@neo4j/code-signer - npm Package Compare versions

Comparing version 1.1.3 to 1.1.4

lib/certificate.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.mapCertificateInfo = void 0;
		const node_forge_1 = require("node-forge");
		@@ -4,0 +5,0 @@ function mapCertificateInfo(cert) {

lib/cli.js

		#!/usr/bin/env node
		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		@@ -23,3 +24,3 @@ });
		const rootCert = args['root-cert'] ? fs.readFileSync(args['root-cert'], 'utf8') : undefined;
		const result = yield _1.verifyApp({
		const result = yield (0, _1.verifyApp)({
		appPath: args.app,
		@@ -35,3 +36,3 @@ rootCertificatePem: rootCert,
		else {
		yield _1.signApp(args.app, args.cert, args['private-key'], args.passphrase);
		yield (0, _1.signApp)(args.app, args.cert, args['private-key'], args.passphrase);
		console.log('Signed successfully.');
		@@ -38,0 +39,0 @@ }

lib/constants.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.CERTIFICATION_SERVER_URL = exports.CERTIFICATION_SERVER_PUBLIC_KEY = exports.SIGNATURE_FILENAME = exports.DIGEST_ALGORITHM_OID = void 0;
		const node_forge_1 = require("node-forge");
		@@ -4,0 +5,0 @@ exports.DIGEST_ALGORITHM_OID = node_forge_1.pki.oids.sha256;

lib/digest.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		@@ -11,6 +12,7 @@ });
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.digestDirectory = void 0;
		const folder_hash_1 = require("./folder-hash");
		const hashAlg = 'sha512';
		exports.digestDirectory = (path, excludeFiles) => __awaiter(this, void 0, void 0, function* () {
		const result = yield folder_hash_1.hashElement(path, {
		const digestDirectory = (path, excludeFiles) => __awaiter(void 0, void 0, void 0, function* () {
		const result = yield (0, folder_hash_1.hashElement)(path, {
		algo: hashAlg,
		@@ -22,1 +24,2 @@ files: { exclude: [...excludeFiles] },
		});
		exports.digestDirectory = digestDirectory;

lib/index.d.ts

		import { VerifyAppResult, VerifyAppPayload } from './types';
		export * from './types';
		export declare const signApp: (appPath: string, certPath: string, keyPath: string, passphrase?: string \| undefined) => Promise<void>;
		export declare const signApp: (appPath: string, certPath: string, keyPath: string, passphrase?: string) => Promise<void>;
		export declare const verifyApp: (payload: VerifyAppPayload) => Promise<VerifyAppResult>;

lib/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		o[k2] = m[k];
		}));
		var __exportStar = (this && this.__exportStar) \|\| function(m, exports) {
		for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
		};
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		function __export(m) {
		for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
		}
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.verifyApp = exports.signApp = void 0;
		const fs = require("fs");
		@@ -20,5 +33,5 @@ const path = require("path");
		const verify_1 = require("./verify");
		__export(require("./types"));
		exports.signApp = (appPath, certPath, keyPath, passphrase) => __awaiter(this, void 0, void 0, function* () {
		const digest = yield digest_1.digestDirectory(appPath, [constants_1.SIGNATURE_FILENAME]);
		__exportStar(require("./types"), exports);
		const signApp = (appPath, certPath, keyPath, passphrase) => __awaiter(void 0, void 0, void 0, function* () {
		const digest = yield (0, digest_1.digestDirectory)(appPath, [constants_1.SIGNATURE_FILENAME]);
		const options = {
		@@ -30,6 +43,7 @@ certPem: fs.readFileSync(certPath, 'utf8'),
		};
		const signature = sign_1.sign(options);
		const signature = (0, sign_1.sign)(options);
		fs.writeFileSync(path.join(appPath, constants_1.SIGNATURE_FILENAME), signature);
		});
		exports.verifyApp = (payload) => __awaiter(this, void 0, void 0, function* () {
		exports.signApp = signApp;
		const verifyApp = (payload) => __awaiter(void 0, void 0, void 0, function* () {
		const { appPath, rootCertificatePem, checkRevocationStatus } = payload;
		@@ -43,5 +57,5 @@ const signaturePath = path.join(appPath, constants_1.SIGNATURE_FILENAME);
		}
		const digest = yield digest_1.digestDirectory(appPath, [constants_1.SIGNATURE_FILENAME]);
		const digest = yield (0, digest_1.digestDirectory)(appPath, [constants_1.SIGNATURE_FILENAME]);
		const signaturePem = fs.readFileSync(signaturePath, 'utf8');
		const result = yield verify_1.verify({
		const result = yield (0, verify_1.verify)({
		data: digest,
		@@ -65,1 +79,2 @@ rootCertificatePem,
		});
		exports.verifyApp = verifyApp;

