Gathering detailed insights and metrics for zamanejs
Gathering detailed insights and metrics for zamanejs
Installations
npm install zamanejsDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=16
Node Version
20.11.1
NPM Version
10.5.0
Score
68.7
Supply Chain
98.9
Quality
82.8
Maintenance
100
Vulnerability
100
License
Releases
12
Contributors
3
Unable to fetch Contributors
Languages
1
TypeScript
TypeScript (100%)
Developer
Download Statistics
Total Downloads
2,124
Last Day
2
Last Week
7
Last Month
50
Last Year
1,293
GitHub Statistics
9 Stars
101 Commits
5 Forks
2 Watching
7 Branches
3 Contributors
Bundle Size
140.29 kB
Minified
26.61 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.0.8
Package Id
zamanejs@2.0.8
Unpacked Size
31.07 kB
Size
8.06 kB
File Count
9
NPM Version
10.5.0
Node Version
20.11.1
Publised On
14 May 2024
Total Downloads
Cumulative downloads
Total Downloads
2,124
Last day
0%
2
Compared to previous day
Last week
-36.4%
7
Compared to previous week
Last month
85.2%
50
Compared to previous month
Last year
509.9%
1,293
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
23
@microsoft/eslint-formatter-sarif@semantic-release/changelog@semantic-release/commit-analyzer@semantic-release/git@semantic-release/github@semantic-release/npm@semantic-release/release-notes-generator@swc/cli@swc/core@swc/jest@types/hasbin@types/jest@types/node@typescript-eslint/eslint-plugineslinteslint-config-prettiereslint-plugin-prettierjestprettierrimraftmp-promisetypescriptunbuild
Versions
ZamaneJS
ZamaneJS is a JavaScript implementation of the Zamane timestamping service. It provides a simple and easy-to-use API for interacting with the Zamane service.
I'n theory this is just a basic implementation of RFC3161 but since there are some small changes necessary for Zamane to work, I've decided to create a separate package. See ZamaneFix file for the details.
Zamane
Zamane is an app written by TUBITAK for Turkish goverment that creates timestamps for given files. These timestamps could be used in court to prove as evidence that file or document existed at the claimed time.
Legal
This package is not affiliated with TUBITAK. It is an open-source project and is not responsible for any legal issues that may arise from the use of this package. It is the responsibility of the user to ensure that the use of this package complies with the laws of the country in which it is used.
Contact
For any questions or suggestions, you can contact me at my email. Please include [zamane] in the subject line.
Features
- Pure JavaScript implementation, no external cli dependencies required.
- Provides methods for hashing files and strings, requesting timestamps, and validating timestamps.
- Supports both file-based and string-based timestamping.
Installation
You can install ZamaneJS using npm or yarn:
1npm install zamanejs 2# or 3yarn add zamanejs
Credentials
You need to buy credits in order to timestamp files. But for development and testing purposes you can request sample credentials from TUBITAK.
quoted from source
Zamane test kullanıcısı talep etmek amacıyla Kamu SM (bilgi[at]kamusm.gov.tr)'ye e-posta gönderilmesi gerekmektedir. İlgili e-posta'nın konu kısmında "Zamane test kullanıcı talebi", içeriğinde ise "Kurum adı, kurum vergi kimlik numarası, kurum adresi, kurum sabit telefon, yetkili kişi adı ve soyadı, cep telefonu numarası, yetkili kişi e-posta" bilgilerinin ve Sha-256 veya Sha-512 özet algoritmasından hangisinin istendiğinin yer alması gerekmektedir.
translation
In order to request a time test user, an e-mail should be sent to Kamu SM (bilgi[at]kamusm.gov.tr). "Time test user request" in the subject part of the relevant e-mail, and in the content, "Institution name, corporate tax identification number, institution address, corporate landline phone, authorized person name and surname, mobile phone number, authorized person e-mail" information. and whether Sha-256 or Sha-512 hash algorithm is desired.
please note that Kamu SM might require an email written in Turkish!
How to get real credentials
Here are the list of issuers for paid credentials. (not the full list or the offical list)
- https://e-tugra.com.tr/zaman-damgasi/
- https://tssuser.e-imzatr.com.tr:8027/
- https://zdportal.kamusm.gov.tr/
Usage
First, import the Zamane class and create a new instance with your credentials:
1import { Zamane } from 'zamanejs'; 2 3const zamane = new Zamane({ 4 tssAddress: 'http://tzd.kamusm.gov.tr', // goverments sample timestamp server 5 hashAlgorithm: 'SHA-256', // the hash algorithm to use. either 'SHA-256' or 'SHA-512' 6 customerNo: '00000', // your customer number. only contains digits, if not required don't pass it 7 customerPassword: 'a1b2c3d4', // your customer password, if not required don't pass it 8});
Hashing a file
You can hash a file using the hashFromPath method:
1zamane.hashFromPath("example.txt").then(hash => { 2 console.log("File Hash: ", hash); 3});
Hashing a string
You can hash a string using the hashFromString method:
1zamane.hashFromString("Test Contents").then(hash => { 2 console.log("String Hash: ", hash); 3});
Requesting a timestamp
You can request a timestamp using the timeStampRequest method:
1const hash = await zamane.hashFromString("Test Contents"); 2zamane.timeStampRequest(hash).then(timestamp => { 3 console.log("Timestamp: ", timestamp); 4});
License
ZamaneJS is licensed under the MIT License. See the LICENSE file for more details.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
27 out of 27 merged PRs checked by a CI test -- score normalized to 10
Reason
9 different organizations found -- score normalized to 10
Details
- Info: contributors work for AppacYazilim,City-Lojistik,appacyazilim,jwtwallet,kartalbombe,okanmekatronik,semantic-release,toktutorg,zaimcompany
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: tool 'Dependabot' is used: .github/dependabot.yml:1
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
SAST tool is run on all commits
Details
- Info: all commits (27) are checked with a SAST tool
- Info: SAST tool detected: CodeQL
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/dependency-review.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/dependency-review.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typechecks.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typechecks.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=pin
- Info: 3 out of 23 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 third-party GitHubAction dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'main'
- Info: 'allow deletion' disabled on branch 'main'
- Warn: status checks do not require up-to-date branches for 'main'
- Info: status check found to merge onto on branch 'main'
- Warn: number of required reviewers is only 0 on branch 'main'
- Info: stale review dismissal enabled on branch 'main'
- Warn: settings do not apply to administrators on branch 'main'
- Warn: codeowner review is not required on branch 'main'
Reason
found 4 unreviewed changesets out of 5 -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
- Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
- Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Reason
0 commit(s) out of 30 and 0 issue activity out of 13 found in the last 90 days -- score normalized to 0
Reason
security policy file not detected
Details
- Warn: no security policy file detected: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. For additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)
- Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Provide a point of contact in your SECURITY.md. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
- Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
- Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:37
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:38
- Warn: no topLevel permission defined: .github/workflows/coverage.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:22
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:8
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/typechecks.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Score
5.2
/10
Last Scanned on 2024-12-21T04:43:52Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More