{"id":13555823,"url":"https://github.com/digitalbazaar/jsonld-signatures","last_synced_at":"2025-05-15T17:01:35.244Z","repository":{"id":23812353,"uuid":"27188796","full_name":"digitalbazaar/jsonld-signatures","owner":"digitalbazaar","description":"An implementation of the Linked Data Signatures specification for JSON-LD. Works in the browser and Node.js.","archived":false,"fork":false,"pushed_at":"2024-12-17T16:49:06.000Z","size":695,"stargazers_count":138,"open_issues_count":36,"forks_count":41,"subscribers_count":23,"default_branch":"main","last_synced_at":"2025-03-31T20:11:13.756Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/digitalbazaar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-11-26T17:45:39.000Z","updated_at":"2025-02-19T18:48:35.000Z","dependencies_parsed_at":"2024-06-18T12:41:28.189Z","dependency_job_id":"d52ed05b-37c2-4330-8e21-ab9687b808cc","html_url":"https://github.com/digitalbazaar/jsonld-signatures","commit_stats":{"total_commits":681,"total_committers":16,"mean_commits":42.5625,"dds":0.6857562408223201,"last_synced_commit":"8b7beb07c278f06a2232f5f822b5bd6b33dd7232"},"previous_names":[],"tags_count":91,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalbazaar%2Fjsonld-signatures","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalbazaar%2Fjsonld-signatures/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalbazaar%2Fjsonld-signatures/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalbazaar%2Fjsonld-signatures/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/digitalbazaar","download_url":"https://codeload.github.com/digitalbazaar/jsonld-signatures/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247730069,"owners_count":20986404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:03:26.346Z","updated_at":"2025-04-07T21:15:30.726Z","avatar_url":"https://github.com/digitalbazaar.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","others"],"sub_categories":[],"readme":"# JSON-LD Signatures _(jsonld-signatures)_\n\n[![Build status](https://img.shields.io/github/workflow/status/digitalbazaar/jsonld-signatures/Node.js%20CI)](https://github.com/digitalbazaar/jsonld-signatures/actions?query=workflow%3A%22Node.js+CI%22)\n[![Coverage status](https://img.shields.io/codecov/c/github/digitalbazaar/jsonld-signatures)](https://codecov.io/gh/digitalbazaar/jsonld-signatures)\n[![Dependency Status](https://img.shields.io/david/digitalbazaar/jsonld-signatures.svg)](https://david-dm.org/digitalbazaar/jsonld-signatures)\n[![NPM Version](https://img.shields.io/npm/v/jsonld-signatures.svg)](https://npm.im/jsonld-signatures)\n\n\u003e An implementation of the Linked Data Signatures specification for JSON-LD, for Node.js and browsers.\n\n## Table of Contents\n\n- [Background](#background)\n- [Security](#security)\n- [Install](#install)\n- [Usage](#usage)\n- [Contribute](#contribute)\n- [Commercial Support](#commercial-support)\n- [License](#license)\n\n## Version Compatibility\n\n`jsonld-signatures` **v9.0** is compatible with the following signature suites:\n\n* [`ed25519-signature-2020`](https://github.com/digitalbazaar/ed25519-signature-2020)\n  `\u003e= 2.1.0`.\n\nand the following related libraries:\n\n* `crypto-ld` `\u003e= 5.0.0` (and related key crypto suites such as \n  [`ed25519-verification-key-2020`](https://github.com/digitalbazaar/ed25519-verification-key-2020)\n  `\u003e= 2.1.0`).\n* `vc-js` `\u003e= 7.0` (currently, [branch `v7.x`](https://github.com/digitalbazaar/vc-js/pull/83))\n\n## Background\n\nA Linked Data Signature proof is created (or verified) by specifying a\nsignature suite and a proof purpose.\n\nThe signature suite performs the cryptographic operation required to sign (or\nverify) a digital signature and includes information in a proof such as the\n`verificationMethod` identifier, the proof's `controller`, and the date the\nproof was created.\n\nThe proof purpose indicates why the proof was created and what its intended use\nis. This information can also be used to make sure that the\n`verificationMethod` was authorized for the stated purpose in the proof. Using\na proof purpose helps to encourage people to authorize certain cryptographic\nkeys (verification methods) for explicit purposes rather than granting them\nambient authority. This approach can help prevent people from accidentally\nsigning documents for reasons they did not intend.\n\nThis library provides base classes for signature suites and proof purposes\nso that custom extensions can be written. It also provides some commonly\nused proof purposes.\n\n### Relationship to Verifiable Credentials\n\n`jsonld-signatures` is a low-level library that is meant to sign _any_ JSON-LD\ndocument.\n\nOne common use case for creating these signatures is for use with \n[Verifiable Credentials](https://w3c.github.io/vc-data-model) (VCs). If you're \nworking with those, you should use a higher-level library that's specifically\nmade for that purpose, such as [`vc-js`](https://github.com/digitalbazaar/vc-js).\n(Incidentally, `vc-js` uses this library, `jsonld-signatures`, under the hood.)\n\n## Security\n\nAs with most security- and cryptography-related tools, the overall security of \nyour system will largely depend on your design decisions (which key types you \nwill use, where you'll store the private keys, what you put into your \ncredentials, and so on).\n\n### Document Loader\n\nDuring verification, the key and key controller information must be discovered.\nThis library allows for the key and key controller information to be looked up\nvia a `documentLoader` or it can be provided directly to the API via the\nsignature suite or proof purpose, respectively.\n\nThis library's default `documentLoader` is very strict for security and content\nintegrity purposes. It will only load locally available copies of the context\ndocuments that define the terms it uses internally. Any attempt to load any\nother documents (including other contexts) will throw an error. If other\ndocuments such as verification methods (e.g., public key documents), cannot\nbe provided directly to the API and thus need to be loaded, a custom document\nloader must be passed. For the sake of clarity, the default document loader\nwill only load locally available copies of the following documents:\n\n- https://w3id.org/security/v1\n- https://w3id.org/security/v2\n\nIf you require other documents to be loaded then you will need to provide a\n`documentLoader` that can provide them. jsonld.js provides both a node and browser\n`documentLoader` you can use, however, depending on your use case, you may\nincrease security by using a custom `documentLoader` that is similarly strict\nand will only load a subset of documents that is constrained by some technical,\nsecurity, or business rules.\n\n## Install\n\n- Browsers and Node.js 14+ are supported.\n\nTo install from NPM:\n\n```\nnpm install jsonld-signatures\n```\n\nTo install locally (for development):\n\n```\ngit clone https://github.com/digitalbazaar/jsonld-signatures.git\ncd jsonld-signatures\nnpm install\n```\n\n## Usage\n\n`jsonld-signatures` (version `8.x` and above) is not meant for standalone use.\nInstead, it's generally used through an individual _crypto suite_.\nFor detailed usage instructions, see the READMEs of the supported suites:\n\n* [`Ed25519Signature2020`](https://github.com/digitalbazaar/ed25519-signature-2020) \n* [`Ed25519Signature2018`](https://github.com/digitalbazaar/ed25519-signature-2018)\n\nMost of the usages with individual suites and key types will have elements in\ncommon. You'll need to:\n\n* Generate or import cryptographic keys to sign with (see\n  the [`@digitalbazaar/crypto-ld \u003e=v5.0`](https://github.com/digitalbazaar/crypto-ld))\n  library), or use a secure `signer()` function provided by your secure\n  cryptographic module.\n* _Authorize_ those keys for the specific purpose you're using\n  them for (see section on Proof Purpose below), using a Controller Document\n  (such as a DID Document or similar).\n* Pair those keys with a corresponding cryptographic Signature Suite.\n  For greenfield development, we recommend the [`Ed25519Signature2020`](https://github.com/digitalbazaar/ed25519-signature-2020)\n  suite, and for legacy/compatibility work, you can use \n  [`Ed25519Signature2018`](https://github.com/digitalbazaar/ed25519-signature-2018) suite.\n  See also the [Choosing a Key Type](https://github.com/digitalbazaar/crypto-ld#choosing-a-key-type)\n  section of `crypto-ld` documentation.\n* Set up your `documentLoader` to fetch contexts and documents securely.\n* Lastly, perform the `jsigs.sign()` or `jsigs.verify()` operations.\n\n### Node.js Native Canonize Bindings\n\nSpecialized use cases may wish to use the native canonize bindings. This mode\ncan be enabled by setting the `useNativeCanonize` option to `true`. See the\n[jsonld.js notes](https://github.com/digitalbazaar/jsonld.js#nodejs-native-canonize-bindings)\non this feature and note you should benchmark performance before using it.\n\n## Contribute\n\nSee [the contribute file](https://github.com/digitalbazaar/bedrock/blob/master/CONTRIBUTING.md)!\n\nPRs accepted.\n\nIf editing the Readme, please conform to the\n[standard-readme](https://github.com/RichardLitt/standard-readme) specification.\n\n## Commercial Support\n\nCommercial support for this library is available upon request from\nDigital Bazaar: support@digitalbazaar.com\n\n## License\n\n[New BSD License (3-clause)](LICENSE) © Digital Bazaar\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigitalbazaar%2Fjsonld-signatures","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdigitalbazaar%2Fjsonld-signatures","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigitalbazaar%2Fjsonld-signatures/lists"}