diff options
author | Myles Borins <mylesborins@github.com> | 2020-10-02 17:52:19 -0400 |
---|---|---|
committer | Myles Borins <mylesborins@github.com> | 2020-10-07 09:59:49 -0400 |
commit | 2e545249557c265f7d5f338cc3a382985211603c (patch) | |
tree | a18ca49252a58cc5a80cd438a020a99bf48a8d23 /deps/npm/node_modules/ssri/README.md | |
parent | 14699846452e627f97dedb85991eea67d932a79d (diff) | |
download | node-new-2e545249557c265f7d5f338cc3a382985211603c.tar.gz |
deps: update npm to 7.0.0-rc.3
PR-URL: https://github.com/nodejs/node/pull/35474
Reviewed-By: Ruy Adorno <ruyadorno@github.com>
Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
Reviewed-By: Ben Coe <bencoe@gmail.com>
Reviewed-By: Geoffrey Booth <webmaster@geoffreybooth.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to 'deps/npm/node_modules/ssri/README.md')
-rw-r--r-- | deps/npm/node_modules/ssri/README.md | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/deps/npm/node_modules/ssri/README.md b/deps/npm/node_modules/ssri/README.md index c250961bd3..0cd41be898 100644 --- a/deps/npm/node_modules/ssri/README.md +++ b/deps/npm/node_modules/ssri/README.md @@ -1,6 +1,6 @@ -# ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/zkat/ssri.svg)](https://travis-ci.org/zkat/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/zkat/ssri?svg=true)](https://ci.appveyor.com/project/zkat/ssri) [![Coverage Status](https://coveralls.io/repos/github/zkat/ssri/badge.svg?branch=latest)](https://coveralls.io/github/zkat/ssri?branch=latest) +# ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/npm/ssri.svg)](https://travis-ci.org/npm/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/npm/ssri?svg=true)](https://ci.appveyor.com/project/npm/ssri) [![Coverage Status](https://coveralls.io/repos/github/npm/ssri/badge.svg?branch=latest)](https://coveralls.io/github/npm/ssri?branch=latest) -[`ssri`](https://github.com/zkat/ssri), short for Standard Subresource +[`ssri`](https://github.com/npm/ssri), short for Standard Subresource Integrity, is a Node.js utility for parsing, manipulating, serializing, generating, and verifying [Subresource Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) hashes. @@ -19,6 +19,7 @@ Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) hashes. * [`parse`](#parse) * [`stringify`](#stringify) * [`Integrity#concat`](#integrity-concat) + * [`Integrity#merge`](#integrity-merge) * [`Integrity#toString`](#integrity-to-string) * [`Integrity#toJSON`](#integrity-to-json) * [`Integrity#match`](#integrity-match) @@ -184,6 +185,45 @@ const mobileIntegrity = ssri.fromData(fs.readFileSync('./index.mobile.js')) desktopIntegrity.concat(mobileIntegrity) ``` +#### <a name="integrity-merge"></a> `> Integrity#merge(otherIntegrity, [opts])` + +Safely merges another IntegrityLike or integrity string into an `Integrity` +object. + +If the other integrity value has any algorithms in common with the current +object, then the hash digests must match, or an error is thrown. + +Any new hashes will be added to the current object's set. + +This is useful when an integrity value may be upgraded with a stronger +algorithm, you wish to prevent accidentally supressing integrity errors by +overwriting the expected integrity value. + +##### Example + +```javascript +const data = fs.readFileSync('data.txt') + +// integrity.txt contains 'sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=' +// because we were young, and didn't realize sha1 would not last +const expectedIntegrity = ssri.parse(fs.readFileSync('integrity.txt', 'utf8')) +const match = ssri.checkData(data, expectedIntegrity, { + algorithms: ['sha512', 'sha1'] +}) +if (!match) { + throw new Error('data corrupted or something!') +} + +// get a stronger algo! +if (match && match.algorithm !== 'sha512') { + const updatedIntegrity = ssri.fromData(data, { algorithms: ['sha512'] }) + expectedIntegrity.merge(updatedIntegrity) + fs.writeFileSync('integrity.txt', expectedIntegrity.toString()) + // file now contains + // 'sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4= sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg==' +} +``` + #### <a name="integrity-to-string"></a> `> Integrity#toString([opts]) -> String` Returns the string representation of an `Integrity` object. All hash entries |