Skip to content

/ ssri

Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: npm/ssri
base: v6.0.1
head repository: npm/ssri
compare: v6.0.2
  • 2 commits
  • 5 files changed
  • 0 comments
  • 1 contributor
Commits on Apr 07, 2021
@nlf
fix: backport regex change from 8.0.1
Verified
This commit was signed with the committer’s verified signature.
nlf nlf
GPG key ID: 2E00CD5164FF0C07 Learn about signing commits
b30dfdb 
PR-URL: #19
Credit: @nlf
Close: #19
Reviewed-by: @wraithgar
@nlf
chore(release): 6.0.2
Verified
This commit was signed with the committer’s verified signature.
nlf nlf
GPG key ID: 2E00CD5164FF0C07 Learn about signing commits
Loading status checks…
b7c8c7c
Unified Split
Showing with 41 additions and 3 deletions.
  1. +10 −0 CHANGELOG.md
  2. +1 −1 index.js
  3. +1 −1 package-lock.json
  4. +1 −1 package.json
  5. +28 −0 test/parse.js
10 CHANGELOG.md
View file
@@ -2,6 +2,16 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

<a name="6.0.2"></a>
## [6.0.2](https://github.com/zkat/ssri/compare/v6.0.1...v6.0.2) (2021-04-07)


### Bug Fixes

* backport regex change from 8.0.1 ([b30dfdb](https://github.com/zkat/ssri/commit/b30dfdb)), closes [#19](https://github.com/zkat/ssri/issues/19)



<a name="6.0.1"></a>
## [6.0.1](https://github.com/zkat/ssri/compare/v6.0.0...v6.0.1) (2018-08-27)

2 index.js
View file
@@ -8,7 +8,7 @@ const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512']

const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i
const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/
const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/
const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/
const VCHAR_REGEX = /^[\x21-\x7E]+$/

const SsriOpts = figgyPudding({
2 package-lock.json
View file

Some generated files are not rendered by default. Learn more.

2 package.json
View file
@@ -1,6 +1,6 @@
{
"name": "ssri",
"version": "6.0.1",
"version": "6.0.2",
"description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.",
"main": "index.js",
"files": [
28 test/parse.js
View file
@@ -26,6 +26,34 @@ test('parses single-entry integrity string', t => {
t.done()
})

test('parses options from integrity string', t => {
const sha = hash(TEST_DATA, 'sha512')
const integrity = `sha512-${sha}?one?two?three`
t.deepEqual(ssri.parse(integrity), {
sha512: [{
source: integrity,
digest: sha,
algorithm: 'sha512',
options: ['one', 'two', 'three']
}]
}, 'single entry parsed into full Integrity instance')
t.done()
})

test('parses options from integrity string in strict mode', t => {
const sha = hash(TEST_DATA, 'sha512')
const integrity = `sha512-${sha}?one?two?three`
t.deepEqual(ssri.parse(integrity, { strict: true }), {
sha512: [{
source: integrity,
digest: sha,
algorithm: 'sha512',
options: ['one', 'two', 'three']
}]
}, 'single entry parsed into full Integrity instance')
t.done()
})

test('can parse single-entry string directly into Hash', t => {
const sha = hash(TEST_DATA, 'sha512')
const integrity = `sha512-${sha}`

No commit comments for this range