@kiwicom/signed-source

1.0.5 • Public • Published

This packages originated from https://github.com/facebook/fbjs (cleaned up and tweaked for our use-case). It verifies automatically generated files and effectively prevents from manual pollution. Usage (simplified GraphQL schema snapshoting example):

import SignedSource from '@kiwicom/signed-source';

// we can now save this signed file
const newSnapshot = SignedSource.signFile(`# ${SignedSource.getSigningToken()}\n\n${schema}`);

// or verify its content
const oldSnapshot = fs.readFileSync(' ... ');
if (!SignedSource.verifySignature(oldSnapshot)) {
  throw new Error('Manual changes detected!');
}

It is also possible to re-sign file which is already signed (means update the signature when it already exists).

Readme

Keywords

none

Package Sidebar

Install

npm i @kiwicom/signed-source

Weekly Downloads

2

Version

1.0.5

License

MIT

Unpacked Size

10.1 kB

Total Files

8

Last publish

Collaborators

  • mvidalgarcia
  • dsil
  • jakubzaba
  • robincsl_kiwi
  • kiwicom.platform
  • dinodsaurus