How to use the ssri.stringify function in ssri

To help you get started, we’ve selected a few ssri examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github npm / pacote / lib / finalize-manifest.js View on Github external
function finalKey (pkg, spec) {
  if (pkg && pkg._uniqueResolved) {
    // git packages have a unique, identifiable id, but no tar sha
    return cacheKey(`${spec.type}-manifest`, pkg._uniqueResolved)
  } else {
    return (
      pkg && pkg._integrity &&
      cacheKey(
        `${spec.type}-manifest`,
        `${pkg._resolved}:${ssri.stringify(pkg._integrity)}`
      )
    )
  }
}
github yarnpkg / yarn / src / cli / commands / install.js View on Github external
const integrityPatternsAreSameAsInLockfile = Object.keys(lockfileBasedOnResolver).every(pattern => {
      const existingIntegrityInfo = lockfileBasedOnResolver[pattern].integrity;
      if (!existingIntegrityInfo) {
        // if this entry does not have an integrity, no need to re-write the lockfile because of it
        return true;
      }
      const manifest = this.lockfile.getLocked(pattern);
      if (manifest && manifest.integrity) {
        const manifestIntegrity = ssri.stringify(manifest.integrity);
        return manifestIntegrity === existingIntegrityInfo;
      }
      return false;
    });
github npm / cacache / lib / entry-index.js View on Github external
function insert (cache, key, integrity, opts) {
  opts = IndexOpts(opts)
  const bucket = bucketPath(cache, key)
  const entry = {
    key,
    integrity: integrity && ssri.stringify(integrity),
    time: Date.now(),
    size: opts.size,
    metadata: opts.metadata
  }
  return fixOwner
    .mkdirfix(cache, path.dirname(bucket))
    .then(() => {
      const stringified = JSON.stringify(entry)
      // NOTE - Cleverness ahoy!
      //
      // This works because it's tremendously unlikely for an entry to corrupt
      // another while still preserving the string length of the JSON in
      // question. So, we just slap the length in there and verify it on read.
      //
      // Thanks to @isaacs for the whiteboarding session that ended up with this.
      return appendFile(bucket, `\n${hashEntry(stringified)}\t${stringified}`)
github npm / cacache / test / get.js View on Github external
.on('integrity', (int) => {
      integrity = ssri.stringify(int)
    })
    .on('metadata', (m) => {
github npm / cacache / lib / entry-index.js View on Github external
function insertSync (cache, key, integrity, opts) {
  opts = IndexOpts(opts)
  const bucket = bucketPath(cache, key)
  const entry = {
    key,
    integrity: integrity && ssri.stringify(integrity),
    time: Date.now(),
    size: opts.size,
    metadata: opts.metadata
  }
  fixOwner.mkdirfix.sync(cache, path.dirname(bucket))
  const stringified = JSON.stringify(entry)
  fs.appendFileSync(bucket, `\n${hashEntry(stringified)}\t${stringified}`)
  try {
    fixOwner.chownr.sync(cache, bucket)
  } catch (err) {
    if (err.code !== 'ENOENT') {
      throw err
    }
  }
  return formatEntry(cache, entry)
}

ssri

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

ISC
Latest version published 3 months ago

Package Health Score

92 / 100
Full package analysis