{"id":16322035,"url":"https://github.com/screendriver/verify-github-webhook-secret","last_synced_at":"2025-08-27T02:10:42.495Z","repository":{"id":33229851,"uuid":"155582107","full_name":"screendriver/verify-github-webhook-secret","owner":"screendriver","description":"🔐 Verifies the secret that is sent in GitHub Webhooks","archived":false,"fork":false,"pushed_at":"2025-03-10T22:45:01.000Z","size":4823,"stargazers_count":3,"open_issues_count":5,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-15T00:51:54.601Z","etag":null,"topics":["github-webhooks","secret"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/verify-github-webhook-secret","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/screendriver.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-31T15:39:09.000Z","updated_at":"2025-03-10T22:45:04.000Z","dependencies_parsed_at":"2024-11-11T06:17:56.844Z","dependency_job_id":"2c5c8141-dd69-4dbf-9842-d3f6ca6625be","html_url":"https://github.com/screendriver/verify-github-webhook-secret","commit_stats":{"total_commits":977,"total_committers":4,"mean_commits":244.25,"dds":0.4176049129989765,"last_synced_commit":"450699864aad2e077b73e2b4fc8b9579bdf0d720"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screendriver%2Fverify-github-webhook-secret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screendriver%2Fverify-github-webhook-secret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screendriver%2Fverify-github-webhook-secret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screendriver%2Fverify-github-webhook-secret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/screendriver","download_url":"https://codeload.github.com/screendriver/verify-github-webhook-secret/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245023165,"owners_count":20548668,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-webhooks","secret"],"created_at":"2024-10-10T22:49:49.113Z","updated_at":"2025-03-22T21:32:27.822Z","avatar_url":"https://github.com/screendriver.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# verify-github-webhook-secret\n\n[![GitHub Actions status](https://github.com/screendriver/verify-github-webhook-secret/workflows/CI/badge.svg)](https://github.com/screendriver/verify-github-webhook-secret/actions)\n\nVerifies the [secret](https://developer.github.com/v3/repos/hooks/#create-hook-config-params) that is sent in [GitHub Webhooks](https://developer.github.com/webhooks/). The `secret` will be used as the key to generate the HMAC hex digest value in the `X-Hub-Signature` header.\n\n## Installation 🏗\n\n```sh\n$ npm install --save verify-github-webhook-secret\n```\n\nor if you use [Yarn](https://yarnpkg.com) 🐈\n\n```sh\n$ yarn add verify-github-webhook-secret\n```\n\n## Usage 🔨\n\nThe exported function needs a [http.IncomingMessage](https://nodejs.org/api/http.html#http_class_http_incomingmessage) and your personal `secret` string. It returns a Promise that fulfills with a boolean if the received secret is valid or not.\n\nYou can use it for example with [micro](https://github.com/zeit/micro) as follows:\n\n```ts\nimport micro from \"micro\";\nimport { verifySecret } from \"verify-github-webhook-secret\";\n\nconst server = micro(async (req) =\u003e {\n\tconst valid = await verifySecret(req, \"my-secret\");\n\treturn valid ? \"Allowed\" : \"Not allowed\";\n});\n```\n\nAnother way to call the function is directly with the HTTP body and the `x-hub-signature` HTTP header. This is useful in an scenario where you don't have an `IncomingMessage` like in some [serverless](https://en.wikipedia.org/wiki/Serverless_computing) environments.\n\n```ts\nimport { verifySecret } from \"verify-github-webhook-secret\";\n\nasync function myFunc() {\n\tconst valid = await verifySecret('{\"foo\":\"bar\"}', \"my-secret\", \"sha1=30a233839fe2ddd9233c49fd593e8f1aec68f553\");\n\treturn valid ? \"Allowed\" : \"Not allowed\";\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscreendriver%2Fverify-github-webhook-secret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscreendriver%2Fverify-github-webhook-secret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscreendriver%2Fverify-github-webhook-secret/lists"}