npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

nsri

v8.0.0

Published

Node.js utility tool for creating and checking subresource integrity

Downloads

515

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jimicjimic

Keywords

nodenodejscliintegritycheckercheckvalidationfilefilesfolderfordersdirectorydirectoriesstructurehashchecksumchecksumsnsri

Readme

nsri (NodeJS Subresource Integrity)

General Info

License Semantic Version npm type definitions

Release Info

GitHub release (latest by date) node-current Libraries.io dependency status for latest release

Development Info

GitHub package.json version node-dev

Build Status

Maintainability Test Coverage

Known Vulnerabilities

A Node.js utility tool that creates an integrity object containing the hash checksums of a file or a directory structure, that can be saved to an .integrity.json file [], or put inside the project's manifest file (project.json).

The hashes are computed using, by default, the sha1 algorithm for files and sha512 algorithm for directories, with base64 encoding, complying to Subresource Integrity spec, but other Node.js crypto supported algorithms and encodings can be used.

Instalation

To install as a dependency, simply type:

npm i nsri --save

To install for global use, simply type:

npm i nsri -g

Behavior

NOTE:

  • The .integrity.json file itself is being excluded in all computations.
  • The node_modules, .git*, .svn*, .hg* directories are excluded by default.

Files

Hashes are the same when:

  • File names and contents are the same

Hashes are different when:

  • File names are different and contents are the same
  • File contents are different and names are the same

Directories

Contents: The file names (and their data contents) and subdirectories names (with their contents) of the directory

Hashes are the same when:

  • Directory names and contents are the same (strict: true)
  • Only root directory names are different and subdirectory names and all contents are the same (strict: false)

Hashes are different when:

  • Directory names are different and contents are the same (strict: true)
  • Directory contents are different and names are the same

Usage

CLI

nsri has a built-in command-line inteface.

nsri <command> [options]

To see the available commands type:

nsri -h

and for available command options type:

nsri <command> -h

More info an be found at the CLI section.

API

nsri can also be used programatically (TypeScript types are included).

More info can be found at the API section.

Configuration

Config File

nsri supports cosmiconfig configuration.

Valid config filenames are: .nsrirc, .nsrirc.js, .nsrirc.json, .nsrirc.yaml, .nsrirc.yml, .nsrirc.config.js. In package.json the property name MUST be nsri.

NOTE: Configurations set via CLI are overriding configurations set via cosmiconfig. To avoid confusion use one or the other.

Ignore File

Exclusions also can be set via an ignore file (.nsriignore), which supports the gitignore pattern format.

NOTE: ExclusionsExclutionsExclutions set via CLI or cosmiconfig are getting merged with those in the ignore file and from those only unique entries are assigned.

Integrity object schema

{
  "version": ... schema version,
  "hashes": ... verbosely or non-verbosely computed hashes
}

More info on the used schema can be found here.

Verbosely hashes schema

{
  "directoryName": {
    "contents": {
      "aFileName":  ... file computed hash string,
      "anotherFileName":  ... file computed hash string
    },
    "hash": ... directory computed hash string
  }
}

Examples of a verbosely computed hash integrity file can be found here.

Non-verbosely hashes schema

{
  "fileOrDirectoryName": ... file or directory computed hash string
}

Examples

Examples on how to use nsri, via CLI or API, can be found at the examples section.

If you believe that the examples are incomplete or incorrect, please submit an issue or better yet a PR.

Contributing

If you like to contribute make sure to check-out the Contribution Guidelines section.

License

This project is licensed under the MIT license.

Versioning

This project follows Semantic Versioning 2.0.0.