🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

jose

Package Overview
Dependencies
Maintainers
1
Versions
226
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jose - npm Package Compare versions

Comparing version

3.1.0
to
3.1.1

dist/browser/runtime/global.js

7

CHANGELOG.md

@@ -5,2 +5,9 @@ # Changelog

## [3.1.1](https://github.com/panva/jose/compare/v3.1.0...v3.1.1) (2020-11-24)
### Bug Fixes
* global detection in a browser worker runtime ([56ff8fa](https://github.com/panva/jose/commit/56ff8fa65aa045411c6c6a67d80b67c1099576a0))
## [3.1.0](https://github.com/panva/jose/compare/v3.0.2...v3.1.0) (2020-11-22)

@@ -7,0 +14,0 @@

5

dist/browser/runtime/base64url.js
import { encoder, decoder } from '../lib/buffer_utils.js';
import globalThis from './global.js';
export const encode = (input) => {

@@ -7,3 +8,3 @@ let unencoded = input;

}
const base64string = window.btoa(String.fromCharCode.apply(0, [...unencoded]));
const base64string = globalThis.btoa(String.fromCharCode.apply(0, [...unencoded]));
return base64string.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');

@@ -17,3 +18,3 @@ };

encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\s/g, '');
return new Uint8Array(window
return new Uint8Array(globalThis
.atob(encoded)

@@ -20,0 +21,0 @@ .split('')

3

dist/browser/runtime/fetch.js
import { JOSEError } from '../util/errors.js';
import globalThis from './global.js';
const fetch = async (url, timeout) => {

@@ -8,3 +9,3 @@ let controller;

}
const response = await window.fetch(url.href, {
const response = await globalThis.fetch(url.href, {
signal: controller ? controller.signal : undefined,

@@ -11,0 +12,0 @@ redirect: 'manual',

6

dist/browser/runtime/webcrypto.js
import { JOSEError } from '../util/errors.js';
const { crypto } = window;
export default crypto;
import globalThis from './global.js';
export default globalThis.crypto;
export function ensureSecureContext() {
if (!window.isSecureContext && !crypto.subtle) {
if (!globalThis.isSecureContext && !globalThis.crypto.subtle) {
throw new JOSEError('Web Cryptography API is available only in Secure Contexts. See: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts');
}
}

6

dist/node/cjs/runtime/aesgcmkw.js

@@ -10,3 +10,3 @@ "use strict";

const generateIv = iv_js_1.default(random_js_1.default);
const wrap = async (alg, key, cek, iv) => {
exports.wrap = async (alg, key, cek, iv) => {
const jweAlgorithm = alg.substr(0, 7);

@@ -17,7 +17,5 @@ iv || (iv = await generateIv(jweAlgorithm));

};
exports.wrap = wrap;
const unwrap = async (alg, key, encryptedKey, iv, tag) => {
exports.unwrap = async (alg, key, encryptedKey, iv, tag) => {
const jweAlgorithm = alg.substr(0, 7);
return decrypt_js_1.default(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array());
};
exports.unwrap = unwrap;

6

dist/node/cjs/runtime/aeskw.js

@@ -13,3 +13,3 @@ "use strict";

}
const wrap = async (alg, key, cek) => {
exports.wrap = async (alg, key, cek) => {
const size = parseInt(alg.substr(1, 3), 10);

@@ -25,4 +25,3 @@ const algorithm = `aes${size}-wrap`;

};
exports.wrap = wrap;
const unwrap = async (alg, key, encryptedKey) => {
exports.unwrap = async (alg, key, encryptedKey) => {
const size = parseInt(alg.substr(1, 3), 10);

@@ -38,2 +37,1 @@ const algorithm = `aes${size}-wrap`;

};
exports.unwrap = unwrap;

6

dist/node/cjs/runtime/base64url.js

@@ -5,5 +5,4 @@ "use strict";

const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const encode = (input) => Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
exports.encode = encode;
const decode = (input) => {
exports.encode = (input) => Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
exports.decode = (input) => {
let encoded = input;

@@ -15,2 +14,1 @@ if (encoded instanceof Uint8Array) {

};
exports.decode = decode;

3

dist/node/cjs/runtime/check_modulus_length.js

@@ -43,6 +43,5 @@ "use strict";

};
const setModulusLength = (keyObject, modulusLength) => {
exports.setModulusLength = (keyObject, modulusLength) => {
weakMap.set(keyObject, modulusLength);
};
exports.setModulusLength = setModulusLength;
exports.default = (key, alg) => {

