How to use the ssri.fromHex function in ssri
To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
npm / cacache / lib / verify.js View on Github 
(f) => {
const split = f.split(/[/\\]/)
const digest = split.slice(split.length - 3).join('')
const algo = split[split.length - 4]
const integrity = ssri.fromHex(digest, algo)
if (liveContent.has(integrity.toString())) {
return verifyContent(f, integrity).then((info) => {
if (!info.valid) {
stats.reclaimedCount++
stats.badContentCount++
stats.reclaimedSize += info.size
} else {
stats.verifiedContent++
stats.keptSize += info.size
}
return stats
})
} else {
// No entries refer to this content. We can delete.
stats.reclaimedCount++
return stat(f).then((s) => {function pkgIntegrity (pkg) {
try {
// dist is provided by the registry
var sri = (pkg.dist && pkg.dist.integrity) ||
// _integrity is provided by pacote
pkg._integrity ||
// _shasum is legacy
(pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
if (!sri) return
var integrity = ssri.parse(sri)
if (Object.keys(integrity).length === 0) return
return integrity
} catch (ex) {
return
}
}function annotateManifest (spec, manifest, opts) {
const shasum = manifest.dist && manifest.dist.shasum
manifest._integrity = manifest.dist && manifest.dist.integrity
manifest._shasum = shasum
if (!manifest._integrity && shasum) {
// Use legacy dist.shasum field if available.
manifest._integrity = ssri.fromHex(shasum, 'sha1').toString()
}
manifest._resolved = (
manifest.dist && manifest.dist.tarball
)
if (!manifest._resolved) {
const registry = fetch.pickRegistry(spec, opts)
const uri = registry.replace(/\/?$/, '/') + spec.escapedName
const err = new Error(
`Manifest for ${manifest.name}@${manifest.version} from ${uri} is missing a tarball url (pkg.dist.tarball). Guessing a default.`
)
err.code = 'ENOTARBALL'
err.manifest = manifest
if (!manifest._warnings) { manifest._warnings = [] }
manifest._warnings.push(err.message)
manifest._resolved =if (requested.type === 'git' && child.package._from) {
pkginfo.from = child.package._from
}
if (child.fromBundle && !linked) {
pkginfo.bundled = true
} else {
if (isRegistry(requested)) {
pkginfo.resolved = child.package._resolved
}
// no integrity for git deps as integrity hashes are based on the
// tarball and we can't (yet) create consistent tarballs from a stable
// source.
if (requested.type !== 'git') {
pkginfo.integrity = child.package._integrity || undefined
if (!pkginfo.integrity && child.package._shasum) {
pkginfo.integrity = ssri.fromHex(child.package._shasum, 'sha1')
}
}
}
if (childIsOnlyDev) pkginfo.dev = true
if (isOnlyOptional(child)) pkginfo.optional = true
if (child.requires.length) {
pkginfo.requires = {}
sortModules(child.requires).forEach((required) => {
var requested = getRequested(required, child) || required.package._requested || {}
pkginfo.requires[moduleName(required)] = childRequested(top, required, requested)
})
}
// iterate into children on non-links and links contained within the top level package
if (child.children.length) {
pkginfo.dependencies = {}
shrinkwrapDeps(pkginfo.dependencies, top, child, seen)function pkgIntegrity (pkg) {
try {
// dist is provided by the registry
var sri = (pkg.dist && pkg.dist.integrity) ||
// _integrity is provided by pacote
pkg._integrity ||
// _shasum is legacy
(pkg._shasum && ssri.fromHex(pkg._shasum, 'sha1').toString())
if (!sri) return
var integrity = ssri.parse(sri)
if (Object.keys(integrity).length === 0) return
return integrity
} catch (ex) {
}
}async resolve(): Promise {
// lockfile
const shrunk = this.request.getLocked('tarball');
if (shrunk) {
if (this.config.packBuiltPackages && shrunk.prebuiltVariants && shrunk._remote) {
const prebuiltVariants = shrunk.prebuiltVariants;
const prebuiltName = getPlatformSpecificPackageFilename(shrunk);
const offlineMirrorPath = this.config.getOfflineMirrorPath();
if (prebuiltVariants[prebuiltName] && offlineMirrorPath) {
const filename = path.join(offlineMirrorPath, 'prebuilt', prebuiltName + '.tgz');
const {_remote} = shrunk;
if (_remote && (await fs.exists(filename))) {
_remote.reference = `file:${filename}`;
_remote.hash = prebuiltVariants[prebuiltName];
_remote.integrity = ssri.fromHex(_remote.hash, 'sha1').toString();
}
}
}
}
if (
shrunk &&
shrunk._remote &&
(shrunk._remote.integrity || this.config.offline || !this.config.autoAddIntegrity)
) {
// if the integrity field does not exist, we're not network-restricted, and the
// migration hasn't been disabled, it needs to be created
return shrunk;
}
const desiredVersion = shrunk && shrunk.version ? shrunk.version : null;
const info: ?Manifest = await this.resolveRequest(desiredVersion);if (typeof deprecated === 'string') {
let human = `${info.name}@${info.version}`;
const parentNames = this.request.parentNames;
if (parentNames.length) {
human = parentNames.concat(human).join(' > ');
}
this.reporter.warn(`${human}: ${deprecated}`);
}
if (dist != null && dist.tarball) {
info._remote = {
resolved: `${this.cleanRegistry(dist.tarball)}#${dist.shasum}`,
type: 'tarball',
reference: this.cleanRegistry(dist.tarball),
hash: dist.shasum,
integrity: dist.integrity ? ssri.parse(dist.integrity) : ssri.fromHex(dist.shasum, 'sha1'),
registry: NPM_REGISTRY_ID,
packageName: info.name,
};
}
info._uid = info.version;
return info;
}
}_findIntegrity({hashOnly}: {hashOnly: boolean}): ?Object {
if (this.remote.integrity && !hashOnly) {
return ssri.parse(this.remote.integrity);
}
if (this.hash) {
return ssri.fromHex(this.hash, 'sha1');
}
return null;
}ssri
Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
