Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
The module you need to solve node's SSL woes when your system's root CAs are not up to date
This module is a derivative of ssl-root-cas by AJ ONeal and Forrest Norvell.
It can be used as a global utility for managing certificate files or locally to retrieve a list of root-cas for use in other scripts. Unlike ssl-root-cas, it does not do any trust management for node processes, thus if you are looking to solve these types of problems, you should still refer to ssl-root-cas.
All ca-store methods return bluebird promises, with the exception of the load()
method.
ca-store can be used to download the latest mozilla root ca chain:
var caStore = require('ca-store');
caStore.download().then(rootCas => {
/*
* rootCas is an array of PEM-style certs:
* -----BEGIN CERTIFICATE-----
* ...
* -----END CERTIFICATE-----
*/
})
It can also be used to load a local chain:
// sync
var rootCas = caStore.load('/etc/ssl/certs/ca-bundle.crt');
// async
caStore.loadAsync('/etc/ssl/certs/ca-bundle.crt').then(rootCas => {
/* ... */
})
ca-store also provides some methods for saving output from the cert download. These are described below.
Downloads and returns the latest certificates from mozilla. Basic usage shown above. If options.raw is truthy, returned array will contain objects that include the cert name, trust, and raw cert string in octal. The PEM format can be extracted by using cert.PEM(), which will return the string representation.
Downloads the latest certificates from mozilla, saving the output to a .js script. The location is interpreted relative
to the cwd of the node process. Full paths can be provided and any missing intermediate directories will be automatically
created. If the script does not end with .js, it will be added to the provided filepath.
If scriptName is explicitly set to false, output will be sent to process.stdout
.
caStore.generate('path/to/rootCas.js')
The file structure relative to the cwd after exports
completes will be as follows:
cwd/
path/
to/
rootCas.js
pems/
some-cert.pem
...
...
and rootCas.js will be a simple node script that exports an array of all saved PEMs:
module.exports = [
// some-cert
"-----BEGIN CERTIFICATE-----\n" +
"...\n" +
"-----END CERTIFICATE-----\n",
// more-certs
...
];
Downloads the latest certificates from mozilla, saving the output to individual files for each cert to the provided
destination directory. As with exports, paths will be relative to cwd, and all intermediate directories (including the
actual output directory) will be created if they did not previously exist. This operation will overwrite existing files
in those locations if their names conflict.
If scriptName is explicitly set to false, output will be sent to process.stdout
.
Does both caStore.exports
and caStore.pems
, writing the script as specified above, and .pems to a pems/ directory that
will be located in the same directory as the saved script.
Operates similarly to caStore.pems
, but outputs a single bundle file instead of a directory of individual .pem files.
If the provided destination file does not end with .crt, .cert, or .pem, the ".crt" extension will be added.
Loads certs from the filesystem located at or below the provided path, which is once again relative to the cwd. By default
this process will recurse through directories until all matching files have been read. Matching files will be whitelisted
based on extension, which can be customized using options. If a specific filename is provided without an extension, and the
directory in question has multiple files by that name with different extensions, then ordering for extensions also represents
a preference for which of these files to load, where lower-indexed extensions will take precedent over higher-indexed extensions
in the options.extensions
field.
Same as caStore.load
but returns a bluebird-style promise that resolves to an array of the loaded certs and uses non-blocking
file operations instead of their sync counterparts.
ca-store exposes a CLI that can be used directly if installing globally, or within npm scripts locally. For convenience, the usage message from the CLI is included below. The functionality is the same as the API, but with the intent that output can be piped to other processes if output locations are omitted.
> ca-store help
usage: ca-store [command] [output]
commands:
help print this usage info
pems <dir> saves latest root certs to individual PEM files in <dir>
exports <file> writes latest root certs to <file> as a node.js script
that exports them as an array
generate <file> does both exports and pems commands, pems are saved to
pems/ directory at the same path where <file> is located
bundle <file> saves latest root certs to a single .crt bundle file
output (relative to current working directory):
<file> the path of the file to write to
<dir> the path of the directory to write to
<stdout> omitting [file] or [dir] will cause all output to be written to
stdout, which can then be piped to other programs.
Copyright 2016 Paul Spicer.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
The module you need to solve node's SSL woes when your system's root CAs are not up to date
The npm package ca-store receives a total of 2 weekly downloads. As such, ca-store popularity was classified as not popular.
We found that ca-store demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.