https://github.com/theupdateframework/tuf-js

JavaScript implementation of The Update Framework (TUF)
https://github.com/theupdateframework/tuf-js

package-security

Last synced: 25 days ago
JSON representation

JavaScript implementation of The Update Framework (TUF)

• Host: GitHub
• URL: https://github.com/theupdateframework/tuf-js
• Owner: theupdateframework
• License: mit
• Created: 2022-08-26T23:29:22.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-04-07T14:48:32.000Z (about 1 month ago)
• Last Synced: 2025-04-12T23:39:19.423Z (25 days ago)
• Topics: package-security
• Language: TypeScript
• Homepage:
• Size: 4.18 MB
• Stars: 79
• Watchers: 4
• Forks: 7
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md
  • Support: SUPPORT.md

Awesome Lists containing this project

README

        
#  A Framework for Securing Software Update Systems

[![npm version](https://img.shields.io/npm/v/tuf-js.svg?style=flat)](https://www.npmjs.com/package/tuf-js) [![CI Status](https://github.com/theupdateframework/tuf-js/workflows/CI/badge.svg)](https://github.com/theupdateframework/tuf-js/actions/workflows/ci.yml) [![Smoke test](https://github.com/theupdateframework/tuf-js/actions/workflows/smoke-test.yml/badge.svg)](https://github.com/theupdateframework/tuf-js/actions/workflows/smoke-test.yml) [![Conformance](https://github.com/theupdateframework/tuf-js/actions/workflows/conformance.yml/badge.svg)](https://github.com/theupdateframework/tuf-js/actions/workflows/conformance.yml)

---

[The Update Framework (TUF)](https://theupdateframework.io/) is a framework for

secure content delivery and updates. It protects against various types of

supply chain attacks and provides resilience to compromise. This repository is written in Typescript. It is intended to conform to

version 1.0 of the [TUF

specification](https://theupdateframework.github.io/specification/latest/).

## About The Update Framework

The Update Framework (TUF) design helps developers maintain the security of a

software update system, even against attackers that compromise the repository

or signing keys.

TUF provides a flexible

[specification](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md)

defining functionality that developers can use in any software update system or

re-implement to fit their needs.

TUF is hosted by the [Linux Foundation](https://www.linuxfoundation.org/) as

part of the [Cloud Native Computing Foundation](https://www.cncf.io/) (CNCF)

and its design is [used in production](https://theupdateframework.io/adoptions/)

by various tech companies and open source organizations. A variant of TUF

called [Uptane](https://uptane.github.io/) is used to secure over-the-air

updates in automobiles.

Please see [TUF's website](https://theupdateframework.com/) for more information about TUF!

## Documentation

- [Introduction to TUF's Design](https://theupdateframework.io/overview/)

- [The TUF Specification](https://theupdateframework.github.io/specification/latest/)

- [Developer documentation](https://theupdateframework.readthedocs.io/), including

  [API reference](https://theupdateframework.readthedocs.io/en/latest/api/api-reference.html)

- [Usage examples](./examples/client)

## Requirements

* node: >= 18.17.0

## License

This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE.md) for the full terms.

## Code of Conduct

Please note that this project is released with a [Contributor Code of Conduct](./CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

## Maintainers

`tuf-js` is maintained by [@ejahnGithub](https://github.com/ejahnGithub) and [@bdehamer](https://github.com/bdehamer) on the Package Security team at GitHub.