connect-pgp
Advanced tools
connect-pgp - npm Package Compare versions
Comparing version 0.1.15 to 0.2.0
21
index.js
@@ -5,6 +5,21 @@ var SigningStream = require('./signingstream').SigningStream; | ||
| module.exports = function sign(pgpArmoredPrivateKey, password, gpgKeyRingName) { | ||
| /** | ||
| signFuction should be the following: | ||
| function (cleartext, callback); | ||
| var jspgp = require('./jspgp')(pgpArmoredPrivateKey, password, gpgKeyRingName); | ||
| - `cleartext`: a `String` var to be signed | ||
| - `callback`: a function(err, ciphertext) width: | ||
| * `err`: a string containing error if one occured | ||
| * `signature`: a string containing ASCII armored signature | ||
| Note: a valid PGP signatures matches this format: | ||
| > -----BEGIN PGP SIGNATURE----- | ||
| > ... | ||
| > -----END PGP SIGNATURE----- | ||
| **/ | ||
| module.exports = function sign(signFunction) { | ||
| return function sign(req, res, next){ | ||
@@ -57,3 +72,3 @@ var write = res.write | ||
| // signature stream | ||
| stream = new SigningStream(jspgp, boundary); | ||
| stream = new SigningStream(signFunction, boundary); | ||
@@ -60,0 +75,0 @@ // header fields |
| { | ||
| "name": "connect-pgp", | ||
| "version": "0.1.15", | ||
| "version": "0.2.0", | ||
| "description": "Connect middleware to cryptographically sign HTTP responses.", | ||
@@ -5,0 +5,0 @@ "directories": { |
@@ -11,9 +11,13 @@ # Connect-pgp | ||
| var armoredPrivateKey = fs.readFileSync('somePGPKey.private', 'utf8'); | ||
| // This is your super signing own function! | ||
| function doSign(msg, callback) { | ||
| // Do signing stuff... | ||
| callback(err, pgpSignedMessage); | ||
| } | ||
| // New connect app | ||
| var app = connect(); | ||
| app.use(pgpsign(armoredPrivateKey, 'password for unlocking')); | ||
| // Or, to use gpg system command as underlying PGP signature layer | ||
| app.use(pgpsign(armoredPrivateKey, 'password for unlocking', 'keyringName')); | ||
| // Now signing HTTP requests! | ||
| app.use(pgpsign(doSign)); | ||
| ``` | ||
@@ -20,0 +24,0 @@ |
| var stream = require('stream'); | ||
| var util = require('util'); | ||
| function SigningStream(jspgp, boundary) { | ||
| function SigningStream(sign, boundary) { | ||
| stream.Stream.call(this); | ||
| this.writable = true; | ||
| this.buffer = ""; | ||
| this.jspgp = jspgp; | ||
| this.sign = sign; | ||
| this.boundary = boundary; | ||
@@ -27,4 +27,5 @@ }; | ||
| var body = that.buffer.replace(/\r\n/g, '\n').replace(/\n/g, '\r\n'); | ||
| var text = body; | ||
| // var start = Date.now(); | ||
| that.jspgp.sign(body, function (err, text, ciphertext) { | ||
| that.sign(body, function (err, ciphertext) { | ||
| // var end = Date.now(); | ||
@@ -48,3 +49,2 @@ // console.log("Duration: %sms", (end-start)); | ||
| module.exports.SigningStream = SigningStream; | ||
| module.exports.SigningStream = SigningStream; |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Copyleft License
License(Experimental) Copyleft license information was found.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Non-permissive License
License(Experimental) A license not known to be considered permissive was found.
Found 1 instance in 1 package
Improved metrics
- Number of low license alerts
- decreased by-100%
0
- License quality
- increased by42.86%
100
- Number of lines in readme file
- increased by6.56%
65
- Number of low supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Total package byte prevSize
- decreased by-98.51%
7458
- Number of package files
- decreased by-38.46%
8
- Lines of code
- decreased by-98.98%
128