How to use the ssri.checkStream function in ssri

To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github appcelerator-modules / ti.playservices / updater / index.js View on Github external
async function downloadWithIntegrity(url, downloadPath, integrity) {
	const file = await download(url, downloadPath);

	// Verify integrity!
	await ssri.checkStream(fs.createReadStream(file), integrity);
	return file;
}
github appcelerator / titanium_mobile / build / lib / utils.js View on Github external
async function downloadWithIntegrity(url, downloadPath, integrity, options) {
	const file = await download(url, downloadPath, options);

	// Verify integrity!
	await ssri.checkStream(fs.createReadStream(file), integrity);
	return file;
}
github appcelerator / titanium_mobile / build / lib / utils.js View on Github external
Utils.downloadURL = async function downloadURL(url, integrity, options) {
	if (!integrity) {
		throw new Error('No "integrity" value given for %s, may need to run "node scons.js modules-integrity" to generate new module listing with updated integrity hashes.', url);
	}

	if (url.startsWith('file://')) {
		const filePath = url.slice(7);
		if (!await fs.exists(filePath)) {
			throw new Error('File URL does not exist on disk: %s', url);
		}

		// if it passes integrity check, we're all good, return path to file
		await ssri.checkStream(fs.createReadStream(filePath), integrity);
		return filePath;
	}

	const downloadPath = cachedDownloadPath(url);
	// Check if file already exists and passes integrity check!
	if (await fs.exists(downloadPath)) {
		try {
			// if it passes integrity check, we're all good, return path to file
			await ssri.checkStream(fs.createReadStream(downloadPath), integrity);
			// cached copy is still valid, integrity hash matches
			return downloadPath;
		} catch (e) {
			// hash doesn't match. Wipe the cached version and re-download
			await fs.remove(downloadPath);
			return downloadWithIntegrity(url, downloadPath, integrity, options);
		}
github npm / tink / lib / pkglock.js View on Github external
info = await ccGet.hasContent(cache, hash)
  }
  if (!info) {
    return false
  }
  const cpath = ccPath(cache, info.sri)
  if (verify) {
    try {
      await ssri.checkStream(
        fs.createReadStream.orig(cpath),
        info.sri
      )
    } catch (err) {
      const newResolved = await fetchPackage(cache, pkg, hash)
      cache = newResolved.cache
      await ssri.checkStream(
        fs.createReadStream.orig(cpath),
        info.sri
      )
    }
  }
  return Object.assign(info.stat, {
    integrity: info.sri.toString(),
    cachePath: ccPath(cache, info.sri)
  })
}
github npm / cacache / lib / verify.js View on Github external
.then((s) => {
      const contentInfo = {
        size: s.size,
        valid: true
      }
      return ssri
        .checkStream(new fsm.ReadStream(filepath), sri)
        .catch((err) => {
          if (err.code !== 'EINTEGRITY') {
            throw err
          }
          return rimraf(filepath).then(() => {
            contentInfo.valid = false
          })
        })
        .then(() => contentInfo)
    })
    .catch((err) => {
github apmjs / apmjs / src / utils / integrity.js View on Github external
function checkSRI (dataStream, sum) {
  return ssri.checkStream(dataStream, sum).catch(e => {
    throw e.code === 'EINTEGRITY' ? new IntegrityError(e.message) : e
  })
}
github npm / tink / lib / pkgmap.js View on Github external
if (!info) {
    return false
  }
  const cpath = ccPath(cache, info.sri)
  if (verify) {
    try {
      await ssri.checkStream(
        fs.createReadStream(cpath),
        info.sri
      )
    } catch (err) {
      const newResolved = await repairPackage({ cache, hash, pkg, resolvedPath })
      cache = newResolved.cache
      hash = newResolved.hash
      pkg = newResolved.pkg
      await ssri.checkStream(
        fs.createReadStream(cpath),
        info.sri
      )
    }
  }
  return Object.assign(info.stat, {
    integrity: info.sri.toString(),
    cachePath: ccPath(cache, info.sri)
  })
}

ssri

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

ISC
Latest version published 3 months ago

Package Health Score

92 / 100
Full package analysis