npmpackage.info

http-signature-header

3.0.0

BSD-3-Clause

JavaScript

2.52 kB

Installations

npm install http-signature-header

Developer Guide

BETA

Typescript

No

Module System

CommonJS, UMD

Min. Node Version

>=8.6.0

Node Version

14.18.2

NPM Version

6.14.15 Score

72.1

Supply Chain

90.5

Quality

80.4

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

3

Total

41

Closed

5

Merged

33

Issues

Open

10

Total

15

Closed

5

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

View all 14 contributors

Languages

JavaScript

Shell

JavaScript (99.66%)

Shell (0.34%)

Developer

digitalbazaar

Download Statistics

Total Downloads

60,924

Last Day

Last Week

Last Month

188

Last Year

3,711

GitHub Statistics

8 Stars

269 Commits

2 Forks

12 Watching

7 Branches

14 Contributors

Bundle Size

6.66 kB

Minified

2.52 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

3.0.0

Package Id

http-signature-header@3.0.0

Unpacked Size

26.22 kB

Size

8.58 kB

File Count

NPM Version

6.14.15

Node Version

14.18.2

Total Downloads

Cumulative downloads

Total Downloads

60,924

Last day

150%

Compared to previous day

Last week

Compared to previous week

Last month

13.3%

188

Compared to previous month

Last year

-20.4%

3,711

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

assert-plus

Dev Dependencies

chai cross-env eslint eslint-config-digitalbazaar eslint-plugin-jsdoc karma karma-chai karma-chrome-launcher karma-mocha karma-mocha-reporter karma-sourcemap-loader karma-webpack mocha nyc uuid webpack

Versions

HTTP Signature Header (http-signature-header)

A JavaScript library for creating and verifying HTTP Signature headers

Background
Install
Usage
Contribute
Commercial Support
License

Background

HTTP Signatures IETF draft

Install

To install locally (for development):

git clone https://github.com/digitalbazaar/http-signature-header.git
cd http-signature-header
npm install

Usage

1const {createAuthzHeader, createSignatureString} = require('http-signature-header');
2
3const requestOptions = {
4  url,
5  method: 'POST',
6  headers
7}
8const includeHeaders = ['expires', 'host', '(request-target)'];
9const plaintext = createSignatureString({includeHeaders, requestOptions});
10
11const data = new TextEncoder().encode(plaintext);
12const signature = base64url.encode(await signer.sign({data}));
13
14const Authorization = createAuthzHeader({
15  includeHeaders,
16  keyId: signer.id,
17  signature
18});

Contribute

Please follow the existing code style.

PRs accepted.

If editing the Readme, please conform to the standard-readme specification.

Commercial Support

Commercial support for this library is available upon request from Digital Bazaar: support@digitalbazaar.com

License

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/digitalbazaar/http-signature-header/main.yaml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:64
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:18
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:33
Warn: npmCommand not pinned by hash: .github/workflows/main.yaml:48
Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 0 out of 4 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

Score

3.9

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to http-signature-header

@digitalbazaar/http-signature-header

5.0.1

[![NPM Version](https://img.shields.io/npm/v/http-signature-header.svg)](https://npm.im/http-signature-header) [![Build status](https://img.shields.io/github/workflow/status/digitalbazaar/http-signature-header/Node.js%20CI)](https://github.com/digitalbaza

http-signature-header-signing

0.1.6

http signature header signing

authorization-signature

1.0.3

Create HTTP Authorization header values for [HTTP Message Signatures](https://oauth.net/http-signatures/).

header-forwarder

1.0.0

Package with utilities to extract HTTP headers with X-* signature

http-signature-header

Installations

Developer Guide

No

CommonJS, UMD

>=8.6.0

14.18.2

6.14.15

Score

Pull Requests

3

41

5

33

Issues

10

15

5

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

Languages

Developer

digitalbazaar

Download Statistics

GitHub Statistics

Bundle Size

6.66 kB

2.52 kB

Maintainers

Package Meta Information

Total Downloads

60,924

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

HTTP Signature Header (http-signature-header)

Table of Contents

Background

Install

Usage

Contribute

Commercial Support

License

10

10

10

10

1

0

0

0

0

0

0

0

3.9

/10

Other packages similar to http-signature-header