Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →

@octokit/webhooks-methods

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@octokit/webhooks-methods - npm Package Compare versions

Comparing version 3.0.2 to 3.0.3

118

dist-node/index.js

		@@ -1,63 +0,111 @@
		'use strict';
		"use strict";
		var __defProp = Object.defineProperty;
		var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
		var __getOwnPropNames = Object.getOwnPropertyNames;
		var __hasOwnProp = Object.prototype.hasOwnProperty;
		var __export = (target, all) => {
		for (var name in all)
		__defProp(target, name, { get: all[name], enumerable: true });
		};
		var __copyProps = (to, from, except, desc) => {
		if (from && typeof from === "object" \|\| typeof from === "function") {
		for (let key of __getOwnPropNames(from))
		if (!__hasOwnProp.call(to, key) && key !== except)
		__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) \|\| desc.enumerable });
		}
		return to;
		};
		var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);

		Object.defineProperty(exports, '__esModule', { value: true });
		// pkg/dist-src/index.js
		var dist_src_exports = {};
		__export(dist_src_exports, {
		sign: () => sign,
		verify: () => verify,
		verifyWithFallback: () => verifyWithFallback
		});
		module.exports = __toCommonJS(dist_src_exports);

		var crypto = require('crypto');
		var buffer = require('buffer');
		// pkg/dist-src/node/sign.js
		var import_crypto = require("crypto");

		var Algorithm;
		(function (Algorithm) {
		Algorithm["SHA1"] = "sha1";
		Algorithm["SHA256"] = "sha256";
		})(Algorithm \|\| (Algorithm = {}));
		// pkg/dist-src/types.js
		var Algorithm = /* @__PURE__ */ ((Algorithm2) => {
		Algorithm2["SHA1"] = "sha1";
		Algorithm2["SHA256"] = "sha256";
		return Algorithm2;
		})(Algorithm \|\| {});

		const VERSION = "3.0.2";
		// pkg/dist-src/version.js
		var VERSION = "3.0.3";

		// pkg/dist-src/node/sign.js
		async function sign(options, payload) {
		const {
		secret,
		algorithm
		} = typeof options === "object" ? {
		const { secret, algorithm } = typeof options === "object" ? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256
		} : {
		secret: options,
		algorithm: Algorithm.SHA256
		};
		} : { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()");
		throw new TypeError(
		"[@octokit/webhooks-methods] secret & payload required for sign()"
		);
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`);
		throw new TypeError(
		`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`
		);
		}
		return `${algorithm}=${crypto.createHmac(algorithm, secret).update(payload).digest("hex")}`;
		return `${algorithm}=${(0, import_crypto.createHmac)(algorithm, secret).update(payload).digest("hex")}`;
		}
		sign.VERSION = VERSION;

		const getAlgorithm = signature => {
		// pkg/dist-src/node/verify.js
		var import_crypto2 = require("crypto");
		var import_buffer = require("buffer");

		// pkg/dist-src/utils.js
		var getAlgorithm = (signature) => {
		return signature.startsWith("sha256=") ? "sha256" : "sha1";
		};

		// pkg/dist-src/node/verify.js
		async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required");
		throw new TypeError(
		"[@octokit/webhooks-methods] secret, eventPayload & signature required"
		);
		}
		const signatureBuffer = buffer.Buffer.from(signature);
		const signatureBuffer = import_buffer.Buffer.from(signature);
		const algorithm = getAlgorithm(signature);
		const verificationBuffer = buffer.Buffer.from(await sign({
		secret,
		algorithm
		}, eventPayload));
		const verificationBuffer = import_buffer.Buffer.from(
		await sign({ secret, algorithm }, eventPayload)
		);
		if (signatureBuffer.length !== verificationBuffer.length) {
		return false;
		}
		// constant time comparison to prevent timing attachs
		// https://stackoverflow.com/a/31096242/206879
		// https://en.wikipedia.org/wiki/Timing_attack
		return crypto.timingSafeEqual(signatureBuffer, verificationBuffer);
		return (0, import_crypto2.timingSafeEqual)(signatureBuffer, verificationBuffer);
		}
		verify.VERSION = VERSION;

		exports.sign = sign;
		exports.verify = verify;
		//# sourceMappingURL=index.js.map
		// pkg/dist-src/index.js
		async function verifyWithFallback(secret, payload, signature, additionalSecrets) {
		const firstPass = await verify(secret, payload, signature);
		if (firstPass) {
		return true;
		}
		if (additionalSecrets !== void 0) {
		for (const s of additionalSecrets) {
		const v = await verify(s, payload, signature);
		if (v) {
		return v;
		}
		}
		}
		return false;
		}
		// Annotate the CommonJS export names for ESM import in node:
		0 && (module.exports = {
		sign,
		verify,
		verifyWithFallback
		});

