npmpackage.info

zamanejs

TS/JS ile Zaman Damgası

2.0.8

MIT

TypeScript

26.61 kB

2,124 5.2

Installations

npm install zamanejs

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Min. Node Version

>=16

Node Version

20.11.1

NPM Version

10.5.0 Score

68.7

Supply Chain

98.9

Quality

82.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

7

Total

98

Closed

39

Merged

52

Issues

Open

2

Total

13

Closed

11

Releases

v2.0.8

Published on 14 May 2024

v2.0.7

Published on 23 Apr 2024

v2.0.6

Published on 11 Apr 2024

v2.0.5

Published on 05 Apr 2024

v2.0.4

Published on 05 Apr 2024

v2.0.3

Published on 05 Apr 2024

View all 12 releases

Contributors

Unable to fetch Contributors

View all 3 contributors

Languages

TypeScript

TypeScript (100%)

Developer

AppacYazilim

Download Statistics

Total Downloads

2,124

Last Day

Last Week

Last Month

Last Year

1,293

GitHub Statistics

9 Stars

101 Commits

5 Forks

2 Watching

7 Branches

3 Contributors

Bundle Size

140.29 kB

Minified

26.61 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

2.0.8

Package Id

zamanejs@2.0.8

Unpacked Size

31.07 kB

Size

8.06 kB

File Count

NPM Version

10.5.0

Node Version

20.11.1

Publised On

14 May 2024

Total Downloads

Cumulative downloads

Total Downloads

2,124

Last day

Compared to previous day

Last week

-36.4%

Compared to previous week

Last month

85.2%

Compared to previous month

Last year

509.9%

1,293

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

ZamaneJS

ZamaneJS is a JavaScript implementation of the Zamane timestamping service. It provides a simple and easy-to-use API for interacting with the Zamane service.

I'n theory this is just a basic implementation of RFC3161 but since there are some small changes necessary for Zamane to work, I've decided to create a separate package. See ZamaneFix file for the details.

Zamane

Zamane is an app written by TUBITAK for Turkish goverment that creates timestamps for given files. These timestamps could be used in court to prove as evidence that file or document existed at the claimed time.

Legal

This package is not affiliated with TUBITAK. It is an open-source project and is not responsible for any legal issues that may arise from the use of this package. It is the responsibility of the user to ensure that the use of this package complies with the laws of the country in which it is used.

Contact

For any questions or suggestions, you can contact me at my email. Please include [zamane] in the subject line.

Features

Pure JavaScript implementation, no external cli dependencies required.
Provides methods for hashing files and strings, requesting timestamps, and validating timestamps.
Supports both file-based and string-based timestamping.

Installation

You can install ZamaneJS using npm or yarn:

1npm install zamanejs
2# or
3yarn add zamanejs

Credentials

You need to buy credits in order to timestamp files. But for development and testing purposes you can request sample credentials from TUBITAK.

quoted from source

Zamane test kullanıcısı talep etmek amacıyla Kamu SM (bilgi[at]kamusm.gov.tr)'ye e-posta gönderilmesi gerekmektedir. İlgili e-posta'nın konu kısmında "Zamane test kullanıcı talebi", içeriğinde ise "Kurum adı, kurum vergi kimlik numarası, kurum adresi, kurum sabit telefon, yetkili kişi adı ve soyadı, cep telefonu numarası, yetkili kişi e-posta" bilgilerinin ve Sha-256 veya Sha-512 özet algoritmasından hangisinin istendiğinin yer alması gerekmektedir.

translation

In order to request a time test user, an e-mail should be sent to Kamu SM (bilgi[at]kamusm.gov.tr). "Time test user request" in the subject part of the relevant e-mail, and in the content, "Institution name, corporate tax identification number, institution address, corporate landline phone, authorized person name and surname, mobile phone number, authorized person e-mail" information. and whether Sha-256 or Sha-512 hash algorithm is desired.

please note that Kamu SM might require an email written in Turkish!

How to get real credentials

Here are the list of issuers for paid credentials. (not the full list or the offical list)

Usage

First, import the Zamane class and create a new instance with your credentials:

1import { Zamane } from 'zamanejs';
2
3const zamane = new Zamane({
4  tssAddress: 'http://tzd.kamusm.gov.tr', // goverments sample timestamp server
5  hashAlgorithm: 'SHA-256', // the hash algorithm to use. either 'SHA-256' or 'SHA-512'
6  customerNo: '00000', // your customer number. only contains digits, if not required don't pass it
7  customerPassword: 'a1b2c3d4', // your customer password, if not required don't pass it
8});

Hashing a file

You can hash a file using the hashFromPath method:

1zamane.hashFromPath("example.txt").then(hash => {
2  console.log("File Hash: ", hash);
3});

Hashing a string

You can hash a string using the hashFromString method:

1zamane.hashFromString("Test Contents").then(hash => {
2  console.log("String Hash: ", hash);
3});

Requesting a timestamp

You can request a timestamp using the timeStampRequest method:

1const hash = await zamane.hashFromString("Test Contents");
2zamane.timeStampRequest(hash).then(timestamp => {
3  console.log("Timestamp: ", timestamp);
4});

License

ZamaneJS is licensed under the MIT License. See the LICENSE file for more details.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

SAST

Determines if the project uses static code analysis.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

5

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 5

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/dependency-review.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/dependency-review.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typechecks.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typechecks.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=pin
Info: 3 out of 23 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 2 third-party GitHubAction dependencies pinned
Info: 4 out of 4 npmCommand dependencies pinned

3

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Reason

project is not fuzzed

Details

Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)

0

Maintained

Determines if the project is "actively maintained".

0

Security-Policy

Determines if the project has published a security policy.

Reason

security policy file not detected

Details

Warn: no security policy file detected: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. For additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Provide a point of contact in your SECURITY.md. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: no topLevel permission defined: .github/workflows/build.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/build.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: no topLevel permission defined: .github/workflows/codeql.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/codeql.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:37
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:38
Warn: no topLevel permission defined: .github/workflows/coverage.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/coverage.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:22
Warn: no topLevel permission defined: .github/workflows/lint.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/lint.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:8
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16: Verify which permissions are needed and consider whether you can reduce them. (High effort)
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: no topLevel permission defined: .github/workflows/tests.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/tests.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: no topLevel permission defined: .github/workflows/typechecks.yml:1: Visit https://app.stepsecurity.io/secureworkflow/AppacYazilim/zamanejs/typechecks.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)

Score

5.2

/10

Last Scanned on 2024-12-21T04:43:52Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

zamanejs

Installations

Developer Guide

Yes

ESM

>=16

20.11.1

10.5.0

Score

Pull Requests

7

98

39

52

Issues

2

13

11

Releases

Contributors

Unable to fetch Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Bundle Size

140.29 kB

26.61 kB

Maintainers

Package Meta Information

Total Downloads

2,124

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

ZamaneJS

Zamane

Legal

Contact

Features

Installation

Credentials

How to get real credentials

Usage

Hashing a file

Hashing a string

Requesting a timestamp

License

10

10

10

10

10

10

10

6

5

3

2

0

0

0

0

0

5.2

/10