 @@ throw new Error('Delegated capability must have a "proof".');
   }
-};
+}
 
-exports.compareTime = ({t1, t2, maxClockSkew}) => {
+export function compareTime({t1, t2, maxClockSkew}) {
   // `maxClockSkew` is in seconds, so transform to milliseconds
@@ -610,3 +624,3 @@ if(Math.abs(t1 - t2) < (maxClockSkew * 1000)) {
   return t1 < t2 ? -1 : 1;
-};
+}
 
@@ -616,5 +630,11 @@ // documentation typedefs
 /**
+ * A inspection function result.
+ *
+ * @typedef {object} InspectResult
+ */
+
+/**
  * A capability chain inspection function.
  *
- * @typedef {function} InspectCapabilityChain
+ * @typedef {Function} InspectCapabilityChain
  * @param {CapabilityChainDetails}
@@ -621,0 +641,0 @@ * @returns {InspectResult}

package.json

 {
   "name": "@digitalbazaar/zcap",
-  "version": "7.2.2",
+  "version": "8.0.0",
   "description": "Authorization Capabilities reference implementation.",
@@ -19,5 +19,5 @@ "homepage": "https://github.com/digitalbazaar/zcap",
   "license": "BSD-3-Clause",
-  "main": "lib/index.js",
+  "type": "module",
+  "exports": "./lib/index.js",
   "files": [
-    "lib/*.js",
     "lib/**/*.js"
@@ -27,46 +27,43 @@ ],
     "@digitalbazaar/zcap-context": "^2.0.0",
-    "jsonld-signatures": "^9.3.0"
+    "jsonld-signatures": "^10.0.0"
   },
   "devDependencies": {
-    "@digitalbazaar/ed25519-signature-2020": "^3.0.0",
-    "@digitalbazaar/ed25519-verification-key-2020": "^3.0.0",
-    "chai": "^4.3.3",
+    "@digitalbazaar/ed25519-signature-2020": "^4.0.1",
+    "@digitalbazaar/ed25519-verification-key-2020": "^4.0.0",
+    "c8": "^7.11.3",
+    "chai": "^4.3.6",
     "cross-env": "^7.0.3",
-    "eslint": "^8.5.0",
-    "eslint-config-digitalbazaar": "^2.6.1",
-    "karma": "^6.3.16",
-    "karma-chrome-launcher": "^3.1.0",
-    "karma-edge-launcher": "^0.4.2",
-    "karma-firefox-launcher": "^2.1.0",
-    "karma-ie-launcher": "^1.0.0",
+    "eslint": "^8.17.0",
+    "eslint-config-digitalbazaar": "^3.0.0",
+    "eslint-plugin-jsdoc": "^39.3.2",
+    "eslint-plugin-unicorn": "^42.0.0",
+    "karma": "^6.3.20",
+    "karma-chrome-launcher": "^3.1.1",
     "karma-mocha": "^2.0.1",
     "karma-mocha-reporter": "^2.2.5",
-    "karma-safari-launcher": "^1.0.0",
-    "karma-sourcemap-loader": "^0.3.7",
-    "karma-tap-reporter": "0.0.6",
-    "karma-webpack": "^4.0.2",
-    "mocha": "^8.3.1",
+    "karma-sourcemap-loader": "^0.3.8",
+    "karma-webpack": "^5.0.0",
+    "mocha": "^10.0.0",
     "mocha-lcov-reporter": "^1.3.0",
-    "nyc": "^15.1.0",
-    "webpack": "^4.46.0"
+    "webpack": "^5.73.0"
   },
   "scripts": {
     "test": "npm run test-node",
-    "test-node": "cross-env NODE_ENV=test mocha --preserve-symlinks --delay -t 30000 -A -R ${REPORTER:-spec} tests/test.js",
-    "test-karma": "cross-env NODE_ENV=test karma start",
-    "coverage": "cross-env NODE_ENV=test nyc --reporter=lcov --reporter=text-summary npm run test-node",
-    "coverage-ci": "cross-env NODE_ENV=test nyc --reporter=lcovonly npm run test-node",
-    "coverage-report": "nyc report",
+    "__test-node": "cross-env NODE_ENV=test mocha --preserve-symlinks --delay -t 30000 -A -R ${REPORTER:-spec} tests/test.js",
+    "test-node": "cross-env NODE_ENV=test mocha --preserve-symlinks -t 30000 -A -R ${REPORTER:-spec} tests/test.js",
+    "test-karma": "cross-env NODE_ENV=test karma start karma.conf.cjs",
+    "coverage": "cross-env NODE_ENV=test c8 npm run test-node",
+    "coverage-ci": "cross-env NODE_ENV=test c8 --reporter=lcovonly --reporter=text-summary --reporter=text npm run test-node",
+    "coverage-report": "c8 report",
     "lint": "eslint ."
   },
-  "nyc": {
-    "exclude": [
-      "tests"
+  "c8": {
+    "reporter": [
+      "lcov",
+      "text-summary",
+      "text"
     ]
   },
-  "browser": {
-    "crypto": false
-  },
   "engines": {
-    "node": ">=12"
+    "node": ">=14"
   },
@@ -73,0 +70,0 @@ "keywords": [

README.md

@@ -31,3 +31,3 @@ # zcap _(@digitalbazaar/zcap)_
 
-- Node.js 12+ is required.
+- Browsers and Node.js 14+ are supported.
 
@@ -34,0 +34,0 @@ To install from NPM:

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

18

decreased by-14.29%

Lines of code

1706

increased by3.02%

Is type module

Yes

Worsened metrics

Total package byte prevSize

78522

decreased by-13.6%

Number of package files

9

decreased by-10%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Added@digitalbazaar/http-client@3.4.1(transitive)

• + Added@fastify/busboy@2.1.1(transitive)

• + Addeddata-uri-to-buffer@4.0.1(transitive)

• + Addedfetch-blob@3.2.0(transitive)

• + Addedformdata-polyfill@4.0.10(transitive)

• + Addedjsonld@6.0.0(transitive)

• + Addedjsonld-signatures@10.0.0(transitive)

• + Addedky@0.33.3(transitive)

• + Addedky-universal@0.11.0(transitive)

• + Addednode-domexception@1.0.0(transitive)

• + Addednode-fetch@3.3.2(transitive)

• + Addedundici@5.28.5(transitive)

• + Addedweb-streams-polyfill@3.3.3(transitive)

• - Removed@digitalbazaar/http-client@1.2.0(transitive)

• - Removeddata-uri-to-buffer@3.0.1(transitive)

• - Removedesm@3.2.25(transitive)

• - Removedfetch-blob@2.1.2(transitive)

• - Removedjsonld@5.2.0(transitive)

• - Removedjsonld-signatures@9.3.1(transitive)

• - Removedky@0.25.1(transitive)

• - Removedky-universal@0.8.2(transitive)

• - Removednode-fetch@3.0.0-beta.9(transitive)

• Updatedjsonld-signatures@^10.0.0