How to use the ssri.fromHex function in ssri

To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github npm / cacache / lib / verify.js View on Github external
(f) => {
            const split = f.split(/[/\\]/)
            const digest = split.slice(split.length - 3).join('')
            const algo = split[split.length - 4]
            const integrity = ssri.fromHex(digest, algo)
            if (liveContent.has(integrity.toString())) {
              return verifyContent(f, integrity).then((info) => {
                if (!info.valid) {
                  stats.reclaimedCount++
                  stats.badContentCount++
                  stats.reclaimedSize += info.size
                } else {
                  stats.verifiedContent++
                  stats.keptSize += info.size
                }
                return stats
              })
            } else {
              // No entries refer to this content. We can delete.
              stats.reclaimedCount++
              return stat(f).then((s) => {
github davidhealey / waistline / node_modules / npm / lib / install / diff-trees.js View on Github external
function pkgIntegrity (pkg) {
  try {
    // dist is provided by the registry
    var sri = (pkg.dist && pkg.dist.integrity) ||
              // _integrity is provided by pacote
              pkg._integrity ||
              // _shasum is legacy
              (pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
    if (!sri) return
    var integrity = ssri.parse(sri)
    if (Object.keys(integrity).length === 0) return
    return integrity
  } catch (ex) {
    return
  }
}
github npm / pacote / lib / fetchers / registry / manifest.js View on Github external
function annotateManifest (spec, manifest, opts) {
  const shasum = manifest.dist && manifest.dist.shasum
  manifest._integrity = manifest.dist && manifest.dist.integrity
  manifest._shasum = shasum
  if (!manifest._integrity && shasum) {
    // Use legacy dist.shasum field if available.
    manifest._integrity = ssri.fromHex(shasum, 'sha1').toString()
  }
  manifest._resolved = (
    manifest.dist && manifest.dist.tarball
  )
  if (!manifest._resolved) {
    const registry = fetch.pickRegistry(spec, opts)
    const uri = registry.replace(/\/?$/, '/') + spec.escapedName

    const err = new Error(
      `Manifest for ${manifest.name}@${manifest.version} from ${uri} is missing a tarball url (pkg.dist.tarball). Guessing a default.`
    )
    err.code = 'ENOTARBALL'
    err.manifest = manifest
    if (!manifest._warnings) { manifest._warnings = [] }
    manifest._warnings.push(err.message)
    manifest._resolved =
github graalvm / graaljs / deps / npm / lib / shrinkwrap.js View on Github external
if (requested.type === 'git' && child.package._from) {
      pkginfo.from = child.package._from
    }
    if (child.fromBundle && !linked) {
      pkginfo.bundled = true
    } else {
      if (isRegistry(requested)) {
        pkginfo.resolved = child.package._resolved
      }
      // no integrity for git deps as integrity hashes are based on the
      // tarball and we can't (yet) create consistent tarballs from a stable
      // source.
      if (requested.type !== 'git') {
        pkginfo.integrity = child.package._integrity || undefined
        if (!pkginfo.integrity && child.package._shasum) {
          pkginfo.integrity = ssri.fromHex(child.package._shasum, 'sha1')
        }
      }
    }
    if (childIsOnlyDev) pkginfo.dev = true
    if (isOnlyOptional(child)) pkginfo.optional = true
    if (child.requires.length) {
      pkginfo.requires = {}
      sortModules(child.requires).forEach((required) => {
        var requested = getRequested(required, child) || required.package._requested || {}
        pkginfo.requires[moduleName(required)] = childRequested(top, required, requested)
      })
    }
    // iterate into children on non-links and links contained within the top level package
    if (child.children.length) {
      pkginfo.dependencies = {}
      shrinkwrapDeps(pkginfo.dependencies, top, child, seen)
github graalvm / graaljs / deps / npm / lib / install / diff-trees.js View on Github external
function pkgIntegrity (pkg) {
  try {
    // dist is provided by the registry
    var sri = (pkg.dist && pkg.dist.integrity) ||
              // _integrity is provided by pacote
              pkg._integrity ||
              // _shasum is legacy
              (pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
    if (!sri) return
    var integrity = ssri.parse(sri)
    if (Object.keys(integrity).length === 0) return
    return integrity
  } catch (ex) {

  }
}
github yarnpkg / yarn / src / resolvers / registries / npm-resolver.js View on Github external
async resolve(): Promise {
    // lockfile
    const shrunk = this.request.getLocked('tarball');
    if (shrunk) {
      if (this.config.packBuiltPackages && shrunk.prebuiltVariants && shrunk._remote) {
        const prebuiltVariants = shrunk.prebuiltVariants;
        const prebuiltName = getPlatformSpecificPackageFilename(shrunk);
        const offlineMirrorPath = this.config.getOfflineMirrorPath();
        if (prebuiltVariants[prebuiltName] && offlineMirrorPath) {
          const filename = path.join(offlineMirrorPath, 'prebuilt', prebuiltName + '.tgz');
          const {_remote} = shrunk;
          if (_remote && (await fs.exists(filename))) {
            _remote.reference = `file:${filename}`;
            _remote.hash = prebuiltVariants[prebuiltName];
            _remote.integrity = ssri.fromHex(_remote.hash, 'sha1').toString();
          }
        }
      }
    }
    if (
      shrunk &&
      shrunk._remote &&
      (shrunk._remote.integrity || this.config.offline || !this.config.autoAddIntegrity)
    ) {
      // if the integrity field does not exist, we're not network-restricted, and the
      // migration hasn't been disabled, it needs to be created
      return shrunk;
    }

    const desiredVersion = shrunk && shrunk.version ? shrunk.version : null;
    const info: ?Manifest = await this.resolveRequest(desiredVersion);
github yarnpkg / yarn / src / resolvers / registries / npm-resolver.js View on Github external
if (typeof deprecated === 'string') {
      let human = `${info.name}@${info.version}`;
      const parentNames = this.request.parentNames;
      if (parentNames.length) {
        human = parentNames.concat(human).join(' > ');
      }
      this.reporter.warn(`${human}: ${deprecated}`);
    }

    if (dist != null && dist.tarball) {
      info._remote = {
        resolved: `${this.cleanRegistry(dist.tarball)}#${dist.shasum}`,
        type: 'tarball',
        reference: this.cleanRegistry(dist.tarball),
        hash: dist.shasum,
        integrity: dist.integrity ? ssri.parse(dist.integrity) : ssri.fromHex(dist.shasum, 'sha1'),
        registry: NPM_REGISTRY_ID,
        packageName: info.name,
      };
    }

    info._uid = info.version;

    return info;
  }
}
github yarnpkg / yarn / src / fetchers / tarball-fetcher.js View on Github external
_findIntegrity({hashOnly}: {hashOnly: boolean}): ?Object {
    if (this.remote.integrity && !hashOnly) {
      return ssri.parse(this.remote.integrity);
    }
    if (this.hash) {
      return ssri.fromHex(this.hash, 'sha1');
    }
    return null;
  }

ssri

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

ISC
Latest version published 3 months ago

Package Health Score

92 / 100
Full package analysis