@@ -49,0 +48,0 @@ if (getModulusLength(key) < 2048) {

15

dist/node/cjs/runtime/ecdhes.js

@@ -13,3 +13,3 @@ "use strict";

const concatKdf = buffer_utils_js_1.concatKdf.bind(undefined, digest_js_1.default.bind(undefined, 'sha256'));
const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => {
exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => {
const value = buffer_utils_js_1.concat(buffer_utils_js_1.lengthAndInput(buffer_utils_js_1.encoder.encode(algorithm)), buffer_utils_js_1.lengthAndInput(apu), buffer_utils_js_1.lengthAndInput(apv), buffer_utils_js_1.uint32be(keyLength));

@@ -19,4 +19,3 @@ const sharedSecret = crypto_1.diffieHellman({ privateKey, publicKey });

};
exports.deriveKey = deriveKey;
const ephemeralKeyToPublicJWK = function ephemeralKeyToPublicJWK(key) {
exports.ephemeralKeyToPublicJWK = function ephemeralKeyToPublicJWK(key) {
switch (key.asymmetricKeyType) {

@@ -44,4 +43,3 @@ case 'x25519':

};
exports.ephemeralKeyToPublicJWK = ephemeralKeyToPublicJWK;
const generateEpk = async (key) => {
exports.generateEpk = async (key) => {
switch (key.asymmetricKeyType) {

@@ -61,4 +59,3 @@ case 'x25519':

};
exports.generateEpk = generateEpk;
const publicJwkToEphemeralKey = async (jwk) => {
exports.publicJwkToEphemeralKey = async (jwk) => {
let pem;

@@ -104,5 +101,3 @@ switch (jwk.crv) {

};
exports.publicJwkToEphemeralKey = publicJwkToEphemeralKey;
const curves = ['P-256', 'P-384', 'P-521', 'X25519', 'X448'];
const ecdhAllowed = (key) => curves.includes(get_named_curve_js_1.default(key));
exports.ecdhAllowed = ecdhAllowed;
exports.ecdhAllowed = (key) => curves.includes(get_named_curve_js_1.default(key));

6

dist/node/cjs/runtime/pbes2kw.js

@@ -12,3 +12,3 @@ "use strict";

const pbkdf2 = util_1.promisify(crypto_1.pbkdf2);
const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => {
exports.encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => {
check_p2s_js_1.default(p2s);

@@ -22,4 +22,3 @@ const salt = buffer_utils_js_1.p2s(alg, p2s);

};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
exports.decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
check_p2s_js_1.default(p2s);

@@ -32,2 +31,1 @@ const salt = buffer_utils_js_1.p2s(alg, p2s);

};
exports.decrypt = decrypt;

6

dist/node/cjs/runtime/rsaes.js

@@ -39,3 +39,3 @@ "use strict";

};
const encrypt = async (alg, key, cek) => {
exports.encrypt = async (alg, key, cek) => {
const padding = resolvePadding(alg);

@@ -46,4 +46,3 @@ const oaepHash = resolveOaepHash(alg);

};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey) => {
exports.decrypt = async (alg, key, encryptedKey) => {
const padding = resolvePadding(alg);

@@ -54,2 +53,1 @@ const oaepHash = resolveOaepHash(alg);

};
exports.decrypt = decrypt;

6

dist/node/cjs/runtime/zlib.js

@@ -8,9 +8,7 @@ "use strict";

const deflateRaw = util_1.promisify(zlib_1.deflateRaw);
const inflate = async (input) => {
exports.inflate = async (input) => {
return inflateRaw(input);
};
exports.inflate = inflate;
const deflate = async (input) => {
exports.deflate = async (input) => {
return deflateRaw(input);
};
exports.deflate = deflate;

6

dist/node/webcrypto/cjs/runtime/aesgcmkw.js

@@ -10,3 +10,3 @@ "use strict";

const generateIv = iv_js_1.default(random_js_1.default);
const wrap = async (alg, key, cek, iv) => {
exports.wrap = async (alg, key, cek, iv) => {
const jweAlgorithm = alg.substr(0, 7);

@@ -17,7 +17,5 @@ iv ||= await generateIv(jweAlgorithm);

};
exports.wrap = wrap;
const unwrap = async (alg, key, encryptedKey, iv, tag) => {
exports.unwrap = async (alg, key, encryptedKey, iv, tag) => {
const jweAlgorithm = alg.substr(0, 7);
return decrypt_js_1.default(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array());
};
exports.unwrap = unwrap;

6

dist/node/webcrypto/cjs/runtime/aeskw.js

@@ -11,3 +11,3 @@ "use strict";

}
const wrap = async (alg, key, cek) => {
exports.wrap = async (alg, key, cek) => {
webcrypto_js_1.ensureSecureContext();

@@ -25,4 +25,3 @@ let cryptoKey;

};
exports.wrap = wrap;
const unwrap = async (alg, key, encryptedKey) => {
exports.unwrap = async (alg, key, encryptedKey) => {
webcrypto_js_1.ensureSecureContext();

@@ -40,2 +39,1 @@ let cryptoKey;

};
exports.unwrap = unwrap;

