npmpackage.info

Gathering detailed insights and metrics for indigestion

Other packages similar to indigestion

quiz-presets

22.3.1

Shared babel, webpack, stylint, eslint, rubocop, etc settings/presets/tooling for all the instructure quizzes repos. Because copy pasta leads to indigestion.

Gathering detailed insights and metrics for indigestion

indigestion - 0.3.0 | npmpackage.info

indigestion

Digest header generator, written in TypeScript

0.3.0

MIT

TypeScript

2.82 kB

54,946 2.8

Installations

npm install indigestion

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=12.0.0

Node Version

16.16.0

NPM Version

8.11.0 Pull Requests

Open

1

Total

21

Closed

2

Merged

18

Issues

Open

0

Total

1

Closed

1

Releases

Unable to fetch releases

Languages

TypeScript

TypeScript (100%)

Developer

aaron-goff

Download Statistics

Total Downloads

54,946

Last Day

Last Week

277

Last Month

986

Last Year

8,671

GitHub Statistics

MIT License

1 Stars

60 Commits

1 Watchers

3 Branches

1 Contributors

Updated on Dec 06, 2022

Bundle Size

6.79 kB

Minified

2.82 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

0.3.0

Package Id

indigestion@0.3.0

Unpacked Size

13.95 kB

Size

4.94 kB

File Count

NPM Version

8.11.0

Node Version

16.16.0

Total Downloads

Cumulative downloads

Total Downloads

54,946

Last Day

-21.4%

Compared to previous day

Last Week

10.4%

277

Compared to previous week

Last Month

-25.3%

986

Compared to previous month

Last Year

3.7%

8,671

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@types/node md5

Dev Dependencies

@types/md5 @types/mocha @types/typescript mocha prettier ts-node tslint tslint-config-prettier typescript

Indigestion

Digest Authentication header generator. Takes the www-authenticate header response and returns the Digest... header as a string.

Setup

In your project, install via npm install indigestion

Use

Import indigestion

import indigestion = require("indigestion");

Pass in the appropriate information to the generateDigestAuth() function

const digest = indigestion.generateDigestAuth({
    authenticateHeader: `Digest qop="auth-int", realm="realm", nonce="nonce"`,
    username: "username",
    password: "password",
    uri: "uri"
    method: "method",
    cnonce: "cnonce", //optional
    nc: "nc", //optional
    entityBody: "entityBody" //optional
})

Notes

If cnonce is not provided, it will default to "".
If nc (nonce count) is not provided, it will default to "00000000".
- If nc is provided, the returned nc will be the provided nc + 1 (in hexadecimal)
If using qop=auth-int, entityBody is not optional

Nonce Count

If the nonce count is needed for subsequent calls, use the findNonceCount() function to easily parse the information

const nc = indigestion.findNonceCount(`Digest username="username" realm="realm" nonce="ce16c4a1092c8152f673edab4e56cbdc" uri="/uri" algorithm="MD5" qop=auth-int nc=1234ABCD cnonce="" response=04f863229e7ea0b17120ab0ef97e4649`);

The above will return 1234ABCD.

FAQs

What is the purpose of this library?
- This library will return a digest authentication header. Simply pass in the required information, including the www-authenticate response header from the initial 401 response.
Why not use an existing Digest Authentication library?
- This library is for use cases not covered by existing libraries, such as axios-digest, digest-fetch or node-digest-auth-client, where you want to control the request being sent and just need to be able to pass in the auth header.
- What would that look like? Using axios, something like this...

import axios = require("axios");
import indigestion = require("indigestion);

return new Promise((resolve, reject) => {
      axios
        .get("http://www.test.com/test")
        .then(result => {
          resolve(result);
        })
        .catch(error => {
          if (error.response.status !== 401) reject(error);
          else {
              // If we get a 401 response, we know we have to generate a header.
              // Pull the `www-authenticate` header from the response headers
              const authenticateHeader = error.response.headers["www-authenticate"];
              // Pass in required information to indigestion, which returns the auth string
              const authorization = indigestion.generateDigestAuth({
                  authenticateHeader,
                  username: "username",
                  password: "password",
                  uri: "/test"
                  method: "GET"
              })
              // Try the GET again, this time with the Authorization header specified.
              axios
                .get("http://www.test.com/test", { headers: {Authorization: authorization}})
                .then(result => {
                    resolve(result);
                })
                .catch(error => {
                    reject(error);
                })
          }
        });
    });

I found an issue with the library or have a suggestion to improve the library.
- Please raise an issue or suggestion on the github. Or, if you feel so inclined, create a PR to fix the problem or implement the suggestion.
Why does this library require node v12.0.0 or above?
- The String.prototype.matchAll() functionality used requires node v12.0.0 and above.

Caveats

I've only been able to do extensive testing with real devices for the case where:
- qop=auth
- opaque is insignificant and NOT provided by the www-authenticate header
- cnonce is insignificant and NOT provided by the www-authenticate header
- algorithm is not specified in www-authenticate header, so md5 is defaulted
This means I've been unable to test:
- qop=auth-int or qop is not provided by www-authenticate header
- opaque is significant and provided by www-authenticate header
- cnonce is signficant and provided by www-authenticate header
- algorithm is specified as md5 or md5-sess

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

5

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

2.8

/10

Last Scanned on 2025-05-05

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More