Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
civic-sip-api
Advanced tools
Node.js wrapper for the Civic hosted SIP API. For best results, be sure that you're using the latest version.
Please see docs.civic.com for a more details.
Installation
civic-sip-api can be installed from npm:
npm install civic-sip-api --save
Basic Usage
const civicSip = require('civic-sip-api');
const civicClient = civicSip.newClient({
appId: 'ABC123',
appSecret: APP_SECRET,
prvKey: PRV_KEY,
});
civicClient.exchangeCode(jwtToken)
.then((userData) => {
// store user data and userId as appropriate
console.log('userData = ', JSON.stringify(userData, null, 4));
}).catch((error) => {
console.log(error);
});
Example of data returned for a ScopeRequest of BASIC_SIGNUP
userData = {
"data": [
{
"label": "contact.personal.email",
"value": "user.test@gmail.com",
"isValid": true,
"isOwner": true
},
{
"label": "contact.personal.phoneNumber",
"value": "+1 5556187380",
"isValid": true,
"isOwner": true
}
],
"userId": "c6d5795f8a059ez5ad29a33a60f8b402a172c3e0bbe50fd230ae8e0303609b42"
}
Proxy Usage
There is basic proxy support. The server address and port is set as a url.
rejectUnauthorized Setting this to false is optional and can be used when testing in development and needing to use a self signed cerificate. We do not recommend setting this to false in a production environment as it will compromise security.
const civicSip = require('civic-sip-api');
const civicClient = civicSip.newClient({
appId: 'ABC123',
appSecret: APP_SECRET,
prvKey: PRV_KEY,
proxy: {
url: 'http://10.0.0.6:8080',
rejectUnauthorized: false, // Do not make false in production
},
});
civicClient.exchangeCode(jwtToken)
.then((userData) => {
// store user data and userId as appropriate
console.log('userData = ', JSON.stringify(userData, null, 4));
}).catch((error) => {
console.log(error);
});
Copyright © 2018 Civic.com
Released under the MIT License, which can be found in the repository in LICENSE.txt.
FAQs
Server-side library for the Civic Secure Identity platform.
The npm package civic-sip-api receives a total of 91 weekly downloads. As such, civic-sip-api popularity was classified as not popular.
We found that civic-sip-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 12 Feb 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025