dist-src/index.js

		@@ -1,2 +0,22 @@
		export { sign } from "./node/sign";
		export { verify } from "./node/verify";
		import { sign } from "./node/sign";
		import { verify } from "./node/verify";
		async function verifyWithFallback(secret, payload, signature, additionalSecrets) {
		const firstPass = await verify(secret, payload, signature);
		if (firstPass) {
		return true;
		}
		if (additionalSecrets !== void 0) {
		for (const s of additionalSecrets) {
		const v = await verify(s, payload, signature);
		if (v) {
		return v;
		}
		}
		}
		return false;
		}
		export {
		sign,
		verify,
		verifyWithFallback
		};

dist-src/node/sign.js

		import { createHmac } from "crypto";
		import { Algorithm } from "../types";
		import { VERSION } from "../version";
		export async function sign(options, payload) {
		const { secret, algorithm } = typeof options === "object"
		? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256,
		}
		: { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()");
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`);
		}
		return `${algorithm}=${createHmac(algorithm, secret)
		.update(payload)
		.digest("hex")}`;
		async function sign(options, payload) {
		const { secret, algorithm } = typeof options === "object" ? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256
		} : { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret & payload required for sign()"
		);
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(
		`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`
		);
		}
		return `${algorithm}=${createHmac(algorithm, secret).update(payload).digest("hex")}`;
		}
		sign.VERSION = VERSION;
		export {
		sign
		};

dist-src/node/verify.js

		@@ -6,17 +6,21 @@ import { timingSafeEqual } from "crypto";
		import { getAlgorithm } from "../utils";
		export async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required");
		}
		const signatureBuffer = Buffer.from(signature);
		const algorithm = getAlgorithm(signature);
		const verificationBuffer = Buffer.from(await sign({ secret, algorithm }, eventPayload));
		if (signatureBuffer.length !== verificationBuffer.length) {
		return false;
		}
		// constant time comparison to prevent timing attachs
		// https://stackoverflow.com/a/31096242/206879
		// https://en.wikipedia.org/wiki/Timing_attack
		return timingSafeEqual(signatureBuffer, verificationBuffer);
		async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret, eventPayload & signature required"
		);
		}
		const signatureBuffer = Buffer.from(signature);
		const algorithm = getAlgorithm(signature);
		const verificationBuffer = Buffer.from(
		await sign({ secret, algorithm }, eventPayload)
		);
		if (signatureBuffer.length !== verificationBuffer.length) {
		return false;
		}
		return timingSafeEqual(signatureBuffer, verificationBuffer);
		}
		verify.VERSION = VERSION;
		export {
		verify
		};

dist-src/types.js

		@@ -1,5 +0,8 @@
		export var Algorithm;
		(function (Algorithm) {
		Algorithm["SHA1"] = "sha1";
		Algorithm["SHA256"] = "sha256";
		})(Algorithm \|\| (Algorithm = {}));
		var Algorithm = /* @__PURE__ */ ((Algorithm2) => {
		Algorithm2["SHA1"] = "sha1";
		Algorithm2["SHA256"] = "sha256";
		return Algorithm2;
		})(Algorithm \|\| {});
		export {
		Algorithm
		};

dist-src/utils.js

		@@ -1,3 +0,6 @@
		export const getAlgorithm = (signature) => {
		return signature.startsWith("sha256=") ? "sha256" : "sha1";
		const getAlgorithm = (signature) => {
		return signature.startsWith("sha256=") ? "sha256" : "sha1";
		};
		export {
		getAlgorithm
		};

dist-src/version.js

		@@ -1,1 +0,4 @@
		export const VERSION = "3.0.2";
		const VERSION = "3.0.3";
		export {
		VERSION
		};