lib/sign.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.sign = void 0;
		const node_forge_1 = require("node-forge");
		const constants_1 = require("./constants");
		exports.sign = (options) => {
		const sign = (options) => {
		const { data, privateKeyPem, certPem, passphrase } = options;
		@@ -38,1 +39,2 @@ const privateKey = passphrase
		};
		exports.sign = sign;

lib/types.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.InvalidSignatureError = void 0;
		class InvalidSignatureError extends Error {
		@@ -4,0 +5,0 @@ constructor(message) {

lib/verify.d.ts

		import { pki } from 'node-forge';
		import { VerifyCertResult, VerifyOptions, VerifyResult, VerifySignatureResult } from './types';
		export declare const verify: (options: VerifyOptions) => Promise<VerifyResult>;
		export declare const verifyCertificate: (certificate: string \| pki.Certificate, caPem?: string \| undefined) => VerifyCertResult;
		export declare const verifyCertificate: (certificate: pki.Certificate \| string, caPem?: string) => VerifyCertResult;
		export declare function verifyCertificateNotRevoked(signaturePem: string): Promise<{
		@@ -6,0 +6,0 @@ revocationError?: string;

lib/verify.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		@@ -11,2 +12,3 @@ });
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.verifySignature = exports.verifyCertificateNotRevoked = exports.verifyCertificate = exports.verify = void 0;
		const node_forge_1 = require("node-forge");
		@@ -18,3 +20,3 @@ const crypto = require("crypto");
		const types_1 = require("./types");
		exports.verify = (options) => __awaiter(this, void 0, void 0, function* () {
		const verify = (options) => __awaiter(void 0, void 0, void 0, function* () {
		const { data, signaturePem, rootCertificatePem } = options;
		@@ -29,4 +31,4 @@ let isValid = false;
		try {
		({ certificate } = exports.verifySignature(signaturePem, data));
		({ isValid, isTrusted, error } = exports.verifyCertificate(certificate, rootCertificatePem));
		({ certificate } = (0, exports.verifySignature)(signaturePem, data));
		({ isValid, isTrusted, error } = (0, exports.verifyCertificate)(certificate, rootCertificatePem));
		}
		@@ -37,3 +39,3 @@ catch (e) {
		return {
		certificate: certificate ? certificate_1.mapCertificateInfo(certificate) : undefined,
		certificate: certificate ? (0, certificate_1.mapCertificateInfo)(certificate) : undefined,
		error,
		@@ -46,3 +48,4 @@ isTrusted,
		});
		exports.verifyCertificate = (certificate, caPem) => {
		exports.verify = verify;
		const verifyCertificate = (certificate, caPem) => {
		const cert = typeof certificate === 'string' ? node_forge_1.pki.certificateFromPem(certificate) : certificate;
		@@ -75,2 +78,3 @@ const caStore = node_forge_1.pki.createCaStore();
		};
		exports.verifyCertificate = verifyCertificate;
		function verifyCertificateNotRevoked(signaturePem) {
		@@ -83,3 +87,3 @@ const prepped = crypto.createPublicKey({
		verify.update(rand);
		return node_fetch_1.default(constants_1.CERTIFICATION_SERVER_URL, {
		return (0, node_fetch_1.default)(constants_1.CERTIFICATION_SERVER_URL, {
		method: 'POST',
		@@ -128,3 +132,3 @@ headers: {
		}
		exports.verifySignature = (signaturePem, data) => {
		const verifySignature = (signaturePem, data) => {
		const signedData = node_forge_1.pkcs7.messageFromPem(signaturePem);
		@@ -156,2 +160,3 @@ const signerInfo = parseSignerInfo(signedData);
		};
		exports.verifySignature = verifySignature;
		function digestAttributes(signedAttrs, algorithm) {
		@@ -175,3 +180,5 @@ if (algorithm !== constants_1.DIGEST_ALGORITHM_OID) {
		for (let i = 0, l = signedAttrs.length; i < l; ++i) {
		// @ts-ignore
		const attributeType = toOid(signedAttrs[i].value[0].value);
		// @ts-ignore
		const value = signedAttrs[i].value[1].value[0].value;
		@@ -194,2 +201,3 @@ if (attributeType === node_forge_1.pki.oids.messageDigest) {
		const digestAlgorithm = node_forge_1.asn1.derToOid(capture.digestAlgorithm);
		// @ts-ignore
		const signatureAlgorithm = toOid(capture.signatureAlgorithm[0].value);
		@@ -196,0 +204,0 @@ const signature = capture.signature;

package.json

		{
		"name": "@neo4j/code-signer",
		"version": "1.1.3",
		"version": "1.1.4",
		"description": "A CLI tool for signing code",
		@@ -15,26 +15,26 @@ "main": "lib/index.js",
		"test": "jest",
		"prepack": "yarn build && yarn test"
		"prepack": "npm run build && npm test"
		},
		"dependencies": {
		"@types/minimist": "1.2.0",
		"@types/node-forge": "0.7.10",
		"debug": "3.1.0",
		"graceful-fs": "4.1.11",
		"minimatch": "3.0.4",
		"minimist": "1.2.5",
		"@types/minimist": "1.2.2",
		"@types/node-forge": "1.0.4",
		"debug": "4.3.4",
		"graceful-fs": "4.2.10",
		"minimatch": "5.1.0",
		"minimist": "1.2.6",
		"node-fetch": "^2.6.1",
		"node-forge": "0.10.0",
		"p-limit": "2.1.0"
		"node-forge": "1.3.1",
		"p-limit": "3.1.0"
		},
		"devDependencies": {
		"@types/fs-extra": "5.0.4",
		"@types/jest": "23.3.12",
		"@types/node": "12.12.17",
		"@types/node-fetch": "^2.5.4",
		"@types/tempy": "0.2.0",
		"fs-extra": "7.0.1",
		"jest": "23.6.0",
		"tempy": "0.2.1",
		"ts-jest": "23.10.5",
		"typescript": "3.2.2"
		"@types/fs-extra": "9.0.13",
		"@types/jest": "29.0.0",
		"@types/node": "18.7.14",
		"@types/node-fetch": "^2.6.2",
		"@types/tempy": "0.3.0",
		"fs-extra": "10.1.0",
		"jest": "29.0.1",
		"tempy": "1.0.1",
		"ts-jest": "28.0.8",
		"typescript": "4.8.2"
		},
		@@ -41,0 +41,0 @@ "files": [

README.md

		# Code Signer

		A CLI tool for signing code used by Neo4j Graph platform.
		Creates a `signature.pem` file in the signed folder.
		A CLI tool for signing code used by Neo4j Graph platform.
		Creates a `signature.pem` file in the signed folder.
		If verifies signatures locally and against Neo4j:s CRL server
		@@ -64,4 +64,4 @@ for revoked certificates when online.

		- Build: `yarn build`
		- Test: `yarn test`
		- Package: `yarn pack`
		- Build: `npm build`
		- Test: `npm test`
		- Package: `npm pack`

NOTICE

@neo4j/code-signer - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes