NPM.Integrity (NPM v0.6.0)

Copy Markdown View Source

Verify package integrity using Subresource Integrity (SRI) hashes.

npm packages include integrity strings in the format: algorithm-base64hash (e.g. sha512-abc123...).

Summary

Functions

algorithm(integrity)

Get the algorithm used in an SRI string.

compute_sha256(data)

Compute the SHA-256 SRI integrity string for binary data.

compute_sha512(data)

Compute the SHA-512 SRI integrity string for binary data.

parse(integrity)

Parse an SRI string into {algorithm, hash} tuple.

verify(data, integrity)

Verify data against an SRI integrity string.

Functions

algorithm(integrity)

@spec algorithm(String.t()) :: String.t() | nil

Get the algorithm used in an SRI string.

compute_sha256(data)

@spec compute_sha256(binary()) :: String.t()

Compute the SHA-256 SRI integrity string for binary data.

compute_sha512(data)

@spec compute_sha512(binary()) :: String.t()

Compute the SHA-512 SRI integrity string for binary data.

parse(integrity)

@spec parse(String.t()) :: {:ok, {String.t(), String.t()}} | :error

Parse an SRI string into {algorithm, hash} tuple.

verify(data, integrity)

@spec verify(binary(), String.t()) :: :ok | {:error, :integrity_mismatch}

Verify data against an SRI integrity string.

Returns :ok if the hash matches, {:error, :integrity_mismatch} otherwise. Returns :ok for empty integrity strings (no verification).