6

dist/node/webcrypto/cjs/runtime/base64url.js

@@ -5,5 +5,4 @@ "use strict";

const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const encode = (input) => Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
exports.encode = encode;
const decode = (input) => {
exports.encode = (input) => Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
exports.decode = (input) => {
let encoded = input;

@@ -15,2 +14,1 @@ if (encoded instanceof Uint8Array) {

};
exports.decode = decode;

15

dist/node/webcrypto/cjs/runtime/ecdhes.js

@@ -8,3 +8,3 @@ "use strict";

const concatKdf = buffer_utils_js_1.concatKdf.bind(undefined, digest_js_1.default.bind(undefined, 'sha256'));
const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => {
exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => {
webcrypto_js_1.ensureSecureContext();

@@ -22,4 +22,3 @@ const value = buffer_utils_js_1.concat(buffer_utils_js_1.lengthAndInput(buffer_utils_js_1.encoder.encode(algorithm)), buffer_utils_js_1.lengthAndInput(apu), buffer_utils_js_1.lengthAndInput(apv), buffer_utils_js_1.uint32be(keyLength));

};
exports.deriveKey = deriveKey;
const ephemeralKeyToPublicJWK = async function ephemeralKeyToPublicJWK(key) {
exports.ephemeralKeyToPublicJWK = async function ephemeralKeyToPublicJWK(key) {
webcrypto_js_1.ensureSecureContext();

@@ -29,15 +28,11 @@ const { crv, kty, x, y } = (await webcrypto_js_1.default.subtle.exportKey('jwk', key));

};
exports.ephemeralKeyToPublicJWK = ephemeralKeyToPublicJWK;
const generateEpk = async (key) => {
exports.generateEpk = async (key) => {
webcrypto_js_1.ensureSecureContext();
return (await webcrypto_js_1.default.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey;
};
exports.generateEpk = generateEpk;
const publicJwkToEphemeralKey = async (jwk) => {
exports.publicJwkToEphemeralKey = async (jwk) => {
webcrypto_js_1.ensureSecureContext();
return webcrypto_js_1.default.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []);
};
exports.publicJwkToEphemeralKey = publicJwkToEphemeralKey;
const curves = ['P-256', 'P-384', 'P-521'];
const ecdhAllowed = (key) => curves.includes(key.algorithm.namedCurve);
exports.ecdhAllowed = ecdhAllowed;
exports.ecdhAllowed = (key) => curves.includes(key.algorithm.namedCurve);

6

dist/node/webcrypto/cjs/runtime/pbes2kw.js

@@ -10,3 +10,3 @@ "use strict";

const webcrypto_js_1 = require("./webcrypto.js");
const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => {
exports.encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => {
webcrypto_js_1.ensureSecureContext();

@@ -46,4 +46,3 @@ check_p2s_js_1.default(p2s);

};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
exports.decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
webcrypto_js_1.ensureSecureContext();

@@ -82,2 +81,1 @@ check_p2s_js_1.default(p2s);

};
exports.decrypt = decrypt;

6

dist/node/webcrypto/cjs/runtime/rsaes.js

@@ -8,3 +8,3 @@ "use strict";

const check_key_length_js_1 = require("./check_key_length.js");
const encrypt = async (alg, key, cek) => {
exports.encrypt = async (alg, key, cek) => {
webcrypto_js_1.ensureSecureContext();

@@ -21,4 +21,3 @@ check_key_length_js_1.default(alg, key);

};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey) => {
exports.decrypt = async (alg, key, encryptedKey) => {
webcrypto_js_1.ensureSecureContext();

@@ -35,2 +34,1 @@ check_key_length_js_1.default(alg, key);

};
exports.decrypt = decrypt;

6

dist/node/webcrypto/cjs/runtime/zlib.js

@@ -8,9 +8,7 @@ "use strict";

const deflateRaw = util_1.promisify(zlib_1.deflateRaw);
const inflate = async (input) => {
exports.inflate = async (input) => {
return inflateRaw(input);
};
exports.inflate = inflate;
const deflate = async (input) => {
exports.deflate = async (input) => {
return deflateRaw(input);
};
exports.deflate = deflate;

2

package.json
{
"name": "jose",
"version": "3.1.0",
"version": "3.1.1",
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS with no dependencies",

@@ -5,0 +5,0 @@ "keywords": [

6

src/jwks/remote.ts
import type { KeyObject } from 'crypto'
import type { Agent as HttpAgent } from 'http'
import type { Agent as HttpsAgent } from 'https'
import type * as http from 'http'
import type * as https from 'https'

@@ -55,3 +55,3 @@ import type { JWSHeaderParameters, JWK, FlattenedJWSInput, GetKeyFunction } from '../types.d'

*/
agent?: HttpAgent | HttpsAgent
agent?: https.Agent | http.Agent
}

@@ -58,0 +58,0 @@