Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Feb 29, 2024 via pnpm

http-signature 1.2.0

Reference implementation of Joyent's HTTP Signature scheme.
Package summary
Share
0
issues
4
licenses
13
MIT
1
BSD-3-Clause
1
(AFL-2.1 OR BSD-3-Clause)
1
Unlicense
Package created
14 Jul 2011
Version published
25 Aug 2017
Maintainers
8
Total deps
16
Direct deps
3
License
MIT

Issues

0
This package has no issues

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
13 Packages, Including:
asn1@0.2.6
assert-plus@1.0.0
core-util-is@1.0.2
dashdash@1.14.1
ecc-jsbn@0.1.2
extsprintf@1.3.0
getpass@0.1.7
http-signature@1.2.0
jsbn@0.1.1
jsprim@1.4.2
safer-buffer@2.1.2
sshpk@1.18.0
verror@1.10.0

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
bcrypt-pbkdf@1.0.2

(AFL-2.1 OR BSD-3-Clause)

Permissive
1 Packages, Including:
json-schema@0.4.0

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
1 Packages, Including:
tweetnacl@0.14.5
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

3
All Dependencies CSV
β“˜ This is a list of http-signature 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
assert-plus1.0.03.85 kBMIT
prod
jsprim1.4.210.63 kBMIT
prod
sshpk1.18.054.13 kBMIT
prod

Visualizations

Frequently Asked Questions

What does http-signature do?

HTTP Signature is an npm package offering a node.js library with client and server components for Joyent's HTTP Signature Scheme. This package allows you to authorize and validate incoming HTTP requests based on a signature contained in the HTTP header helping you increase the security of your applications.

How do you use http-signature?

To use the HTTP Signature package, you start by installing it on your node.js project using the npm install command as follows: npm install http-signature.

For client-side usage, you first require the necessary modules and read your private key. Then, you specify your request options, sign the request with your key, and send it.

var fs = require('fs');
var https = require('https');
var httpSignature = require('http-signature');

var key = fs.readFileSync('./key.pem', 'ascii');

var options = {
  host: 'localhost',
  port: 8443,
  path: '/',
  method: 'GET',
  headers: {}
};

//Adds a 'Date' header in, signs it, and adds the Authorization' header in.
var req = https.request(options, function(res) {
  console.log(res.statusCode);
});

httpSignature.sign(req, {
  key: key,
  keyId: './cert.pem',
  keyPassphrase: 'secret' // optional
});

req.end();

For server-side usage, you parse the incoming request and verify its signature. If the signature is verified, then you proceed with handling the request, if not; you respond with an Unauthorized status (401).

var fs = require('fs');
var https = require('https');
var httpSignature = require('http-signature');

var options = {
  key: fs.readFileSync('./key.pem'),
  cert: fs.readFileSync('./cert.pem')
};

https.createServer(options, function (req, res) {
  var rc = 200;
  var parsed = httpSignature.parseRequest(req);
  var pub = fs.readFileSync(parsed.keyId, 'ascii');

  if (!httpSignature.verifySignature(parsed, pub))
    rc = 401;

  res.writeHead(rc);
  res.end();
}).listen(8443);

Where are the http-signature docs?

The official documentation for the HTTP Signature package isn't explicitly mentioned in the readme content, but as it's an open-source project, information regarding the usage and details about the package could be found on their GitHub repository at git://github.com/joyent/node-http-signature.git. Additionally, the code examples provided in the repository are a good resource for understanding how to utilize this package.