How to use the ssri.fromStream function in ssri

To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github appcelerator-modules / ti.playservices / updater / index.js View on Github external
// obtain latest version of library
        version = await getLatestVersion(`${repository}/${library}?repo=google`);
    }
        
    // obtain library .aar
    const archives = await getFiles(`${repository}/${library}/${version}`, 'aar');
    if (archives.length !== 1) {
        throw new Error(`Expected single URL to download library: ${library}/${version}, but got: ${archives}`);
    }
    const url = archives[0];
    const name = `${library}-${version}.aar`;
    const destination = path.join(destDir, name);
    // download aar
    await download(url, destination);
    // Add a sha/hash/integrity value?
    const hash = await ssri.fromStream(fs.createReadStream(destination));
    return {
        url,
        name,
        integrity: hash.toString()
    };
}
github appcelerator / titanium_mobile / build / lib / utils.js View on Github external
Utils.generateSSRIHashFromURL = async function (url) {
	if (url.startsWith('file://')) {
		// Generate integrity hash!
		return ssri.fromStream(fs.createReadStream(url.slice(7)));
	}

	const downloadPath = cachedDownloadPath(url);
	await fs.remove(downloadPath);
	const file = await download(url, downloadPath);
	return ssri.fromStream(fs.createReadStream(file));
};
github npm / pacote / lib / finalize-manifest.js View on Github external
const needsIntegrity = !pkg || (!pkg._integrity && pkg._integrity !== false)
  const needsShasum = !pkg || (!pkg._shasum && pkg._shasum !== false)
  const needsHash = needsIntegrity || needsShasum
  const needsManifest = !pkg || !pkg.name
  const needsExtract = needsShrinkwrap || needsBin || needsManifest
  if (!needsShrinkwrap && !needsBin && !needsHash && !needsManifest) {
    return BB.resolve({})
  } else {
    opts = optCheck(opts)
    const tarStream = fetchFromManifest(pkg, spec, opts)
    const extracted = needsExtract && new tar.Parse()
    return BB.join(
      needsShrinkwrap && jsonFromStream('npm-shrinkwrap.json', extracted),
      needsManifest && jsonFromStream('package.json', extracted),
      needsBin && getPaths(extracted),
      needsHash && ssri.fromStream(tarStream, { algorithms: ['sha1', 'sha512'] }),
      needsExtract && pipe(tarStream, extracted),
      (sr, mani, paths, hash) => {
        if (needsManifest && !mani) {
          const err = new Error(`Non-registry package missing package.json: ${spec}.`)
          err.code = 'ENOPACKAGEJSON'
          throw err
        }
        const extraProps = mani || {}
        delete extraProps._resolved
        // drain out the rest of the tarball
        tarStream.resume()
        // if we have directories.bin, we need to collect any matching files
        // to add to bin
        if (paths && paths.length) {
          const dirBin = mani
            ? (mani && mani.directories && mani.directories.bin)
github graalvm / graaljs / deps / npm / lib / pack.js View on Github external
.then(() => BB.all([
      BB.fromNode((cb) => fs.stat(target, cb)),
      ssri.fromStream(fs.createReadStream(target), {
        algorithms: ['sha1', 'sha512']
      })
    ]))
    .then(([stat, integrity]) => {
github apmjs / apmjs / src / utils / integrity.js View on Github external
function getSRI (dataStream) {
  return ssri
  .fromStream(dataStream, {algorithms: ['sha512']})
  .then(integrity => integrity['sha512'][0].source)
}
github entropic-dev / entropic / services / storage / lib / object-storage.js View on Github external
async add(stream, { hint = null } = {}) {
    stream.resume();
    const chunks = [];
    stream.on('data', chunk => chunks.push(chunk));
    const integrity = await ssri.fromStream(stream, {
      algorithms: this.algorithms
    });
    const data = Buffer.concat(chunks);
    const result = await this.addBuffer(integrity, data, { hint });
    return result;
  }
github lerna / lerna / utils / get-packed / lib / get-packed.js View on Github external
.then(() =>
      Promise.all([
        fs.stat(tarFilePath),
        ssri.fromStream(fs.createReadStream(tarFilePath), {
          algorithms: ["sha1", "sha512"],
        }),
      ])
    )

ssri

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

ISC
Latest version published 3 months ago

Package Health Score

92 / 100
Full package analysis