How to use ssri - 10 common examples
To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Leaflet / Leaflet / build / integrity.js View on Github 
// This script calculates the integrity hashes of the files in dist/ , and
// **overwrites** the values in the documentation.
var ssri = require('ssri');
var fs = require('fs');
var version = require('../package.json').version;
const integritySrc = ssri.fromData(fs.readFileSync('dist/leaflet-src.js'));
const integrityUglified = ssri.fromData(fs.readFileSync('dist/leaflet.js'));
const integrityCss = ssri.fromData(fs.readFileSync('dist/leaflet.css'));
console.log('Integrity hashes for ', version, ':');
console.log('dist/leaflet-src.js: ', integritySrc.toString());
console.log('dist/leaflet.js: ', integrityUglified.toString());
console.log('dist/leaflet.css: ', integrityCss.toString());
var docConfig = fs.readFileSync('docs/_config.yml').toString();
docConfig = docConfig.
replace(/latest_leaflet_version:.*/, 'latest_leaflet_version: ' + version).
replace(/integrity_hash_source:.*/, 'integrity_hash_source: "' + integritySrc.toString() + '"').
replace(/integrity_hash_uglified:.*/, 'integrity_hash_uglified: "' + integrityUglified.toString() + '"').
replace(/integrity_hash_css:.*/, 'integrity_hash_css: "' + integrityCss.toString() + '"');// This script calculates the integrity hashes of the files in dist/ , and
// **overwrites** the values in the documentation.
var ssri = require('ssri');
var fs = require('fs');
var version = require('../package.json').version;
const integritySrc = ssri.fromData(fs.readFileSync('dist/leaflet-src.js'));
const integrityUglified = ssri.fromData(fs.readFileSync('dist/leaflet.js'));
const integrityCss = ssri.fromData(fs.readFileSync('dist/leaflet.css'));
console.log('Integrity hashes for ', version, ':');
console.log('dist/leaflet-src.js: ', integritySrc.toString());
console.log('dist/leaflet.js: ', integrityUglified.toString());
console.log('dist/leaflet.css: ', integrityCss.toString());
var docConfig = fs.readFileSync('docs/_config.yml').toString();
docConfig = docConfig.
replace(/latest_leaflet_version:.*/, 'latest_leaflet_version: ' + version).
replace(/integrity_hash_source:.*/, 'integrity_hash_source: "' + integritySrc.toString() + '"').
replace(/integrity_hash_uglified:.*/, 'integrity_hash_uglified: "' + integrityUglified.toString() + '"').
replace(/integrity_hash_css:.*/, 'integrity_hash_css: "' + integrityCss.toString() + '"');
// console.log('New jekyll docs config: \n', docConfig);(f) => {
const split = f.split(/[/\\]/)
const digest = split.slice(split.length - 3).join('')
const algo = split[split.length - 4]
const integrity = ssri.fromHex(digest, algo)
if (liveContent.has(integrity.toString())) {
return verifyContent(f, integrity).then((info) => {
if (!info.valid) {
stats.reclaimedCount++
stats.badContentCount++
stats.reclaimedSize += info.size
} else {
stats.verifiedContent++
stats.keptSize += info.size
}
return stats
})
} else {
// No entries refer to this content. We can delete.
stats.reclaimedCount++
return stat(f).then((s) => {[_istream] (stream) {
// everyone will need one of these, either for verifying or calculating
// We always set it, because we have might only have a weak legacy hex
// sha1 in the packument, and this MAY upgrade it to a stronger algo.
// If we had an integrity, and it doesn't match, then this does not
// override that error; the istream will raise the error before it
// gets to the point of re-setting the integrity.
const istream = ssri.integrityStream(this.opts)
istream.on('integrity', i => this.integrity = i)
return stream.on('error', er => istream.emit('error', er)).pipe(istream)
}async getSha1Integrity (integrity, resolved, manifest) {
// for yarn.lock backwards compatibility
if (!/^sha1-/.test(integrity)) {
const url = normalizeUrl(resolved)
const file = await rp({
url,
encoding: null
})
const integrity = ssri.create({algorithms: ['sha1']}).update(file)
return integrity.digest().toString()
} else {
return integrity
}
}
}const tryFn = () => {
const sri = ssri.parse(integrity)
// If `integrity` has multiple entries, pick the first digest
// with available local data.
const algo = sri.pickAlgorithm()
const digests = sri[algo]
if (digests.length <= 1) {
const cpath = contentPath(cache, digests[0])
return fn(cpath, digests[0])
} else {
// Can't use race here because a generic error can happen before a ENOENT error, and can happen before a valid result
return Promise
.all(digests.map((meta) => {
return withContentSri(cache, meta, fn)
.catch((err) => {
if (err.code === 'ENOENT') {
return Object.assign(function pkgIntegrity (pkg) {
try {
// dist is provided by the registry
var sri = (pkg.dist && pkg.dist.integrity) ||
// _integrity is provided by pacote
pkg._integrity ||
// _shasum is legacy
(pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
if (!sri) return
var integrity = ssri.parse(sri)
if (Object.keys(integrity).length === 0) return
return integrity
} catch (ex) {
return
}
}function withContentSriSync (cache, integrity, fn) {
const sri = ssri.parse(integrity)
// If `integrity` has multiple entries, pick the first digest
// with available local data.
const algo = sri.pickAlgorithm()
const digests = sri[algo]
if (digests.length <= 1) {
const cpath = contentPath(cache, digests[0])
return fn(cpath, digests[0])
} else {
let lastErr = null
for (const meta of digests) {
try {
return withContentSriSync(cache, meta, fn)
} catch (err) {
lastErr = err
}
}function pkgIntegrity (pkg) {
try {
// dist is provided by the registry
var sri = (pkg.dist && pkg.dist.integrity) ||
// _integrity is provided by pacote
pkg._integrity ||
// _shasum is legacy
(pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
if (!sri) return
var integrity = ssri.parse(sri)
if (Object.keys(integrity).length === 0) return
return integrity
} catch (ex) {
return
}
}function annotateManifest (spec, manifest, opts) {
const shasum = manifest.dist && manifest.dist.shasum
manifest._integrity = manifest.dist && manifest.dist.integrity
manifest._shasum = shasum
if (!manifest._integrity && shasum) {
// Use legacy dist.shasum field if available.
manifest._integrity = ssri.fromHex(shasum, 'sha1').toString()
}
manifest._resolved = (
manifest.dist && manifest.dist.tarball
)
if (!manifest._resolved) {
const registry = fetch.pickRegistry(spec, opts)
const uri = registry.replace(/\/?$/, '/') + spec.escapedName
const err = new Error(
`Manifest for ${manifest.name}@${manifest.version} from ${uri} is missing a tarball url (pkg.dist.tarball). Guessing a default.`
)
err.code = 'ENOTARBALL'
err.manifest = manifest
if (!manifest._warnings) { manifest._warnings = [] }
manifest._warnings.push(err.message)
manifest._resolved =ssri
Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
