verify-github-webhook
v1.0.1
Published
Safely verify that a received webhook originated from GitHub.
Downloads
747
Maintainers
Readme
verify-github-webhook
Safely verify that a received webhook originated from GitHub.
Uses crypto.timingSafeEqual(), so Node.js v6.6.0 (or newer) is required.
Installation
Install the package with NPM:
$ npm install verify-github-webhook
Usage
Example:
import verifyGithubWebhook from "verify-github-webhook";
let signature = "sha1=9060bd6ce771054d94628879bb47095ec2572c86";
let payload = JSON.stringify({ hello: "world" });
let secret = "secret";
verifyGithubWebhook(signature, payload, secret); // Returns true if verification succeeds; otherwise, false.
Related
You may also be interested in verify-trello-webhook, a similar package for Trello webhook verification.