ssri - npm Package Compare versions

Comparing version 5.1.0 to 5.2.1

CHANGELOG.md

@@ -5,2 +5,17 @@ # Change Log
 
+<a name="5.2.1"></a>
+## [5.2.1](https://github.com/zkat/ssri/compare/v5.2.0...v5.2.1) (2018-02-06)
+
+
+
+<a name="5.2.0"></a>
+# [5.2.0](https://github.com/zkat/ssri/compare/v5.1.0...v5.2.0) (2018-02-06)
+
+
+### Features
+
+* **match:** add integrity.match() ([3c49cc4](https://github.com/zkat/ssri/commit/3c49cc4))
+
+
+
 <a name="5.1.0"></a>
@@ -7,0 +22,0 @@ # [5.1.0](https://github.com/zkat/ssri/compare/v5.0.0...v5.1.0) (2018-01-18)

index.js

@@ -96,2 +96,15 @@ 'use strict'
   }
+  match (integrity, opts) {
+    const other = parse(integrity, opts)
+    const algo = other.pickAlgorithm(opts)
+    return (
+      this[algo] &&
+      other[algo] &&
+      this[algo].find(hash =>
+        other[algo].find(otherhash =>
+          hash.digest === otherhash.digest
+        )
+      )
+    ) || false
+  }
   pickAlgorithm (opts) {
@@ -209,5 +222,4 @@ const pickAlgorithm = (opts && opts.pickAlgorithm) || getPrioritizedHash
   const algorithm = sri.pickAlgorithm(opts)
-  const digests = sri[algorithm] || []
   const digest = crypto.createHash(algorithm).update(data).digest('base64')
-  return digests.find(hash => hash.digest === digest) || false
+  return parse({algorithm, digest}).match(sri, opts)
 }
@@ -259,13 +271,4 @@
     }).join(' '), opts)
-    const match = (
-      // Integrity verification mode
-      opts.integrity &&
-      newSri[algorithm] &&
-      digests &&
-      digests.find(hash => {
-        return newSri[algorithm].find(newhash => {
-          return hash.digest === newhash.digest
-        })
-      })
-    )
+    // Integrity verification mode
+    const match = goodSri && newSri.match(sri, opts)
     if (typeof opts.size === 'number' && streamSize !== opts.size) {
@@ -272,0 +275,0 @@ const err = new Error(`stream size mismatch when checking ${sri}.\n  Wanted: ${opts.size}\n  Found: ${streamSize}`)

package.json

 {
   "name": "ssri",
-  "version": "5.1.0",
+  "version": "5.2.1",
   "description": "Standard Subresource Integrity library --  parses, serializes, generates, and verifies integrity metadata according to the SRI spec.",
@@ -40,9 +40,9 @@ "main": "index.js",
   "dependencies": {
-    "safe-buffer": "^5.1.0"
+    "safe-buffer": "^5.1.1"
   },
   "devDependencies": {
-    "nyc": "^10.3.2",
-    "standard": "^9.0.2",
-    "standard-version": "^4.1.0",
-    "tap": "^10.3.3",
+    "nyc": "^11.4.1",
+    "standard": "^10.0.3",
+    "standard-version": "^4.3.0",
+    "tap": "^11.1.0",
     "weallbehave": "^1.2.0",
@@ -49,0 +49,0 @@ "weallcontribute": "^1.0.8"

README.md

@@ -24,2 +24,3 @@ # ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/zkat/ssri.svg)](https://travis-ci.org/zkat/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/zkat/ssri?svg=true)](https://ci.appveyor.com/project/zkat/ssri) [![Coverage Status](https://coveralls.io/repos/github/zkat/ssri/badge.svg?branch=latest)](https://coveralls.io/github/zkat/ssri?branch=latest)
     * [`Integrity#toJSON`](#integrity-to-json)
+    * [`Integrity#match`](#integrity-match)
     * [`Integrity#pickAlgorithm`](#integrity-pick-algorithm)
@@ -222,2 +223,23 @@ * [`Integrity#hexDigest`](#integrity-hex-digest)
 
+#### <a name="integrity-match"></a> `> Integrity#match(sri, [opts]) -> Hash | false`
+
+Returns the matching (truthy) hash if `Integrity` matches the argument passed as
+`sri`, which can be anything that [`parse`](#parse) will accept. `opts` will be
+passed through to `parse` and [`pickAlgorithm()`](#integrity-pick-algorithm).
+
+##### Example
+
+```javascript
+const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A=='
+
+ssri.parse(integrity).match(integrity)
+// Hash {
+//   digest: '9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A=='
+//   algorithm: 'sha512'
+// }
+
+ssri.parse(integrity).match('sha1-deadbeef')
+// false
+```
+
 #### <a name="integrity-pick-algorithm"></a> `> Integrity#pickAlgorithm([opts]) -> String`
@@ -224,0 +246,0 @@

No alert changes

Improved metrics

Total package byte prevSize

38327

increased by3.08%

Lines of code

322

increased by0.94%

Number of lines in readme file

485

increased by4.75%

Worsened metrics

Number of maintainers

4

decreased by-20%

Dependency changes

• Updatedsafe-buffer@^5.1.1