How to use the ssri.checkData function in ssri

To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github npm / cacache / lib / content / read.js View on Github external
return readFile(cpath, null).then((data) => {
      if (!ssri.checkData(data, sri)) {
        throw integrityError(sri, cpath)
      }
      return data
    })
  })
github npm / tink / lib / pkglock.js View on Github external
info = ccGet.hasContent.sync(cache, hash, { memoize: true })
  }
  if (!info) {
    return false
  }
  const cpath = ccPath(cache, info.sri)
  if (verify) {
    try {
      ssri.checkData(
        fs.readFileSync.orig(cpath),
        info.sri
      )
    } catch (err) {
      const newResolved = fetchPackageSync(cache, pkg, hash)
      cache = newResolved.cache
      ssri.checkData(
        fs.readFileSync.orig(cpath),
        info.sri
      )
    }
  }
  return Object.assign(info.stat, {
    integrity: info.sri.toString(),
    cachePath: ccPath(cache, info.sri)
  })
}
github npm / tink / lib / commands / prepare.js View on Github external
function checkPkgLock () {
    opts.log.verbose('prepare', 'checking package-lock is up to date.')
    try {
      const base = process.cwd()
      const lock = JSON.parse(stripBOM(fs.readFileSync(path.join(base, 'package-lock.json'), 'utf8')))
      const map = JSON.parse(stripBOM(fs.readFileSync(path.join(base, 'node_modules', '.pkglock-hash'), 'utf8')))
      require('ssri').checkData(
        JSON.stringify(lock), map.lockfile_integrity, { error: true }
      )
      return map
    } catch (err) {
      return false
    }
  }
github npm / tink / lib / pkgmap.js View on Github external
throw new Error('statSync() requires a fully-resolved pkgmap file address')
  }
  let info
  try {
    info = ccRead.hasContent.sync(cache, hash)
  } catch (err) {
    repairPackageSync(cache, hash, pkg)
    info = ccRead.hasContent.sync(cache, hash)
  }
  if (!info) {
    return false
  }
  const cpath = ccPath(cache, info.sri)
  if (verify) {
    try {
      ssri.checkData(
        fs.readFileSync(cpath),
        info.sri
      )
    } catch (err) {
      const newResolved = repairPackageSync({ cache, hash, pkg, resolvedPath })
      cache = newResolved.cache
      hash = newResolved.hash
      pkg = newResolved.pkg
      ssri.checkData(
        fs.readFileSync(cpath),
        info.sri
      )
    }
  }
  return Object.assign(info.stat, {
    integrity: info.sri.toString(),
github npm / tink / lib / installer.js View on Github external
async checkLock () {
    this.log('verbose', 'checkLock', 'verifying package-lock data')
    const pkg = this.pkg
    const prefix = this.prefix
    if (
      this.pkglockHash &&
      !ssri.checkData(
        JSON.stringify(pkg._shrinkwrap),
        this.pkglockHash.lockfile_integrity
      )
    ) {
      this.validLockHash = false
    }
    if (!pkg._shrinkwrap || !pkg._shrinkwrap.lockfileVersion) {
      this.log('warn', 'No lockfile detected. Regenerating.')
      await this.npmInstall()
    }
    if (!pkg._shrinkwrap || !pkg._shrinkwrap.lockfileVersion) {
      throw new Error(`npm install to generate package-lock.json failed. This is a bug.`)
    }
    const result = await lockVerify(prefix)
    if (result.status) {
      result.warnings.forEach(w => this.log('warn', 'lockfile', w))
github npm / cacache / lib / content / write.js View on Github external
function write (cache, data, opts) {
  opts = opts || {}
  if (opts.algorithms && opts.algorithms.length > 1) {
    throw new Error('opts.algorithms only supports a single algorithm for now')
  }
  if (typeof opts.size === 'number' && data.length !== opts.size) {
    return Promise.reject(sizeError(opts.size, data.length))
  }
  const sri = ssri.fromData(data, {
    algorithms: opts.algorithms
  })
  if (opts.integrity && !ssri.checkData(data, opts.integrity, opts)) {
    return Promise.reject(checksumError(opts.integrity, sri))
  }

  return disposer(makeTmp(cache, opts), makeTmpDisposer,
    (tmp) => {
      return writeFile(tmp.target, data, { flag: 'wx' })
        .then(() => moveToDestination(tmp, cache, sri, opts))
    })
    .then(() => ({ integrity: sri, size: data.length }))
}
github npm / cacache / lib / content / read.js View on Github external
return withContentSriSync(cache, integrity, (cpath, sri) => {
    const data = fs.readFileSync(cpath)
    if (typeof opts.size === 'number' && opts.size !== data.length) {
      throw sizeError(opts.size, data.length)
    }

    if (ssri.checkData(data, sri)) {
      return data
    }

    throw integrityError(sri, cpath)
  })
}
github sx1989827 / DOClever / Desktop / node_modules / cacache / lib / content / write.js View on Github external
function write (cache, data, opts) {
  opts = opts || {}
  if (opts.algorithms && opts.algorithms.length > 1) {
    throw new Error(
      Y`opts.algorithms only supports a single algorithm for now`
    )
  }
  if (typeof opts.size === 'number' && data.length !== opts.size) {
    return BB.reject(sizeError(opts.size, data.length))
  }
  const sri = ssri.fromData(data, opts)
  if (opts.integrity && !ssri.checkData(data, opts.integrity, opts)) {
    return BB.reject(checksumError(opts.integrity, sri))
  }
  return BB.using(makeTmp(cache, opts), tmp => (
    writeFileAsync(
      tmp.target, data, {flag: 'wx'}
    ).then(() => (
      moveToDestination(tmp, cache, sri, opts)
    ))
  )).then(() => ({integrity: sri, size: data.length}))
}

ssri

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

ISC
Latest version published 3 months ago

Package Health Score

92 / 100
Full package analysis