npmpackage.info

Gathering detailed insights and metrics for @digitalbazaar/http-signature-header

Other packages similar to @digitalbazaar/http-signature-header

http-signature-header

3.0.0

[![NPM Version](https://img.shields.io/npm/v/http-signature-header.svg)](https://npm.im/http-signature-header) [![Build status](https://img.shields.io/github/workflow/status/digitalbazaar/http-signature-header/Node.js%20CI)](https://github.com/digitalbaza

Gathering detailed insights and metrics for @digitalbazaar/http-signature-header

@digitalbazaar/http-signature-header

5.0.1

BSD-3-Clause

JavaScript

23.54 kB

131,399 3.9

Installations

npm install @digitalbazaar/http-signature-header

Developer Guide

BETA

Typescript

No

Module System

ESM, UMD

Min. Node Version

>=14

Node Version

20.13.0

NPM Version

10.8.2 Score

79.3

Supply Chain

91.4

Quality

81.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

3

Total

41

Closed

5

Merged

33

Issues

Open

10

Total

15

Closed

5

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

View all 14 contributors

Languages

JavaScript

Shell

JavaScript (99.66%)

Shell (0.34%)

Developer

digitalbazaar

Download Statistics

Total Downloads

131,399

Last Day

1,016

Last Week

3,087

Last Month

10,133

Last Year

65,975

GitHub Statistics

8 Stars

269 Commits

2 Forks

12 Watching

7 Branches

14 Contributors

Maintainers

Package Meta Information

Latest Version

5.0.1

Package Id

@digitalbazaar/http-signature-header@5.0.1

Unpacked Size

23.54 kB

Size

7.69 kB

File Count

NPM Version

10.8.2

Node Version

20.13.0

Publised On

08 Aug 2024

Total Downloads

Cumulative downloads

Total Downloads

131,399

Last day

42.1%

1,016

Compared to previous day

Last week

35.7%

3,087

Compared to previous week

Last month

38.5%

10,133

Compared to previous month

Last year

55.8%

65,975

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

assert-plus

Dev Dependencies

c8 chai cross-env eslint eslint-config-digitalbazaar eslint-plugin-jsdoc eslint-plugin-unicorn karma karma-chai karma-chrome-launcher karma-mocha karma-mocha-reporter karma-sourcemap-loader karma-webpack mocha uuid webpack

Versions

HTTP Signature Header (http-signature-header)

A JavaScript library for creating and verifying HTTP Signature headers

Background
Install
Usage
Contribute
Commercial Support
License

Background

HTTP Signatures IETF draft

Install

To install locally (for development):

git clone https://github.com/digitalbazaar/http-signature-header.git
cd http-signature-header
npm install

Usage

1import {
2  createAuthzHeader, createSignatureString
3} from '@digitalbazaar/http-signature-header';
4
5const requestOptions = {
6  url,
7  method: 'POST',
8  headers
9}
10const includeHeaders = ['expires', 'host', '(request-target)'];
11const plaintext = createSignatureString({includeHeaders, requestOptions});
12
13const data = new TextEncoder().encode(plaintext);
14const signature = base64url.encode(await signer.sign({data}));
15
16const Authorization = createAuthzHeader({
17  includeHeaders,
18  keyId: signer.id,
19  signature
20});

Contribute

Please follow the existing code style.

PRs accepted.

If editing the Readme, please conform to the standard-readme specification.

Commercial Support

Commercial support for this library is available upon request from Digital Bazaar: support@digitalbazaar.com

License

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:64
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:18
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:33
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:48
Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 0 out of 4 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

Score

3.9

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @digitalbazaar/http-signature-header

Other packages similar to @digitalbazaar/http-signature-header

@digitalbazaar/http-signature-header

Installations

Developer Guide

No

ESM, UMD

>=14

20.13.0

10.8.2

Score

Pull Requests

3

41

5

33

Issues

10

15

5

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

Languages

Developer

digitalbazaar

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

131,399

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

HTTP Signature Header (http-signature-header)

Table of Contents

Background

Install

Usage

Contribute

Commercial Support

License

10

10

10

10

1

0

0

0

0

0

0

0

3.9

/10