https://github.com/sjinks/sri-calc

Module to calculate a SRI hash of a file
https://github.com/sjinks/sri-calc

Last synced: 11 months ago
JSON representation

Module to calculate a SRI hash of a file

• Host: GitHub
• URL: https://github.com/sjinks/sri-calc
• Owner: sjinks
• License: mit
• Created: 2019-03-07T22:49:38.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2024-04-10T19:00:34.000Z (about 2 years ago)
• Last Synced: 2024-04-24T03:16:53.132Z (about 2 years ago)
• Language: JavaScript
• Size: 267 KB
• Stars: 0
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# sri-calc

[![Build and Test](https://github.com/sjinks/sri-calc/actions/workflows/build.yml/badge.svg)](https://github.com/sjinks/sri-calc/actions/workflows/build.yml)

`sri-calc` is a simple module to generate SRI hashes of files, which then can be used to implement [sub-resource integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).

This module was inspired by [odino/node-sri](https://github.com/odino/node-sri), but it operates differently:

  * it does not require a Linux environment;

  * it uses NodeJS Crypto API instead of launching an external process to calculate a digest

## Installation

```bash

npm install --save sri-calc

```

## Usage

Using the module is pretty straightforward, as you can use it

both with callbacks:

``` javascript

const sri = require('sri-calc');

sri.hash('/path/to/my/file.js', (err, hash) => {

  if (err) {

    throw err;

  }

  console.log('The hash is', hash);

});

```

and with promises:

``` javascript

const sri = require('sri-calc');

sri.hash('/path/to/my/file.js')

  .then(hash => console.log('The hash is', hash))

  .catch(err => console.log(err))

;

```

## Options

The first parameter of `sri.hash()` can either be a name of the file to process, or an object with the following configuration options:

  * `hash`: digest to use, the default value is `sha256`. In theory you can use any digest supported by [crypto.createHash](https://nodejs.org/api/crypto.html#crypto_crypto_createhash_algorithm_options),

    but [the specification](https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-algo) [allows](https://w3c.github.io/webappsec-csp/2/#source-list-valid-hashes) only for

    `sha256`, `sha384`, and `sha512`.

  * `prefix`: if `true` (default), the name of the digest algorithm will be prepended to the digest value, i.e., `sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==`.

  * `file`: name of the file to process

``` javascript

sri.hash({file: '/path/to/my/file.js', algo: 'sha512', prefix: false}) // z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==

```

## Tests

Run `npm test`