@sigstore/bundle - npm Package Compare versions

Comparing version 2.1.1 to 2.2.0

dist/bundle.d.ts

		@@ -5,2 +5,3 @@ import type { Bundle as ProtoBundle, InclusionProof as ProtoInclusionProof, MessageSignature as ProtoMessageSignature, TransparencyLogEntry as ProtoTransparencyLogEntry, VerificationMaterial as ProtoVerificationMaterial } from '@sigstore/protobuf-specs';
		export declare const BUNDLE_V02_MEDIA_TYPE = "application/vnd.dev.sigstore.bundle+json;version=0.2";
		export declare const BUNDLE_V03_MEDIA_TYPE = "application/vnd.dev.sigstore.bundle+json;version=0.3";
		type DsseEnvelopeContent = Extract<ProtoBundle['content'], {
		@@ -7,0 +8,0 @@ $case: 'dsseEnvelope';

dist/bundle.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
		exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
		exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
		exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
		exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
		// Type guards for bundle variants.
		@@ -7,0 +8,0 @@ function isBundleWithCertificateChain(b) {

dist/index.d.ts

		export { toDSSEBundle, toMessageSignatureBundle } from './build';
		export { BUNDLE_V01_MEDIA_TYPE, BUNDLE_V02_MEDIA_TYPE, isBundleWithCertificateChain, isBundleWithDsseEnvelope, isBundleWithMessageSignature, isBundleWithPublicKey, } from './bundle';
		export { BUNDLE_V01_MEDIA_TYPE, BUNDLE_V02_MEDIA_TYPE, BUNDLE_V03_MEDIA_TYPE, isBundleWithCertificateChain, isBundleWithDsseEnvelope, isBundleWithMessageSignature, isBundleWithPublicKey, } from './bundle';
		export { ValidationError } from './error';
		export { bundleFromJSON, bundleToJSON, envelopeFromJSON, envelopeToJSON, } from './serialized';
		export { assertBundle, assertBundleLatest, assertBundleV01, isBundleV01, } from './validate';
		export { assertBundle, assertBundleLatest, assertBundleV01, assertBundleV02, isBundleV01, } from './validate';
		export type { Envelope, PublicKeyIdentifier, RFC3161SignedTimestamp, Signature, TimestampVerificationData, X509Certificate, X509CertificateChain, } from '@sigstore/protobuf-specs';
		export type { Bundle, BundleLatest, BundleV01, BundleWithCertificateChain, BundleWithDsseEnvelope, BundleWithMessageSignature, BundleWithPublicKey, InclusionProof, MessageSignature, TLogEntryWithInclusionPromise, TLogEntryWithInclusionProof, TransparencyLogEntry, VerificationMaterial, } from './bundle';
		export type { SerializedBundle, SerializedEnvelope } from './serialized';

dist/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
		exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
		/*
		@@ -25,2 +25,3 @@ Copyright 2023 The Sigstore Authors.
		Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
		Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
		Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
		@@ -41,2 +42,3 @@ Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
		Object.defineProperty(exports, "assertBundleV01", { enumerable: true, get: function () { return validate_1.assertBundleV01; } });
		Object.defineProperty(exports, "assertBundleV02", { enumerable: true, get: function () { return validate_1.assertBundleV02; } });
		Object.defineProperty(exports, "isBundleV01", { enumerable: true, get: function () { return validate_1.isBundleV01; } });

dist/serialized.d.ts

		@@ -63,2 +63,5 @@ import { Envelope } from '@sigstore/protobuf-specs';
		};
		certificate: {
		rawBytes: string;
		};
		}> \| undefined) & {
		@@ -65,0 +68,0 @@ tlogEntries: SerializedTLogEntry[];

dist/serialized.js

		@@ -24,9 +24,13 @@ "use strict";
		const bundle = protobuf_specs_1.Bundle.fromJSON(obj);
		(0, validate_1.assertBundle)(bundle);
		if (bundle.mediaType === bundle_1.BUNDLE_V01_MEDIA_TYPE) {
		(0, validate_1.assertBundleV01)(bundle);
		switch (bundle.mediaType) {
		case bundle_1.BUNDLE_V01_MEDIA_TYPE:
		(0, validate_1.assertBundleV01)(bundle);
		break;
		case bundle_1.BUNDLE_V02_MEDIA_TYPE:
		(0, validate_1.assertBundleV02)(bundle);
		break;
		default:
		(0, validate_1.assertBundleLatest)(bundle);
		break;
		}
		else {
		(0, validate_1.assertBundleLatest)(bundle);
		}
		return bundle;
		@@ -33,0 +37,0 @@ };

dist/validate.d.ts

		import type { Bundle as ProtoBundle } from '@sigstore/protobuf-specs';
		import type { Bundle, BundleLatest, BundleV01 } from './bundle';
		export declare function assertBundle(b: ProtoBundle): asserts b is Bundle;
		export declare function assertBundleV01(b: Bundle): asserts b is BundleV01;
		export declare function assertBundleV01(b: ProtoBundle): asserts b is BundleV01;
		export declare function isBundleV01(b: Bundle): b is BundleV01;
		export declare function assertBundleV02(b: ProtoBundle): asserts b is BundleLatest;
		export declare function assertBundleLatest(b: ProtoBundle): asserts b is BundleLatest;

