envelope-js - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

package.json

 {
   "name": "envelope-js",
   "description": "new private message format for ssb",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "homepage": "https://github.com/ssbc/envelope-js",
@@ -11,5 +11,6 @@ "repository": {
   "scripts": {
-    "generate": "node test/generate/index.js",
-    "test": "npm run test:js && npm run lint",
-    "test:js": "tape 'test/**/*.test.js' | tap-spec",
+    "generate": "rm test/generate/vectors/* && node test/generate/index.js",
+    "test": "npm run test:js",
+    "test:js": "tape test/*.test.js",
+    "test:pretty": "npm run test:js | tap-spec && npm run lint",
     "lint": "eslint ."
@@ -19,5 +20,5 @@ },
     "buffer-xor": "^2.0.2",
-    "envelope-spec": "0.0.1",
-    "futoin-hkdf": "^1.3.0",
-    "sodium-native": "^2.4.6"
+    "envelope-spec": "github:ssbc/envelope-spec",
+    "futoin-hkdf": "^1.3.2",
+    "sodium-native": "^2.4.9"
   },
@@ -28,3 +29,3 @@ "devDependencies": {
     "tap-spec": "^5.0.0",
-    "tape": "^4.13.0"
+    "tape": "^4.13.3"
   },
@@ -31,0 +32,0 @@ "author": "Dominic Tarr @EMovhfIrFk4NihAKnRNhrfRaqIhBv1Wj8pTxJNgvCCY=.ed25519",

test/box.test.js

 const test = require('tape')
 const vectors = [
   require('envelope-spec/vectors/box1.json'),
-  require('envelope-spec/vectors/box2.json'),
-  require('envelope-spec/vectors/box3.json')
+  require('envelope-spec/vectors/box2.json')
 ]
@@ -7,0 +6,0 @@

test/generate/box.js

@@ -63,30 +63,31 @@ const { box } = require('../../')
   /* zerod msg_key */
-  (i) => {
-    const plain_text = Buffer.from('squeamish ossifrage 😨', 'utf8')
-    const feed_id = FeedId()
-    const prev_msg_id = PrevMsgId()
-    const msg_key = Key().fill(0) // <------------ no!
-    const recp_keys = [
-      { key: Key(), key_type: 'envelope-large-symmetric-group' },
-    ]
+  // NOTE - removed because keks didn't think this was important
+  // (i) => {
+  //   const plain_text = Buffer.from('squeamish ossifrage 😨', 'utf8')
+  //   const feed_id = FeedId()
+  //   const prev_msg_id = PrevMsgId()
+  //   const msg_key = Key().fill(0) // <------------ no!
+  //   const recp_keys = [
+  //     { key: Key(), key_type: 'envelope-large-symmetric-group' },
+  //   ]
 
-    const vector = {
-      type: 'box',
-      description: 'box with empty (zero filled) msg_key throws error',
-      input: {
-        plain_text,
-        feed_id,
-        prev_msg_id,
-        msg_key,
-        recp_keys
-      },
-      output: {
-        ciphertext: null
-      },
-      error_code: 'boxZerodMsgKey'
-    }
-    print(`box${i + 1}.json`, vector)
-  }
+  //   const vector = {
+  //     type: 'box',
+  //     description: 'box with empty (zero filled) msg_key throws error',
+  //     input: {
+  //       plain_text,
+  //       feed_id,
+  //       prev_msg_id,
+  //       msg_key,
+  //       recp_keys
+  //     },
+  //     output: {
+  //       ciphertext: null
+  //     },
+  //     error_code: 'boxZerodMsgKey'
+  //   }
+  //   print(`box${i + 1}.json`, vector)
+  // }
 ]
 
 generators.forEach((fn, i) => fn(i))

test/generate/derive-secret.js

@@ -17,3 +17,3 @@ const labels = require('envelope-spec/derive_secret/constants.json')
   type: 'derive_secret',
-  description: 'All keys in the output should be able to be generated from the input by implementing DeriveSecret correctly.  Use labels from envelope-spec/derive_secret/constants.json',
+  description: 'All keys in the output should be able to be generated from the input by implementing DeriveSecret correctly. Note feed_id prev_msg_id are TFK encoded buffers. Use labels from envelope-spec/derive_secret/constants.json',
   input: {
@@ -20,0 +20,0 @@ feed_id,

test/generate/slot.js

@@ -22,3 +22,3 @@ const { FeedId, MsgId, Key, print } = require('../helpers')
       type: 'slot',
-      description: 'derive a key_slot for a specific recipient (note feed_id + prev_msg_id are for the feed this message is part of, not the recipient',
+      description: 'derive a key_slot for a specific recipient (note feed_id + prev_msg_id are for the feed this message is part of, not the recipient. Note feed_id prev_msg_id are TFK encoded buffers. Recipient is a shared key you and some others have access to, you are sending "to" that.',
       input: {
@@ -25,0 +25,0 @@ feed_id,

test/generate/unslot.js

@@ -22,3 +22,3 @@
     const vector = {
-      type: 'unbox',
+      type: 'unslot',
       description: 'from a key_slot, successfully derive the msg_key',
@@ -25,0 +25,0 @@ input: {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

37874

increased by1.32%

Number of package files

35

increased by2.94%

Worsened metrics

Number of high supply chain risk alerts

1

increased byInfinity%

Dependency changes

• - Removedenvelope-spec@0.0.1(transitive)

• Updatedenvelope-spec@github:ssbc/envelope-spec

• Updatedfutoin-hkdf@^1.3.2

• Updatedsodium-native@^2.4.9