New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
jsontokens
Advanced tools
jsontokens - npm Package Compare versions
Comparing version 3.1.1 to 4.0.0
@@ -1,10 +0,1 @@ | ||
| /*! | ||
| * The buffer module from node.js, for the browser. | ||
| * | ||
| * @author Feross Aboukhadijeh <https://feross.org> | ||
| * @license MIT | ||
| */ | ||
| /*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh <https://feross.org/opensource> */ | ||
| /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -11,0 +2,0 @@ |
@@ -1,9 +0,7 @@ | ||
| /// <reference types="node" /> | ||
| /// <reference types="node" /> | ||
| export declare class SECP256K1Client { | ||
| static algorithmName: string; | ||
| static derivePublicKey(privateKey: string, compressed?: boolean): string; | ||
| static signHash(signingInputHash: string | Buffer, privateKey: string, format?: string): string; | ||
| static loadSignature(joseSignature: string | Buffer): Buffer; | ||
| static verifyHash(signingInputHash: Buffer, derSignatureBuffer: string | Buffer, publicKey: string | Buffer): boolean; | ||
| static signHash(signingInputHash: string | Uint8Array, privateKey: string, format?: string): string; | ||
| static loadSignature(joseSignature: string | Uint8Array): Uint8Array; | ||
| static verifyHash(signingInputHash: Uint8Array, derSignatureBytes: string | Uint8Array, publicKey: string | Uint8Array): boolean; | ||
| } |
@@ -7,4 +7,5 @@ "use strict"; | ||
| const secp = require("@noble/secp256k1"); | ||
| const ecdsa_sig_formatter_1 = require("ecdsa-sig-formatter"); | ||
| const ecdsaSigFormatter_1 = require("../ecdsaSigFormatter"); | ||
| const errors_1 = require("../errors"); | ||
| const utils_1 = require("@noble/hashes/utils"); | ||
| // required to use noble secp https://github.com/paulmillr/noble-secp256k1 | ||
@@ -25,3 +26,3 @@ secp.utils.hmacSha256Sync = (key, ...msgs) => { | ||
| } | ||
| return Buffer.from(secp.getPublicKey(privateKey, compressed)).toString('hex'); | ||
| return (0, utils_1.bytesToHex)(secp.getPublicKey(privateKey, compressed)); | ||
| } | ||
@@ -33,19 +34,22 @@ static signHash(signingInputHash, privateKey, format = 'jose') { | ||
| } | ||
| const derSignature = Buffer.from(secp.signSync(signingInputHash, privateKey.slice(0, 64), { der: true, canonical: false })); | ||
| const derSignature = secp.signSync(signingInputHash, privateKey.slice(0, 64), { | ||
| der: true, | ||
| canonical: false, | ||
| }); | ||
| if (format === 'der') | ||
| return derSignature.toString('hex'); | ||
| return (0, utils_1.bytesToHex)(derSignature); | ||
| if (format === 'jose') | ||
| return (0, ecdsa_sig_formatter_1.derToJose)(derSignature, 'ES256'); | ||
| return (0, ecdsaSigFormatter_1.derToJose)(derSignature, 'ES256'); | ||
| throw Error('Invalid signature format'); | ||
| } | ||
| static loadSignature(joseSignature) { | ||
| // create and return the DER-formatted signature buffer | ||
| return (0, ecdsa_sig_formatter_1.joseToDer)(joseSignature, 'ES256'); | ||
| // create and return the DER-formatted signature bytes | ||
| return (0, ecdsaSigFormatter_1.joseToDer)(joseSignature, 'ES256'); | ||
| } | ||
| static verifyHash(signingInputHash, derSignatureBuffer, publicKey) { | ||
| static verifyHash(signingInputHash, derSignatureBytes, publicKey) { | ||
| // make sure the required parameters are provided | ||
| if (!signingInputHash || !derSignatureBuffer || !publicKey) { | ||
| if (!signingInputHash || !derSignatureBytes || !publicKey) { | ||
| throw new errors_1.MissingParametersError('a signing input hash, der signature, and public key are all required'); | ||
| } | ||
| return secp.verify(derSignatureBuffer, signingInputHash, publicKey, { strict: false }); | ||
| return secp.verify(derSignatureBytes, signingInputHash, publicKey, { strict: false }); | ||
| } | ||
@@ -52,0 +56,0 @@ } |
@@ -1,4 +0,2 @@ | ||
| /// <reference types="node" /> | ||
| /// <reference types="node" /> | ||
| export declare function hashSha256(input: Buffer | string): Buffer; | ||
| export declare function hashSha256Async(input: Buffer | string): Promise<Buffer>; | ||
| export declare function hashSha256(input: Uint8Array | string): Uint8Array; | ||
| export declare function hashSha256Async(input: Uint8Array | string): Promise<Uint8Array>; |
@@ -15,3 +15,3 @@ "use strict"; | ||
| function hashSha256(input) { | ||
| return Buffer.from((0, sha256_1.sha256)(input)); | ||
| return (0, sha256_1.sha256)(input); | ||
| } | ||
@@ -25,5 +25,5 @@ exports.hashSha256 = hashSha256; | ||
| // Use the W3C Web Crypto API if available (running in a web browser). | ||
| const buffer = typeof input === 'string' ? Buffer.from(input) : input; | ||
| const hash = yield crypto.subtle.digest('SHA-256', buffer); | ||
| return Buffer.from(hash); | ||
| const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input; | ||
| const hash = yield crypto.subtle.digest('SHA-256', bytes); | ||
| return new Uint8Array(hash); | ||
| } | ||
@@ -30,0 +30,0 @@ else { |
@@ -1,3 +0,1 @@ | ||
| /// <reference types="node" /> | ||
| /// <reference types="node" /> | ||
| import { SECP256K1Client } from './cryptoClients'; | ||
@@ -29,3 +27,3 @@ import { Json } from './decode'; | ||
| alg: string; | ||
| }, signingInput: string, signingInputHash: Buffer): SignedToken | string; | ||
| }, signingInput: string, signingInputHash: Uint8Array): SignedToken | string; | ||
| } |
@@ -53,5 +53,5 @@ "use strict"; | ||
| // extract the signature as a DER array | ||
| const derSignatureBuffer = this.cryptoClient.loadSignature(tokenParts[2]); | ||
| const derSignatureBytes = this.cryptoClient.loadSignature(tokenParts[2]); | ||
| // verify the signed hash | ||
| return this.cryptoClient.verifyHash(signingInputHash, derSignatureBuffer, this.rawPublicKey); | ||
| return this.cryptoClient.verifyHash(signingInputHash, derSignatureBytes, this.rawPublicKey); | ||
| }; | ||
@@ -71,4 +71,4 @@ if (async) { | ||
| token['signature'].map((signature) => { | ||
| const derSignatureBuffer = this.cryptoClient.loadSignature(signature); | ||
| const signatureVerified = this.cryptoClient.verifyHash(signingInputHash, derSignatureBuffer, this.rawPublicKey); | ||
| const derSignatureBytes = this.cryptoClient.loadSignature(signature); | ||
| const signatureVerified = this.cryptoClient.verifyHash(signingInputHash, derSignatureBytes, this.rawPublicKey); | ||
| if (!signatureVerified) { | ||
@@ -75,0 +75,0 @@ verified = false; |
| { | ||
| "name": "jsontokens", | ||
| "version": "3.1.1", | ||
| "version": "4.0.0", | ||
| "description": "node.js library for encoding, decoding, and verifying JSON Web Tokens (JWTs)", | ||
@@ -49,6 +49,6 @@ "main": "lib/index.js", | ||
| "dependencies": { | ||
| "@noble/hashes": "^1.0.0", | ||
| "@noble/secp256k1": "^1.5.5", | ||
| "base64url": "^3.0.1", | ||
| "ecdsa-sig-formatter": "^1.0.11" | ||
| "@noble/hashes": "^1.1.2", | ||
| "@noble/secp256k1": "^1.6.3", | ||
| "base64-js": "^1.5.1", | ||
| "base64url": "^3.0.1" | ||
| }, | ||
@@ -68,3 +68,2 @@ "devDependencies": { | ||
| "babel-loader": "^8.2.5", | ||
| "buffer": "^6.0.3", | ||
| "codecov": "^3.8.3", | ||
@@ -71,0 +70,0 @@ "cross-env": "^6.0.3", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-3.33%
29
- Number of package files
- increased by10.34%
32
- Lines of code
- increased by39.34%
634
Worsened metrics
- Total package byte prevSize
- decreased by-10.38%
120710
- Number of low license alerts
- increased by100%
2
Dependency changes
+ Addedbase64-js@^1.5.1
+ Addedbase64-js@1.5.1(transitive)
- Removedecdsa-sig-formatter@^1.0.11
- Removedecdsa-sig-formatter@1.0.11(transitive)
- Removedsafe-buffer@5.2.1(transitive)
Updated@noble/hashes@^1.1.2
Updated@noble/secp256k1@^1.6.3