{"id":19472018,"url":"https://github.com/xan105/node-win-verify-trust","last_synced_at":"2025-04-25T12:31:15.203Z","repository":{"id":64946573,"uuid":"374212489","full_name":"xan105/node-win-verify-trust","owner":"xan105","description":"Check the signature of a file using the WinVerifyTrust API","archived":false,"fork":false,"pushed_at":"2025-02-28T14:33:23.000Z","size":1642,"stargazers_count":7,"open_issues_count":1,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-19T04:53:58.534Z","etag":null,"topics":["node","sign","signature","trust","windows","winverifytrust"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xan105.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"xan105","custom":"https://www.paypal.me/xan105"}},"created_at":"2021-06-05T21:07:53.000Z","updated_at":"2025-02-28T14:33:27.000Z","dependencies_parsed_at":"2025-02-28T15:39:09.595Z","dependency_job_id":"191057b3-a810-4811-bf90-316de012a82c","html_url":"https://github.com/xan105/node-win-verify-trust","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xan105%2Fnode-win-verify-trust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xan105%2Fnode-win-verify-trust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xan105%2Fnode-win-verify-trust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xan105%2Fnode-win-verify-trust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xan105","download_url":"https://codeload.github.com/xan105/node-win-verify-trust/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250817588,"owners_count":21492178,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["node","sign","signature","trust","windows","winverifytrust"],"created_at":"2024-11-10T19:11:50.113Z","updated_at":"2025-04-25T12:31:13.694Z","avatar_url":"https://github.com/xan105.png","language":"C++","funding_links":["https://github.com/sponsors/xan105","https://www.paypal.me/xan105"],"categories":[],"sub_categories":[],"readme":"About\n=====\n\nCheck the signature of a file using the WinVerifyTrust API.\u003cbr /\u003e\nRetrieve some certificate information.\n\n📦 Scoped `@xan105` packages are for my own personal use but feel free to use them.\n\nExample\n=======\n\nDead simple:\n\n```js\nimport { isSigned } from \"@xan105/win-verify-trust\";\n\nconst trusted = await isSigned(\"/path/to/file\");\nconsole.log(trusted) //boolean\n```\n\nVerbose:\n\n```js\nimport { verifyTrust } from \"@xan105/win-verify-trust\";\n\nconst { trusted, message } = await verifyTrust(\"/path/to/file\");\nconsole.log(trusted, message) \n//true\n//\"The file is signed and the signature was verified\"\n```\n\nOnce you know a file is signed and the signature was verified.\u003cbr/\u003e\nYou may want to check some info of the cert:\n\n```js\nimport { getCertificate } from \"@xan105/win-verify-trust\";\n\nconst certificate = await getCertificate(\"steam_api64.dll\");\nconsole.log(certificate) \n/*\n{\n  signer: {\n    issuer: 'DigiCert SHA2 Assured ID Code Signing CA',\n    subject: 'Valve',\n    serialNumber: '054f466ceccbe9d6bee81f5435e64d47',\n    digestAlgo: 'sha1'\n  },\n  timestamp: {\n    issuer: 'Symantec Time Stamping Services CA - G2',\n    subject: 'Symantec Time Stamping Services Signer - G4',\n    serialNumber: '0ecff438c8febf356e04d86a981b1a50',\n    digestAlgo: 'sha1'\n  }\n}\n*/\n```\n\n💡 You can pass an optional arg to `isSigned()` \u003cbr/\u003e\nto also check that the cert was signed for the specified signer subject:\n\n```js\nimport { isSigned } from \"@xan105/win-verify-trust\";\n\nconst trusted = await isSigned(\"steam_api64.dll\", \"valve\");\nconsole.log(trusted) //boolean\n```\n\nInstallation\n============\n\n```\nnpm install @xan105/win-verify-trust\n```\n\nForce compiling:\n```\nnpm install @xan105/win-verify-trust --build-from-source\n```\n\nYou will need C/C++ build tools and Python 3.x (node-gyp) to build this module.\u003cbr /\u003e\n🚀 x86, x64 and arm64 prebuilt binary provided.\n\nAPI\n===\n\n⚠️ This module is only available as an ECMAScript module (ESM).\n\n## Named export\n\n#### `verifyTrust(filePath: string): Promise\u003cobject\u003e`\n\nPerforms a trust verification action on the specified file using the WinVerifyTrust API.\n\n**Return value**\n\nReturns an object as\n\n```ts\n{\n  trusted: boolean,\n  message: string\n}\n```\n\nWhere `trusted` indicates if the file is signed and the signature was verified.\u003cbr/\u003e\nAnd `message` the details of the trust status (verbose).\n\n_eg: \"No signature was present in the subject\"_\n\n**Remarks**\n\n❌ This function will throw if the target file doesn't exist, or file ext isn't allowed, or it timeout.\u003cbr/\u003e\n⚠️ Allowed ext are: \".exe\", \".cab\", \".dll\", \".ocx\", \".msi\", \".msix\", \".xpi\", \".ps1\".\n\n#### `getCertificate(filePath: string): Promise\u003cobject\u003e`\n\nRetrieve some certificate information.\u003cbr/\u003e\nOnce you know a file is signed and the signature was verified after having used `verifyTrust()`  you may want to check some certificate information. \n\n**Return value**\n\nReturns an object as\n\n```ts\n{\n  programName?: string,\n  publisherLink?: string,\n  infoLink?: string,\n  signer: {\n    issuer?: string,\n    subject?: string,\n    serialNumber?: string,\n    digestAlgo?: string\n  },\n  timestamp?: {\n    issuer?: string,\n    subject?: string,\n    serialNumber?: string,\n    digestAlgo?: string\n  }\n}\n```\n\nWhere `signer` contains information from the _signer certificate_ and `timestamp` from the _timestamp certificate_.\n\n`programName` is the program name, `publisherLink` and `infoLink` are publisher information.\n\n**Remarks**\n\n❌ This function will throw on error.\u003cbr/\u003e\n⚠️ Allowed ext are: \".exe\", \".cab\", \".dll\", \".ocx\", \".msi\", \".msix\", \".xpi\", \".ps1\".\n\n💡 Invoking this function on an unsigned target will result in an `ETIMEOUT` error. You should use `verifyTrust()` first.\n\n#### `isSigned(filePath: string, name?: string | null): Promise\u003cboolean\u003e`\n\nCheck if the specified file is signed and trusted.\u003cbr /\u003e\nOptionally also check that the signer certificate was issued for the specified subject name (_case-insensitive_).\n\nThis is a shorthand of `verifyTrust()` and `getCertificate()`.\u003cbr /\u003e\nThis function doesn't throw.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxan105%2Fnode-win-verify-trust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxan105%2Fnode-win-verify-trust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxan105%2Fnode-win-verify-trust/lists"}