100

dist/validate.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.assertBundleLatest = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
		exports.assertBundleLatest = exports.assertBundleV02 = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
		/*
		@@ -19,3 +19,2 @@ Copyright 2023 The Sigstore Authors.
		*/
		const bundle_1 = require("./bundle");
		const error_1 = require("./error");
		@@ -27,3 +26,52 @@ // Performs basic validation of a Sigstore bundle to ensure that all required
		function assertBundle(b) {
		const invalidValues = validateBundleBase(b);
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid bundle', invalidValues);
		}
		}
		exports.assertBundle = assertBundle;
		// Asserts that the given bundle conforms to the v0.1 bundle format.
		function assertBundleV01(b) {
		const invalidValues = [];
		invalidValues.push(...validateBundleBase(b));
		invalidValues.push(...validateInclusionPromise(b));
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
		}
		}
		exports.assertBundleV01 = assertBundleV01;
		// Type guard to determine if Bundle is a v0.1 bundle.
		function isBundleV01(b) {
		try {
		assertBundleV01(b);
		return true;
		}
		catch (e) {
		return false;
		}
		}
		exports.isBundleV01 = isBundleV01;
		// Asserts that the given bundle conforms to the v0.2 bundle format.
		function assertBundleV02(b) {
		const invalidValues = [];
		invalidValues.push(...validateBundleBase(b));
		invalidValues.push(...validateInclusionProof(b));
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
		}
		}
		exports.assertBundleV02 = assertBundleV02;
		// Asserts that the given bundle conforms to the newest (0.3) bundle format.
		function assertBundleLatest(b) {
		const invalidValues = [];
		invalidValues.push(...validateBundleBase(b));
		invalidValues.push(...validateInclusionProof(b));
		invalidValues.push(...validateNoCertificateChain(b));
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid bundle', invalidValues);
		}
		}
		exports.assertBundleLatest = assertBundleLatest;
		function validateBundleBase(b) {
		const invalidValues = [];
		// Media type validation
		@@ -89,2 +137,7 @@ if (b.mediaType === undefined \|\|
		break;
		case 'certificate':
		if (b.verificationMaterial.content.certificate.rawBytes.length === 0) {
		invalidValues.push('verificationMaterial.content.certificate.rawBytes');
		}
		break;
		}
		@@ -108,13 +161,7 @@ }
		}
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid bundle', invalidValues);
		}
		return invalidValues;
		}
		exports.assertBundle = assertBundle;
		// Asserts that the given bundle conforms to the v0.1 bundle format.
		function assertBundleV01(b) {
		// Necessary for V01 bundles
		function validateInclusionPromise(b) {
		const invalidValues = [];
		if (b.mediaType && b.mediaType !== bundle_1.BUNDLE_V01_MEDIA_TYPE) {
		invalidValues.push('mediaType');
		}
		if (b.verificationMaterial &&
		@@ -128,20 +175,6 @@ b.verificationMaterial.tlogEntries?.length > 0) {
		}
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
		}
		return invalidValues;
		}
		exports.assertBundleV01 = assertBundleV01;
		// Type guard to determine if Bundle is a v0.1 bundle.
		function isBundleV01(b) {
		try {
		assertBundleV01(b);
		return true;
		}
		catch (e) {
		return false;
		}
		}
		exports.isBundleV01 = isBundleV01;
		// Asserts that the given bundle conforms to the newest (0.2) bundle format.
		function assertBundleLatest(b) {
		// Necessary for V02 and later bundles
		function validateInclusionProof(b) {
		const invalidValues = [];
		@@ -161,6 +194,11 @@ if (b.verificationMaterial &&
		}
		if (invalidValues.length > 0) {
		throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
		return invalidValues;
		}
		// Necessary for V03 and later bundles
		function validateNoCertificateChain(b) {
		const invalidValues = [];
		if (b.verificationMaterial?.content?.$case === 'x509CertificateChain') {
		invalidValues.push('verificationMaterial.content.$case');
		}
		return invalidValues;
		}
		exports.assertBundleLatest = assertBundleLatest;

package.json

		{
		"name": "@sigstore/bundle",
		"version": "2.1.1",
		"version": "2.2.0",
		"description": "Sigstore bundle type",
		@@ -30,3 +30,3 @@ "main": "dist/index.js",
		"dependencies": {
		"@sigstore/protobuf-specs": "^0.2.1"
		"@sigstore/protobuf-specs": "^0.3.0"
		},
		@@ -33,0 +33,0 @@ "engines": {

@sigstore/bundle - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes