How to use the ssri.fromStream function in ssri
To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
appcelerator-modules / ti.playservices / updater / index.js View on Github 
// obtain latest version of library
version = await getLatestVersion(`${repository}/${library}?repo=google`);
}
// obtain library .aar
const archives = await getFiles(`${repository}/${library}/${version}`, 'aar');
if (archives.length !== 1) {
throw new Error(`Expected single URL to download library: ${library}/${version}, but got: ${archives}`);
}
const url = archives[0];
const name = `${library}-${version}.aar`;
const destination = path.join(destDir, name);
// download aar
await download(url, destination);
// Add a sha/hash/integrity value?
const hash = await ssri.fromStream(fs.createReadStream(destination));
return {
url,
name,
integrity: hash.toString()
};
}Utils.generateSSRIHashFromURL = async function (url) {
if (url.startsWith('file://')) {
// Generate integrity hash!
return ssri.fromStream(fs.createReadStream(url.slice(7)));
}
const downloadPath = cachedDownloadPath(url);
await fs.remove(downloadPath);
const file = await download(url, downloadPath);
return ssri.fromStream(fs.createReadStream(file));
};const needsIntegrity = !pkg || (!pkg._integrity && pkg._integrity !== false)
const needsShasum = !pkg || (!pkg._shasum && pkg._shasum !== false)
const needsHash = needsIntegrity || needsShasum
const needsManifest = !pkg || !pkg.name
const needsExtract = needsShrinkwrap || needsBin || needsManifest
if (!needsShrinkwrap && !needsBin && !needsHash && !needsManifest) {
return BB.resolve({})
} else {
opts = optCheck(opts)
const tarStream = fetchFromManifest(pkg, spec, opts)
const extracted = needsExtract && new tar.Parse()
return BB.join(
needsShrinkwrap && jsonFromStream('npm-shrinkwrap.json', extracted),
needsManifest && jsonFromStream('package.json', extracted),
needsBin && getPaths(extracted),
needsHash && ssri.fromStream(tarStream, { algorithms: ['sha1', 'sha512'] }),
needsExtract && pipe(tarStream, extracted),
(sr, mani, paths, hash) => {
if (needsManifest && !mani) {
const err = new Error(`Non-registry package missing package.json: ${spec}.`)
err.code = 'ENOPACKAGEJSON'
throw err
}
const extraProps = mani || {}
delete extraProps._resolved
// drain out the rest of the tarball
tarStream.resume()
// if we have directories.bin, we need to collect any matching files
// to add to bin
if (paths && paths.length) {
const dirBin = mani
? (mani && mani.directories && mani.directories.bin).then(() => BB.all([
BB.fromNode((cb) => fs.stat(target, cb)),
ssri.fromStream(fs.createReadStream(target), {
algorithms: ['sha1', 'sha512']
})
]))
.then(([stat, integrity]) => {function getSRI (dataStream) {
return ssri
.fromStream(dataStream, {algorithms: ['sha512']})
.then(integrity => integrity['sha512'][0].source)
}async add(stream, { hint = null } = {}) {
stream.resume();
const chunks = [];
stream.on('data', chunk => chunks.push(chunk));
const integrity = await ssri.fromStream(stream, {
algorithms: this.algorithms
});
const data = Buffer.concat(chunks);
const result = await this.addBuffer(integrity, data, { hint });
return result;
}.then(() =>
Promise.all([
fs.stat(tarFilePath),
ssri.fromStream(fs.createReadStream(tarFilePath), {
algorithms: ["sha1", "sha512"],
}),
])
)ssri
Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