106

dist-src/web.js

		@@ -5,54 +5,72 @@ import { Algorithm } from "./types";
		function hexToUInt8Array(string) {
		// convert string to pairs of 2 characters
		const pairs = string.match(/[\dA-F]{2}/gi);
		// convert the octets to integers
		const integers = pairs.map(function (s) {
		return parseInt(s, 16);
		});
		return new Uint8Array(integers);
		const pairs = string.match(/[\dA-F]{2}/gi);
		const integers = pairs.map(function(s) {
		return parseInt(s, 16);
		});
		return new Uint8Array(integers);
		}
		function UInt8ArrayToHex(signature) {
		return Array.prototype.map
		.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0"))
		.join("");
		return Array.prototype.map.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")).join("");
		}
		function getHMACHashName(algorithm) {
		return {
		[Algorithm.SHA1]: "SHA-1",
		[Algorithm.SHA256]: "SHA-256",
		}[algorithm];
		return {
		[Algorithm.SHA1]: "SHA-1",
		[Algorithm.SHA256]: "SHA-256"
		}[algorithm];
		}
		async function importKey(secret, algorithm) {
		// ref: https://developer.mozilla.org/en-US/docs/Web/API/HmacImportParams
		return crypto.subtle.importKey("raw", // raw format of the key - should be Uint8Array
		enc.encode(secret), {
		// algorithm details
		name: "HMAC",
		hash: { name: getHMACHashName(algorithm) },
		}, false, // export = false
		["sign", "verify"] // what this key can do
		return crypto.subtle.importKey(
		"raw",
		// raw format of the key - should be Uint8Array
		enc.encode(secret),
		{
		// algorithm details
		name: "HMAC",
		hash: { name: getHMACHashName(algorithm) }
		},
		false,
		// export = false
		["sign", "verify"]
		// what this key can do
		);
		}
		async function sign(options, payload) {
		const { secret, algorithm } = typeof options === "object" ? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256
		} : { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret & payload required for sign()"
		);
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(
		`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`
		);
		}
		const signature = await crypto.subtle.sign(
		"HMAC",
		await importKey(secret, algorithm),
		enc.encode(payload)
		);
		return `${algorithm}=${UInt8ArrayToHex(signature)}`;
		}
		export async function sign(options, payload) {
		const { secret, algorithm } = typeof options === "object"
		? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256,
		}
		: { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()");
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`);
		}
		const signature = await crypto.subtle.sign("HMAC", await importKey(secret, algorithm), enc.encode(payload));
		return `${algorithm}=${UInt8ArrayToHex(signature)}`;
		async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret, eventPayload & signature required"
		);
		}
		const algorithm = getAlgorithm(signature);
		return await crypto.subtle.verify(
		"HMAC",
		await importKey(secret, algorithm),
		hexToUInt8Array(signature.replace(`${algorithm}=`, "")),
		enc.encode(eventPayload)
		);
		}
		export async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required");
		}
		const algorithm = getAlgorithm(signature);
		return await crypto.subtle.verify("HMAC", await importKey(secret, algorithm), hexToUInt8Array(signature.replace(`${algorithm}=`, "")), enc.encode(eventPayload));
		}
		export {
		sign,
		verify
		};

dist-types/index.d.ts

		export { sign } from "./node/sign";
		export { verify } from "./node/verify";
		import { verify } from "./node/verify";
		export { verify };
		export declare function verifyWithFallback(secret: string, payload: string, signature: string, additionalSecrets: undefined \| string[]): Promise<any>;

dist-types/node/sign.d.ts

		@@ -1,2 +0,2 @@
		import { SignOptions } from "../types";
		import { type SignOptions } from "../types";
		export declare function sign(options: SignOptions \| string, payload: string): Promise<string>;
		@@ -3,0 +3,0 @@ export declare namespace sign {

dist-types/version.d.ts

		@@ -1,1 +0,1 @@
		export declare const VERSION = "3.0.2";
		export declare const VERSION = "3.0.3";

dist-types/web.d.ts

		@@ -1,3 +0,3 @@
		import { SignOptions } from "./types";
		import { type SignOptions } from "./types";
		export declare function sign(options: SignOptions \| string, payload: string): Promise<string>;
		export declare function verify(secret: string, eventPayload: string, signature: string): Promise<boolean>;

