npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@trustnxt/c2pa-ts

v0.5.4

Published

Pure TypeScript implementation of C2PA manifest reading, validation, and creation

Downloads

93

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

karlotrustnxtkarlotrustnxtcyraxxcyraxx

Keywords

Readme

c2pa-ts

About

c2pa-ts is a pure TypeScript implementation of Coalition for Content Provenance and Authenticity (C2PA) according to specification version 2.0.

It does not use any native binaries or WebAssembly and is therefore truly platform independent. In modern browsers as well as Node.js it should run out of the box. In mobile apps or other environments lacking browser APIs, some external code may be necessary (see below for details).

Developed and curated by TrustNXT in Hamburg, Germany and licensed under the Apache 2.0 License. Contributions welcome!

Roadmap and current status

This library is under active development and not fully functional yet. Proceed with caution!

Anything that's not listed below is not currently planned to be implemented.

Overall functionality

  • :white_check_mark: Reading manifests
  • :construction: Validating manifests (mostly implemented except chain of trust validation)
  • :white_check_mark: Creating manifests

:information_source: On C2PA versions: The library is targeted at C2PA specification 2.0, however data structures from older versions of the specification are also supported for backwards compatibility.

:information_source: Although it is a separate project from C2PA, the library also includes support for several CAWG assertions.

Asset file formats

  • :white_check_mark: JPEG
  • :white_check_mark: PNG
  • :white_check_mark: HEIC/HEIF
  • :x: GIF
  • :x: TIFF
  • :x: WebP

Supported assertions

  • :white_check_mark: Data Hash
  • :white_check_mark: BMFF-Based Hash (except Merkle tree hashing)
  • :x: General Boxes Hash
  • :white_check_mark: Thumbnail
  • :white_check_mark: Actions (except action templates and metadata)
  • :white_check_mark: Ingredient
  • :white_check_mark: Metadata (specialized, common, generic, and CAWG variants)
  • :white_check_mark: Creative Work
  • :white_check_mark: Training and Data Mining (C2PA and CAWG variants)
  • :x: CAWG Identity

JUMBF boxes

  • :white_check_mark: CBOR boxes
  • :white_check_mark: JSON boxes
  • :white_check_mark: Codestream boxes
  • :white_check_mark: Embedded file boxes
  • :white_check_mark: UUID boxes
  • :white_check_mark: C2PA salt boxes
  • :x: Compressed boxes

Usage examples

Example usage in a Node.js environment:

import * as fs from 'node:fs/promises';
import { MalformedContentError } from '@trustnxt/c2pa-ts';
import { Asset, BMFF, JPEG, PNG } from '@trustnxt/c2pa-ts/asset';
import { SuperBox } from '@trustnxt/c2pa-ts/jumbf';
import { ManifestStore, ValidationResult, ValidationStatusCode } from '@trustnxt/c2pa-ts/manifest';

if (process.argv.length < 3) {
    console.error('Missing filename');
    process.exit(1);
}

const buf = await fs.readFile(process.argv[2]);

// Read the asset file and dump some information about its structure
let asset: Asset;
if (JPEG.canRead(buf)) {
    asset = new JPEG(buf);
} else if (PNG.canRead(buf)) {
    asset = new PNG(buf);
} else if (BMFF.canRead(buf)) {
    asset = new BMFF(buf);
} else {
    console.error('Unknown file format');
    process.exit(1);
}
console.log(asset.dumpInfo());

// Extract the C2PA manifest store in binary JUMBF format
const jumbf = asset.getManifestJUMBF();

if (jumbf) {
    let validationResult: ValidationResult;

    try {
        // Deserialize the JUMBF box structure
        const superBox = SuperBox.fromBuffer(jumbf);
        console.log('JUMBF structure:');
        console.log(superBox.toString());

        // Read the manifest store from the JUMBF container
        const manifests = ManifestStore.read(superBox);

        // Validate the active manifest
        validationResult = await manifests.validate(asset);
    } catch (e) {
        // Gracefully handle any exceptions to make sure we get a well-formed validation result
        validationResult = ValidationResult.fromError(e as Error);
    }

    console.log('Validation result', validationResult);
}

This still needs proper example code (issue #58). For now, you can check jpeg-signing.test.ts.

Usage in constrained environments

Usage with JavaScript engines that lack WebCrypto and other browser APIs (such as JavaScriptCore on iOS) is entirely possible but will require some additional code. In particular, a custom CryptoProvider will need to be created and some polyfills might be required.

For more information or a reference iOS implementation, contact us.

Contributing

Contributions are welcome!

When you're done with your changes, we use changesets to manage release notes. Run npm run changeset to autogenerate notes to be appended to your pull request.

License

Distributed under the Apache 2.0 License. See LICENSE.md for more information.

Contact

Created and curated by TrustNXT GmbH, a proud member of CAI and C2PA.

This project is not affiliated with or endorsed by CAI, C2PA, CAWG, or any other organization except TrustNXT.

Acknowledgments

The following resources were helpful during creation of this library:

Thank you for providing them and keeping open source alive!