New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
server-side-app-integrity-check
Advanced tools
server-side-app-integrity-check - npm Package Compare versions
Comparing version 1.77.0 to 1.78.0
| { | ||
| "name": "server-side-app-integrity-check", | ||
| "version": "1.77.0", | ||
| "version": "1.78.0", | ||
| "description": "Server side library to generate nonces and check attestation tokens received from client apps within Android's Play Integrity API or Apple's App Attest API. It supports both classic and standard requests of Play Integrity API.", | ||
@@ -5,0 +5,0 @@ "main": "src/playIntegrity.mjs", |
@@ -5,4 +5,6 @@ # Server-side app integrity check | ||
| The library returns 'success' only if the maximum standards are met in the device environment. It is your responsibility to handle Google/Apple server outages (as those must inevitably always be used in the attestations), to design your platform logic to conform to the API request rate limits, and to have a plan on how to handle clients that do not meet the maximum standards (for example, rooted devices or Play Protect disabled), among other considerations. | ||
| The decryptPlayIntegrity function returns the attestation token. The verifyPlayIntegrity function returns 'success' only if high security standards are met in the device environment. | ||
| It is your responsibility to handle Google/Apple server outages (as those must inevitably always be used in the attestations), to design your platform logic to conform to the API request rate limits, and to have a plan on how to handle clients that do not meet the maximum standards (for example, rooted devices or Play Protect disabled), among other considerations. | ||
| See also: [https://github.com/srinivas1729/appattest-checker-node](https://github.com/srinivas1729/appattest-checker-node) | ||
@@ -52,6 +54,9 @@ | ||
| `{status: "fail", message: "Some explanatory message here"}` := Attestation was not successful. The app integrity is compromised or some other condition has occurred. Bear in mind that attestations will likely not succeed if an Android device has been rooted or if the device does not meet maximum standards. | ||
| `{status: "fail", message: "Some explanatory message here", decryptedToken: "Here you will have the decrypted token"}` := | ||
| Attestation was not successful. The app integrity is compromised or some other condition has occurred. Bear in mind that attestations will likely not succeed if an Android device has been rooted or if the device does not meet maximum standards. | ||
| `{status: "error", message: "Some explanatory message here"}` := An unexpected error has occurred. Do not forget to also embrace the sample code above within a try-catch clause to capture any errors throwed by the module. | ||
| `{status: "error", message: "Some explanatory message here", decryptedToken: "Here you will have the decrypted token"}` := | ||
| An unexpected error has occurred. Do not forget to also embrace the sample code above within a try-catch clause to capture any errors throwed by the module. | ||
| `{status: "success", message: "Some explanatory message here"}` := Nice! The client passed the attestation. | ||
| `{status: "success", message: "Some explanatory message here", decryptedToken: "Here you will have the decrypted token"}` := | ||
| Nice! The client passed the attestation. |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Lines of code
330
1.85%- Number of lines in readme file
60
9.09%Worsened metrics
- Total package byte prevSize
28776
-2%No dependency changes