124

dist-web/index.js

		@@ -1,68 +0,86 @@
		var Algorithm;
		(function (Algorithm) {
		Algorithm["SHA1"] = "sha1";
		Algorithm["SHA256"] = "sha256";
		})(Algorithm \|\| (Algorithm = {}));
		// pkg/dist-src/types.js
		var Algorithm = /* @__PURE__ */ ((Algorithm2) => {
		Algorithm2["SHA1"] = "sha1";
		Algorithm2["SHA256"] = "sha256";
		return Algorithm2;
		})(Algorithm \|\| {});

		const getAlgorithm = (signature) => {
		return signature.startsWith("sha256=") ? "sha256" : "sha1";
		// pkg/dist-src/utils.js
		var getAlgorithm = (signature) => {
		return signature.startsWith("sha256=") ? "sha256" : "sha1";
		};

		const enc = new TextEncoder();
		// pkg/dist-src/web.js
		var enc = new TextEncoder();
		function hexToUInt8Array(string) {
		// convert string to pairs of 2 characters
		const pairs = string.match(/[\dA-F]{2}/gi);
		// convert the octets to integers
		const integers = pairs.map(function (s) {
		return parseInt(s, 16);
		});
		return new Uint8Array(integers);
		const pairs = string.match(/[\dA-F]{2}/gi);
		const integers = pairs.map(function(s) {
		return parseInt(s, 16);
		});
		return new Uint8Array(integers);
		}
		function UInt8ArrayToHex(signature) {
		return Array.prototype.map
		.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0"))
		.join("");
		return Array.prototype.map.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")).join("");
		}
		function getHMACHashName(algorithm) {
		return {
		[Algorithm.SHA1]: "SHA-1",
		[Algorithm.SHA256]: "SHA-256",
		}[algorithm];
		return {
		[Algorithm.SHA1]: "SHA-1",
		[Algorithm.SHA256]: "SHA-256"
		}[algorithm];
		}
		async function importKey(secret, algorithm) {
		// ref: https://developer.mozilla.org/en-US/docs/Web/API/HmacImportParams
		return crypto.subtle.importKey("raw", // raw format of the key - should be Uint8Array
		enc.encode(secret), {
		// algorithm details
		name: "HMAC",
		hash: { name: getHMACHashName(algorithm) },
		}, false, // export = false
		["sign", "verify"] // what this key can do
		);
		return crypto.subtle.importKey(
		"raw",
		// raw format of the key - should be Uint8Array
		enc.encode(secret),
		{
		// algorithm details
		name: "HMAC",
		hash: { name: getHMACHashName(algorithm) }
		},
		false,
		// export = false
		["sign", "verify"]
		// what this key can do
		);
		}
		async function sign(options, payload) {
		const { secret, algorithm } = typeof options === "object"
		? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256,
		}
		: { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()");
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`);
		}
		const signature = await crypto.subtle.sign("HMAC", await importKey(secret, algorithm), enc.encode(payload));
		return `${algorithm}=${UInt8ArrayToHex(signature)}`;
		const { secret, algorithm } = typeof options === "object" ? {
		secret: options.secret,
		algorithm: options.algorithm \|\| Algorithm.SHA256
		} : { secret: options, algorithm: Algorithm.SHA256 };
		if (!secret \|\| !payload) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret & payload required for sign()"
		);
		}
		if (!Object.values(Algorithm).includes(algorithm)) {
		throw new TypeError(
		`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`
		);
		}
		const signature = await crypto.subtle.sign(
		"HMAC",
		await importKey(secret, algorithm),
		enc.encode(payload)
		);
		return `${algorithm}=${UInt8ArrayToHex(signature)}`;
		}
		async function verify(secret, eventPayload, signature) {
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required");
		}
		const algorithm = getAlgorithm(signature);
		return await crypto.subtle.verify("HMAC", await importKey(secret, algorithm), hexToUInt8Array(signature.replace(`${algorithm}=`, "")), enc.encode(eventPayload));
		if (!secret \|\| !eventPayload \|\| !signature) {
		throw new TypeError(
		"[@octokit/webhooks-methods] secret, eventPayload & signature required"
		);
		}
		const algorithm = getAlgorithm(signature);
		return await crypto.subtle.verify(
		"HMAC",
		await importKey(secret, algorithm),
		hexToUInt8Array(signature.replace(`${algorithm}=`, "")),
		enc.encode(eventPayload)
		);
		}

		export { sign, verify };
		//# sourceMappingURL=index.js.map
		export {
		sign,
		verify
		};

package.json

		{
		"name": "@octokit/webhooks-methods",
		"publishConfig": {
		"access": "public"
		},
		"version": "3.0.3",
		"description": "Methods to handle GitHub Webhook requests",
		"version": "3.0.2",
		"license": "MIT",
		"files": [
		"dist-*/",
		"bin/"
		],
		"pika": true,
		"sideEffects": false,
		"repository": "github:octokit/webhooks-methods.js",
		"keywords": [
		@@ -18,31 +15,45 @@ "github",
		],
		"repository": "github:octokit/webhooks-methods.js",
		"dependencies": {},
		"peerDependencies": {},
		"author": "Gregor Martynus (https://dev.to/gr2m)",
		"license": "MIT",
		"devDependencies": {
		"@gr2m/pika-plugin-build-web": "^0.6.0-issue-84.2",
		"@octokit/tsconfig": "^1.0.2",
		"@pika/pack": "^0.5.0",
		"@pika/plugin-build-node": "^0.9.2",
		"@pika/plugin-ts-standard-pkg": "^0.9.2",
		"@types/jest": "^29.0.0",
		"@types/node": "^18.0.0",
		"esbuild": "^0.17.19",
		"glob": "^10.2.6",
		"jest": "^29.0.0",
		"prettier": "2.8.2",
		"puppeteer": "^19.0.0",
		"semantic-release": "^20.0.0",
		"prettier": "2.8.8",
		"puppeteer": "^20.0.0",
		"semantic-release": "^21.0.0",
		"semantic-release-plugin-update-version-in-files": "^1.1.0",
		"ts-jest": "^29.0.0",
		"typescript": "^4.2.4"
		"typescript": "^5.0.0"
		},
		"jest": {
		"preset": "ts-jest",
		"coverageThreshold": {
		"global": {
		"statements": 100,
		"branches": 100,
		"functions": 100,
		"lines": 100
		}
		},
		"testPathIgnorePatterns": [
		"<rootDir>/node_modules/",
		"<rootDir>/test/deno/"
		]
		},
		"engines": {
		"node": ">= 14"
		},
		"publishConfig": {
		"access": "public"
		},
		"source": "dist-src/index.js",
		"files": [
		"dist-/*"
		],
		"main": "dist-node/index.js",
		"browser": "dist-web/index.js",
		"types": "dist-types/index.d.ts",
		"main": "dist-node/index.js",
		"module": "dist-web/index.js"
		"module": "dist-src/index.js",
		"sideEffects": false
		}

README.md

		@@ -17,2 +17,3 @@ # webhooks-methods.js
		- [`verify()`](#verify)
		- [`verifyWithFallback()`](#verifyWithFallback)
		- [Contributing](#contributing)
		@@ -44,2 +45,3 @@ - [License](#license)
		verify,
		verifyWithFallback,
		} from "https://cdn.skypack.dev/@octokit/webhooks-methods";
		@@ -59,3 +61,7 @@ </script>
		```js
		const { sign, verify } = require("@octokit/webhooks-methods");
		const {
		sign,
		verify,
		verifyWithFallback,
		} = require("@octokit/webhooks-methods");
		```
		@@ -76,2 +82,5 @@
		// resolves with true or false

		await verifyWithFallback("mysecret", eventPayloadString, "sha256=486d27...", ["oldsecret", ...]);
		// resolves with true or false
		```
		@@ -191,2 +200,74 @@

		### `verifyWithFallback()`

		```js
		await verifyWithFallback(
		secret,
		eventPayloadString,
		signature,
		additionalSecrets
		);
		```

		<table width="100%">
		<tr>
		<td>
		<code>
		secret
		</code>
		<em>(String)</em>
		</td>
		<td>
		<strong>Required.</strong>
		Secret as configured in GitHub Settings.
		</td>
		</tr>
		<tr>
		<td>
		<code>
		eventPayloadString
		</code>
		<em>
		(String)
		</em>
		</td>
		<td>
		<strong>Required.</strong>
		Webhook request payload as received from GitHub.<br>
		<br>
		If you have only access to an already parsed object, stringify it with <code>JSON.stringify(payload)</code>
		</td>
		</tr>
		<tr>
		<td>
		<code>
		signature
		</code>
		<em>
		(String)
		</em>
		</td>
		<td>
		<strong>Required.</strong>
		Signature string as calculated by <code><a href="../sign">sign()</a></code>.
		</td>
		</tr>
		<tr>
		<td>
		<code>
		additionalSecrets
		</code>
		<em>
		(Array of String)
		</em>
		</td>
		<td>
		If given, each additional secret will be tried in turn.
		</td>
		</tr>
		</table>

		This is a thin wrapper around [`verify()`](#verify) that is intended to ease callers' support for key rotation.
		Resolves with `true` or `false`. Throws error if a required argument is missing.

		## Contributing
		@@ -193,0 +274,0 @@

dist-node/index.js.map

Sorry, the diff of this file is not supported yet

dist-web/index.js.map

Sorry, the diff of this file is not supported yet

@octokit/webhooks-methods - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics