Installations
npm install indigestionDeveloper Guide
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=12.0.0
Node Version
16.16.0
NPM Version
8.11.0
Score
68.6
Supply Chain
97.6
Quality
75.3
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
Unable to fetch Contributors
Languages
TypeScript (100%)
Developer
aaron-goff
Download Statistics
Total Downloads
51,514
Last Day
40
Last Week
93
Last Month
387
Last Year
6,913
GitHub Statistics
1 Stars
60 Commits
1 Watching
3 Branches
1 Contributors
Bundle Size
6.79 kB
Minified
2.82 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
0.3.0
Package Id
indigestion@0.3.0
Unpacked Size
13.95 kB
Size
4.94 kB
File Count
9
NPM Version
8.11.0
Node Version
16.16.0
Total Downloads
Cumulative downloads
Total Downloads
51,514
Last day
60%
40
Compared to previous day
Last week
5.7%
93
Compared to previous week
Last month
14.5%
387
Compared to previous month
Last year
-39.2%
6,913
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Indigestion
Digest Authentication header generator. Takes the www-authenticate header response and returns the Digest... header as a string.
Setup
- In your project, install via
npm install indigestion
Use
- Import
indigestion
import indigestion = require("indigestion");
- Pass in the appropriate information to the
generateDigestAuth()function
const digest = indigestion.generateDigestAuth({
authenticateHeader: `Digest qop="auth-int", realm="realm", nonce="nonce"`,
username: "username",
password: "password",
uri: "uri"
method: "method",
cnonce: "cnonce", //optional
nc: "nc", //optional
entityBody: "entityBody" //optional
})
Notes
- If
cnonceis not provided, it will default to"". - If
nc(nonce count) is not provided, it will default to"00000000".- If
ncis provided, the returnedncwill be the providednc+ 1 (in hexadecimal)
- If
- If using
qop=auth-int,entityBodyis not optional
Nonce Count
- If the nonce count is needed for subsequent calls, use the
findNonceCount()function to easily parse the information
const nc = indigestion.findNonceCount(`Digest username="username" realm="realm" nonce="ce16c4a1092c8152f673edab4e56cbdc" uri="/uri" algorithm="MD5" qop=auth-int nc=1234ABCD cnonce="" response=04f863229e7ea0b17120ab0ef97e4649`);
The above will return 1234ABCD.
FAQs
- What is the purpose of this library?
- This library will return a digest authentication header. Simply pass in the required information, including the
www-authenticateresponse header from the initial 401 response.
- This library will return a digest authentication header. Simply pass in the required information, including the
- Why not use an existing Digest Authentication library?
- This library is for use cases not covered by existing libraries, such as
axios-digest,digest-fetchornode-digest-auth-client, where you want to control the request being sent and just need to be able to pass in the auth header. - What would that look like? Using
axios, something like this...
- This library is for use cases not covered by existing libraries, such as
import axios = require("axios");
import indigestion = require("indigestion);
return new Promise((resolve, reject) => {
axios
.get("http://www.test.com/test")
.then(result => {
resolve(result);
})
.catch(error => {
if (error.response.status !== 401) reject(error);
else {
// If we get a 401 response, we know we have to generate a header.
// Pull the `www-authenticate` header from the response headers
const authenticateHeader = error.response.headers["www-authenticate"];
// Pass in required information to indigestion, which returns the auth string
const authorization = indigestion.generateDigestAuth({
authenticateHeader,
username: "username",
password: "password",
uri: "/test"
method: "GET"
})
// Try the GET again, this time with the Authorization header specified.
axios
.get("http://www.test.com/test", { headers: {Authorization: authorization}})
.then(result => {
resolve(result);
})
.catch(error => {
reject(error);
})
}
});
});
- I found an issue with the library or have a suggestion to improve the library.
- Please raise an issue or suggestion on the github. Or, if you feel so inclined, create a PR to fix the problem or implement the suggestion.
- Why does this library require node v12.0.0 or above?
- The
String.prototype.matchAll()functionality used requires node v12.0.0 and above.
- The
Caveats
- I've only been able to do extensive testing with real devices for the case where:
qop=authopaqueis insignificant and NOT provided by thewww-authenticateheadercnonceis insignificant and NOT provided by thewww-authenticateheaderalgorithmis not specified inwww-authenticateheader, somd5is defaulted
- This means I've been unable to test:
qop=auth-intorqopis not provided bywww-authenticateheaderopaqueis significant and provided bywww-authenticateheadercnonceis signficant and provided bywww-authenticateheaderalgorithmis specified asmd5ormd5-sess
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/6 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
2.9
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More