Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github-webhook-handler

Package Overview
Dependencies
Maintainers
3
Versions
16
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github-webhook-handler

Web handler / middleware for processing GitHub Webhooks

  • 1.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
3
Created
Source

github-webhook-handler

Build Status

NPM

GitHub allows you to register Webhooks for your repositories. Each time an event occurs on your repository, whether it be pushing code, filling issues or creating pull requests, the webhook address you register can be configured to be pinged with details.

This library is a small handler (or "middleware" if you must) for Node.js web servers that handles all the logic of receiving and verifying webhook requests from GitHub.

Tips

In Github Webhooks settings, Content type must be application/json.

application/x-www-form-urlencoded won't work at present.

Example

var http = require('http')
var createHandler = require('github-webhook-handler')
var handler = createHandler({ path: '/webhook', secret: 'myhashsecret' })

http.createServer(function (req, res) {
  handler(req, res, function (err) {
    res.statusCode = 404
    res.end('no such location')
  })
}).listen(7777)

handler.on('error', function (err) {
  console.error('Error:', err.message)
})

handler.on('push', function (event) {
  console.log('Received a push event for %s to %s',
    event.payload.repository.name,
    event.payload.ref)
})

handler.on('issues', function (event) {
  console.log('Received an issue event for %s action=%s: #%d %s',
    event.payload.repository.name,
    event.payload.action,
    event.payload.issue.number,
    event.payload.issue.title)
})

for multiple handlers, please see multiple-handlers-issue.

API

github-webhook-handler exports a single function, use this function to create a webhook handler by passing in an options object. Your options object should contain:

  • "path": the complete case sensitive path/route to match when looking at req.url for incoming requests. Any request not matching this path will cause the callback function to the handler to be called (sometimes called the next handler).
  • "secret": this is a hash key used for creating the SHA-1 HMAC signature of the JSON blob sent by GitHub. You should register the same secret key with GitHub. Any request not delivering a X-Hub-Signature that matches the signature generated using this key against the blob will be rejected and cause an 'error' event (also the callback will be called with an Error object).
  • "events": an optional array of whitelisted event types (see: events.json). If defined, any incoming request whose X-Github-Event can't be found in the whitelist will be rejected. If only a single event type is acceptable, this option can also be a string.

The resulting handler function acts like a common "middleware" handler that you can insert into a processing chain. It takes request, response, and callback arguments. The callback is not called if the request is successfully handled, otherwise it is called either with an Error or no arguments.

The handler function is also an EventEmitter that you can register to listen to any of the GitHub event types. Note you can be specific in your GitHub configuration about which events you wish to receive, or you can send them all. Note that the "error" event will be liberally used, even if someone tries the end-point and they can't generate a proper signature, so you should at least register a listener for it or it will throw.

See the GitHub Webhooks documentation for more details on the events you can receive.

Included in the distribution is an events.json file which maps the event names to descriptions taken from the API:

var events = require('github-webhook-handler/events')
Object.keys(events).forEach(function (event) {
  console.log(event, '=', events[event])
})

Additionally, there is a special '*' even you can listen to in order to receive everything.

License

github-webhook-handler is Copyright (c) 2014 Rod Vagg and licensed under the MIT License. All rights not explicitly granted in the MIT License are reserved. See the included LICENSE.md file for more details.

Keywords

FAQs

Package last updated on 19 Sep 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc