{"id":15012909,"url":"https://github.com/or13/resource-integrity","last_synced_at":"2026-02-09T09:04:32.886Z","repository":{"id":246879826,"uuid":"824183979","full_name":"OR13/resource-integrity","owner":"OR13","description":"Resource Integrity","archived":false,"fork":false,"pushed_at":"2024-09-23T17:10:10.000Z","size":1128,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-14T03:22:09.406Z","etag":null,"topics":["json-schema","jsonld","verifiable-credentials","w3c"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OR13.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-04T14:30:43.000Z","updated_at":"2024-07-12T18:55:41.000Z","dependencies_parsed_at":"2024-09-20T08:00:29.794Z","dependency_job_id":null,"html_url":"https://github.com/OR13/resource-integrity","commit_stats":{"total_commits":33,"total_committers":3,"mean_commits":11.0,"dds":0.09090909090909094,"last_synced_commit":"3d754e0cb14953cdd9607fa7bfa3c9ce5f485fc3"},"previous_names":["or13/resource-integrity"],"tags_count":0,"template":false,"template_full_name":"actions/typescript-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fresource-integrity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fresource-integrity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fresource-integrity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fresource-integrity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OR13","download_url":"https://codeload.github.com/OR13/resource-integrity/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219849223,"owners_count":16556325,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["json-schema","jsonld","verifiable-credentials","w3c"],"created_at":"2024-09-24T19:43:24.282Z","updated_at":"2026-02-09T09:04:32.835Z","avatar_url":"https://github.com/OR13.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Resource Integrity\n\n[![GitHub Super-Linter](https://github.com/actions/typescript-action/actions/workflows/linter.yml/badge.svg)](https://github.com/super-linter/super-linter)\n![CI](https://github.com/actions/typescript-action/actions/workflows/ci.yml/badge.svg)\n[![Check dist/](https://github.com/actions/typescript-action/actions/workflows/check-dist.yml/badge.svg)](https://github.com/actions/typescript-action/actions/workflows/check-dist.yml)\n[![CodeQL](https://github.com/actions/typescript-action/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/actions/typescript-action/actions/workflows/codeql-analysis.yml)\n[![Coverage](./badges/coverage.svg)](./badges/coverage.svg)\n\nThis action prevents applications from accidentally bundling stale resources.\n\nIt can be used to provide continious assurance of W3C Verifiable Credential type\ninteroperability.\n\n## Usage\n\nObtaining a hash for a resource:\n\n```bash\ncurl -fLs https://www.w3.org/ns/credentials/v2 \u003e ./__tests__/data/vcdm.v2.jsonld\nsha256sum ./__tests__/data/vcdm.v2.jsonld\n\ncurl -fLs https://json-schema.org/draft/2020-12/schema \u003e \\\n./__tests__/data/2020-12.schema.json\nsha256sum ./__tests__/data/2020-12.schema.json\n```\n\nCreating a resources file:\n\n```yaml\nresources:\n  - id: https://www.w3.org/ns/credentials/v2\n    media-type: application/ld+json\n    hash-algorithm: sha-256\n    hash-digest: 31d22e074ea436daaaabd6954a8e73c634915e980d54656f044c7fb26fb490f6\n    cached-resource: ./__tests__/data/vcdm.v2.jsonld\n  - id: https://json-schema.org/draft/2020-12/schema\n    media-type: application/schema+json\n    hash-algorithm: sha-256\n    hash-digest: 41da76f5afb7ce062d248f762463a92f7ca47e4e0f905b224ba6afeef91ded0f\n    cached-resource: ./__tests__/data/2020-12.schema.json\n```\n\nPrevent applications from building when resources have changed:\n\n```yaml\n- name: Ensure Resource Integrity\n  id: resource-integrity\n  uses: or13/resource-integrity@main\n  with:\n    resources: ./__tests__/data/resources.yaml\n```\n\nWhen resources have changed the action will fail, and the following eror will be\nreported:\n\n```json\n{\n  \"message\": \"Resources have changes\",\n  \"changes\": [\n    {\n      \"id\": \"https://www.w3.org/ns/credentials/v2\",\n      \"media-type\": \"application/ld+json\",\n      \"digest-algorithm\": \"sha-256\",\n      \"expected-resource-digest\": \"11d22e074ea436daaaabd6954a8e73c634915e980d54656f044c7fb26fb490f6\",\n      \"remote-resource-digest\": \"374e31a83aff78a98ef4e692bb91df652cf6f07b73c387b9db8c991bfa7542fa\"\n    },\n    {\n      \"id\": \"https://www.w3.org/ns/credentials/v2\",\n      \"media-type\": \"application/ld+json\",\n      \"digest-algorithm\": \"sha-256\",\n      \"expected-resource-digest\": \"11d22e074ea436daaaabd6954a8e73c634915e980d54656f044c7fb26fb490f6\",\n      \"cached-resource-digest\": \"374e31a83aff78a98ef4e692bb91df652cf6f07b73c387b9db8c991bfa7542fa\"\n    }\n  ]\n}\n```\n\n- `expected-resource-digest` will match what the action is expecting from\n  `hash-digest` in the `resources.yaml`.\n- `remote-resource-digest` indicates that the remote resource has an unexpected\n  change.\n- `cached-resource-digest` indicates that the cached resource has an unexpected\n  change.\n\n### W3C Verifiable Credentials\n\nPlease read [RFC9413](https://datatracker.ietf.org/doc/rfc9413/).\n\nA credential which is all of these types \"VerifiableCredential\",\n\"ExampleDegreeCredential\", \"ExamplePersonCredential\":\n\n```json\n{\n  \"@context\": [\n    \"https://www.w3.org/ns/credentials/v2\",\n    \"https://www.w3.org/ns/credentials/examples/v2\"\n  ],\n  \"id\": \"http://university.example/credentials/3732\",\n  \"type\": [\n    \"VerifiableCredential\",\n    \"ExampleDegreeCredential\",\n    \"ExamplePersonCredential\"\n  ],\n  \"issuer\": \"https://university.example/issuers/14\",\n  \"validFrom\": \"2010-01-01T19:23:24Z\",\n  \"credentialSubject\": {\n    \"id\": \"did:example:ebfeb1f712ebc6f1c276e12ec21\",\n    \"degree\": {\n      \"type\": \"ExampleBachelorDegree\",\n      \"name\": \"Bachelor of Science and Arts\"\n    },\n    \"alumniOf\": {\n      \"name\": \"Example University\"\n    }\n  },\n  \"credentialSchema\": [\n    {\n      \"id\": \"https://example.org/examples/degree.json\",\n      \"type\": \"JsonSchema\"\n    },\n    {\n      \"id\": \"https://example.org/examples/alumni.json\",\n      \"type\": \"JsonSchema\"\n    }\n  ]\n}\n```\n\nExample of protecting all resources necessary for credential type\ninteroperability:\n\n```yaml\nresources:\n  - id: https://www.w3.org/ns/credentials/v2\n    media-type: application/ld+json\n    cached-resource: ...\n  - id: https://www.w3.org/ns/credentials/examples/v2\n    media-type: application/ld+json\n    cached-resource: ...\n  - id: https://example.org/examples/degree.json\n    media-type: application/schema+json\n    cached-resource: ...\n  - id: https://example.org/examples/alumni.json\n    media-type: application/schema+json\n    cached-resource: ...\n```\n\nApplication code is then configured to resolve these resources from a local\nbundled cache.\n\nIf any of the resources change, the application developer is notified that the\ncredential type is no longer interoperable the next time the application is\nbuilt.\n\nThe developer can then decide how they want to address this problem, for example\nthey could:\n\n1. Ignore the remote changes, and break compatiblity with implementations that\n   take the remote changes.\n1. Take the remote changes, and break compatiblity with other implementations\n   that do not take the remote changes.\n1. Contact the host of the resources that have changed, and ask for them to\n   revert the changes.\n1. Treat schema validation or context changes as warnings instead of errors.\n1. Treat the credential as invalid and add these resources to a deny-list.\n\nAlthough this action does not recommend any specific resolution to a detected\nproblem in credential type integrity, issuer's that produce credentials with\nintegrity problems, should probably not be trusted by verifiers.\n\nThis advice applies to credential type integrity problems detected in protocols\nother than HTTPS, despite this action only supporting detecting of integrity\nproblems in HTTPS resources.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fresource-integrity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2For13%2Fresource-integrity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fresource-integrity/lists"}