Socket
Socket
Sign inDemoInstall

sri-toolbox

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sri-toolbox - npm Package Compare versions

Comparing version 0.0.1 to 0.1.0

79

generate.js

@@ -1,51 +0,62 @@

4/*
sri-toolbox-generate
/*
sri-toolbox-generate
*/
var R = require("ramda");
var rfc6920Toolbox = require("rfc6920-toolbox");
/*jslint node: true */
"use strict";
var defaults = R.mixin({
algorithms: ["sha-256"],
authority: "",
parameters: {},
delimiter: " ",
serialize: true
});
var crypto = require("crypto"),
url = require("url"),
defaults = function (options) {
return {
algorithms: options.algorithms || ["sha256"],
delimiter: options.delimiter || " ",
type: options.type,
};
},
/*
Functionality
Functionality
*/
var array = R.curry(function (options, dataString) {
return R.map(function (algorithm) {
return rfc6920Toolbox.serialize({
authority: options.authority,
algorithm: algorithm,
digest: rfc6920Toolbox.digest(algorithm, dataString),
parameters: options.parameters
});
}, options.algorithms);
});
// Generate hash
digest = function (algorithm, data) {
return crypto
.createHash(algorithm)
.update(data)
.digest("base64");
},
// Build content-type string
type = function (options) {
if (!options.type) {
return "";
}
return "type:" + options.type + options.delimiter;
},
var string = R.curry(function (options, dataString) {
return array(options, dataString).join(options.delimiter);
});
// Generate SRI-formatted hash string
hashes = function (options, data) {
return options.algorithms
.map(function (algorithm) {
return algorithm + "-" + digest(algorithm, data);
})
.join(options.delimiter);
},
main = function (options, data) {
// Defaults
options = defaults(options);
return type(options) + hashes(options, data);
};
var main = R.curry(function (options, dataString) {
options = defaults(options);
if (options.serialize) return string(options, dataString);
return array(options, string);
});
/*
Exports
Exports
*/
if (typeof module !== "undefined") {
module.exports = main;
if (module !== undefined) {
module.exports = main;
}

13

main.js

@@ -5,17 +5,4 @@ /*

var R = require("ramda");
var generate = require("./generate");
/*
Functionality
*/
/*
Exports
*/
if (typeof module !== "undefined") {

@@ -22,0 +9,0 @@ module.exports = {

6

package.json
{
"name": "sri-toolbox",
"version": "0.0.1",
"version": "0.1.0",
"description": "Subresource Integrity tools",

@@ -26,7 +26,5 @@ "author": {

"dependencies": {
"ramda": "~0.8.0",
"rfc6920-toolbox": "0.1.1"
},
"devDependencies": {
"mocha": "~2.1.0"
"mocha": "^2.1.0"
},

@@ -33,0 +31,0 @@ "engines": {

104

README.md

@@ -16,99 +16,29 @@ # sri-toolbox [![Build Status](https://travis-ci.org/neftaly/npm-sri-toolbox.svg?branch=master)](https://travis-ci.org/neftaly/npm-sri-toolbox)

sriToolbox({ options }, data); //=> result
```
var jquerySourceCode = file("jquery-1.10.2.min.js");
**Note:** this module supports [currying](http://fr.umio.us/favoring-curry/).
```javascript
var sriToolboxer = sriToolbox({ option });
sriToolboxer(data); //=> result
var integrity = sriToolbox.generate({
type: "application/javascript",
algorithms: ["sha256"],
}, jquerySourceCode);
//=> "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="
```
Options
API
-------
Key: type **name** *= default*
* type **name** *= value*
Description
### generate
Generate creates a Sub-resource Integrity attribute from a data string.
#### Options
Key: type **name** *= default*
* array **algorithms** *= ["sha256"]*
List of hashing algorithms
* string **delimiter** *= " "*
Integrity attribute delimiter
---
Example
-------
```javascript
element1.integrity = sri.generate.string(jquerySourceCode);
element2.integrity = sri.generate.string(
jquerySourceCode,
{
algorithms: [
"sha-256",
"sha-512"
],
authority: "code.jquery.com",
delimiter: " \n",
parameters: {
"ct": "text/javascript"
}
},
" \n"
);
```
API
---
### `generate`
Functions responsible for Subresource Integrity ni-URI generation
---
#### `generate.array (`*required* `data, `*optional* `options)`
*Returns `["string"...]`.*
Generate an array of ni-URI strings.
#### `generate.string (`*required* `data, `*optional* `options)`
*Returns `"string..."`.*
Generate a delimited string of ni-URI's.
---
**data:**
String to be hashed
**options:**
* **`algorithms:`** `["name"...]`
*Default: `["sha-256"]`*
Array of [RFC6920](https://tools.ietf.org/html/rfc6920#section-3) Digest Algorithms
> Digest Algorithm: The name of the digest algorithm, as specified in
> the IANA registry defined in [Section 9.4](https://tools.ietf.org/html/rfc6920#section-9.4).
For example, `[ "sha-256", "sha-512" ]`
* **`authority:`** `"hostname"`
*Default: `""`*
[RFC6920](https://tools.ietf.org/html/rfc692#section-3) Authority value
> Authority: The optional authority component may assist applications
> in accessing the object named by an ni-URI. There is no default
> value for the authority field. (See Section 3.2.2 of [RFC3986]
> for details.) While ni names with and without an authority differ
> syntactically from ni names with different authorities, all three
> refer to the same object if and only if the digest algorithm,
> length, and value are the same.
* **`delimiter:`** `"delimiter"`
*Default: `" "`*
`generate.string` ni-URI delimiter.
* **`parameters:`** `{ "name": "value" }`
*Default: `{ }`*
Deserialized list of [RFC6920](https://tools.ietf.org/html/rfc6920#section-3) Query Parameters
For example, a content-type specifier: `{ "ct": "text/plain" }`
* string **type** *= ""*
Content-type of file

18

test/tests.js

@@ -11,8 +11,20 @@ var assert = require("assert")

it("test name", function(){
var expect = "ni:///sha-256;C6CB9UYIS9UJeqinPHWTHVqh_E1uhG5Twh-Y5qFQmYg?ct=application/javascript";
var result = sriToolbox.generate({ parameters: { "ct": "application/javascript" } }, sourceCode);
it("Default", function(){
var options = {};
var expect = "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=";
var result = sriToolbox.generate(options, sourceCode);
assert.equal(expect, result);
});
it("Custom", function(){
var options = {
type: "application/javascript",
algorithms: ["sha512"],
delimiter: " "
};
var expect = "type:application/javascript sha512-OqaFaP8lkurUEqDH9cOavDesVi8At8Fq8HzV7/iBqtznfscQQLNsCtnC0qpO3XdE+nKw9Ey4tIXU8oOxtJwhQQ==";
var result = sriToolbox.generate(options, sourceCode);
assert.equal(expect, result);
});
});
.travis.yml

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc