Socket
Socket
Sign inDemoInstall

jwa

Package Overview
Dependencies
3
Maintainers
3
Versions
19
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.2.0 to 1.3.0

59

index.js

@@ -12,2 +12,55 @@ var bufferEqual = require('buffer-equal-constant-time');

var supportsKeyObjects = typeof crypto.createPublicKey === 'function';
if (supportsKeyObjects) {
MSG_INVALID_VERIFIER_KEY += ' or a KeyObject';
}
function checkIsPublicKey(key) {
if (Buffer.isBuffer(key)) {
return key;
}
if (typeof key === 'string') {
return key;
}
if (!supportsKeyObjects) {
throw typeError(MSG_INVALID_VERIFIER_KEY);
}
if (typeof key !== 'object') {
throw typeError(MSG_INVALID_VERIFIER_KEY);
}
if (typeof key.type !== 'string') {
throw typeError(MSG_INVALID_VERIFIER_KEY);
}
if (typeof key.asymmetricKeyType !== 'string') {
throw typeError(MSG_INVALID_VERIFIER_KEY);
}
if (typeof key.export !== 'function') {
throw typeError(MSG_INVALID_VERIFIER_KEY);
}
return key;
};
function checkIsPrivateKey(key) {
if (Buffer.isBuffer(key)) {
return key;
}
if (typeof key === 'string') {
return key;
}
if (typeof key === 'object') {
return key;
}
throw typeError(MSG_INVALID_SIGNER_KEY);
};
function fromBase64(base64) {

@@ -71,4 +124,3 @@ return base64

return function sign(thing, privateKey) {
if (!bufferOrString(privateKey) && !(typeof privateKey === 'object'))
throw typeError(MSG_INVALID_SIGNER_KEY);
checkIsPrivateKey(privateKey);
thing = normalizeInput(thing);

@@ -85,4 +137,3 @@ // Even though we are specifying "RSA" here, this works with ECDSA

return function verify(thing, signature, publicKey) {
if (!bufferOrString(publicKey))
throw typeError(MSG_INVALID_VERIFIER_KEY);
checkIsPublicKey(publicKey);
thing = normalizeInput(thing);

@@ -89,0 +140,0 @@ signature = toBase64(signature);

4

package.json
{
"name": "jwa",
"version": "1.2.0",
"version": "1.3.0",
"description": "JWA implementation (supports all JWS algorithms)",

@@ -11,3 +11,3 @@ "main": "index.js",

"buffer-equal-constant-time": "1.0.1",
"ecdsa-sig-formatter": "1.0.10",
"ecdsa-sig-formatter": "1.0.11",
"safe-buffer": "^5.0.1"

@@ -14,0 +14,0 @@ },

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc