What is ssri?
The ssri npm package is used for parsing, manipulating, serializing, generating, and verifying Subresource Integrity (SRI) hashes. SRI is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
What are ssri's main functionalities?
Generating SRI Hashes
This feature allows you to generate SRI hashes from a given data input. The example code demonstrates how to create an SRI hash using the SHA-384 algorithm.
const ssri = require('ssri');
const integrity = ssri.fromData('some data to hash', {algorithms: ['sha384']});
console.log(integrity.toString());
Parsing SRI Hashes
This feature is used to parse an existing SRI hash string into an object that can be easily manipulated. The example code shows how to parse an SRI hash.
const ssri = require('ssri');
const integrity = ssri.parse('sha384-...');
console.log(integrity);
Verifying SRI Hashes
This feature allows you to verify that a piece of data matches a given SRI hash. The example code demonstrates how to verify the integrity of data against an SRI hash.
const ssri = require('ssri');
const data = 'some data to verify';
const sri = 'sha384-...';
ssri.checkData(data, sri).then(() => {
console.log('Integrity verified');
}).catch(error => {
console.log('Integrity verification failed');
});
Other packages similar to ssri
crypto
The 'crypto' module is a built-in Node.js module that provides cryptographic functionality. It includes a diverse set of functions for hashing, signing, and verifying data. While it does not provide SRI-specific functions, it can be used to generate hashes that could be used for SRI.
sha.js
This package is a simple implementation of the SHA hash function. It is similar to ssri in that it can create hashes, but it does not have the specific focus on SRI or the ability to parse and verify SRI hashes.
hasha
Hasha is a Node.js module for hashing data. It supports multiple algorithms and can hash streams, buffers, and files. While it is similar to ssri in terms of hashing capabilities, it does not include the SRI-specific features for parsing and verifying hashes.