@digitalbazaar/oid4-client 2.0.0

package/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2022-2023, Digital Bazaar, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package/README.md

@@ -0,0 +1,2 @@
+# oid4-client
+An OID4 client

package/lib/OID4Client.js

@@ -0,0 +1,385 @@
+/*!
+ * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved.
+ */
+import {discoverIssuer, generateDIDProofJWT} from './util.js';
+import {httpClient} from '@digitalbazaar/http-client';
+
+const GRANT_TYPES = new Map([
+  ['preAuthorizedCode', 'urn:ietf:params:oauth:grant-type:pre-authorized_code']
+]);
+const HEADERS = {accept: 'application/json'};
+
+export class OID4Client {
+  constructor({accessToken = null, agent, issuerConfig, offer} = {}) {
+    this.accessToken = accessToken;
+    this.agent = agent;
+    this.issuerConfig = issuerConfig;
+    this.offer = offer;
+  }
+
+  async requestCredential({
+    credentialDefinition, did, didProofSigner, agent
+  } = {}) {
+    const {issuerConfig, offer} = this;
+    let requests;
+    if(credentialDefinition === undefined) {
+      if(!offer) {
+        throw new TypeError('"credentialDefinition" must be an object.');
+      }
+      requests = _createCredentialRequestsFromOffer({issuerConfig, offer});
+      if(requests.length > 1) {
+        throw new Error(
+          'More than one credential is offered; ' +
+          'use "requestCredentials()" instead.');
+      }
+    } else {
+      requests = [{
+        format: 'ldp_vc',
+        credential_definition: credentialDefinition
+      }];
+    }
+    return this.requestCredentials({requests, did, didProofSigner, agent});
+  }
+
+  async requestCredentials({
+    requests, did, didProofSigner, agent, alwaysUseBatchEndpoint = false
+  } = {}) {
+    const {issuerConfig, offer} = this;
+    if(requests === undefined && offer) {
+      requests = _createCredentialRequestsFromOffer({issuerConfig, offer});
+    } else if(!(Array.isArray(requests) && requests.length > 0)) {
+      throw new TypeError('"requests" must be an array of length >= 1.');
+    }
+    requests.forEach(_assertRequest);
+    // set default `format`
+    requests = requests.map(r => ({format: 'ldp_vc', ...r}));
+
+    try {
+      /* First send credential request(s) to DS without DID proof JWT, e.g.:
+
+      POST /credential HTTP/1.1
+      Host: server.example.com
+      Content-Type: application/json
+      Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW
+
+      {
+        "format": "ldp_vc",
+        "credential_definition": {...},
+        // only present on retry after server requests it
+        "proof": {
+          "proof_type": "jwt",
+          "jwt": "eyJraW..."
+        }
+      }
+
+      OR (if multiple `requests` were given)
+
+      POST /batch_credential HTTP/1.1
+      Host: server.example.com
+      Content-Type: application/json
+      Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW
+
+      {
+        "credential_requests": [{
+          "format": "ldp_vc",
+          "credential_definition": {...},
+          // only present on retry after server requests it
+          "proof": {
+            "proof_type": "jwt",
+            "jwt": "eyJraW..."
+          }
+        }, {
+          ...
+        }]
+      }
+      */
+      let url;
+      let json;
+      if(requests.length > 1 || alwaysUseBatchEndpoint) {
+        ({batch_credential_endpoint: url} = this.issuerConfig);
+        json = {credential_requests: requests};
+      } else {
+        ({credential_endpoint: url} = this.issuerConfig);
+        json = {...requests[0]};
+      }
+
+      let result;
+      const headers = {
+        ...HEADERS,
+        authorization: `Bearer ${this.accessToken}`
+      };
+      for(let retries = 0; retries <= 1; ++retries) {
+        try {
+          const response = await httpClient.post(url, {agent, headers, json});
+          result = response.data;
+          if(!result) {
+            const error = new Error('Credential response format is not JSON.');
+            error.name = 'DataError';
+            throw error;
+          }
+          break;
+        } catch(cause) {
+          if(!_isMissingProofError(cause)) {
+            // non-specific error case
+            throw cause;
+          }
+
+          // if `didProofSigner` is not provided, throw error
+          if(!(did && didProofSigner)) {
+            const {data: details} = cause;
+            const error = new Error('DID authentication is required.');
+            error.name = 'NotAllowedError';
+            error.cause = cause;
+            error.details = details;
+            throw error;
+          }
+
+          // validate that `result` has
+          const {data: {c_nonce: nonce}} = cause;
+          if(!(nonce && typeof nonce === 'string')) {
+            const error = new Error('No DID proof challenge specified.');
+            error.name = 'DataError';
+            throw error;
+          }
+
+          // generate a DID proof JWT
+          const {issuer: aud} = this.issuerConfig;
+          const jwt = await generateDIDProofJWT({
+            signer: didProofSigner,
+            nonce,
+            // the entity identified by the DID is issuing this JWT
+            iss: did,
+            // audience MUST be the target issuer per the OID4VC spec
+            aud
+          });
+
+          // add proof to body to be posted and loop to retry
+          const proof = {proof_type: 'jwt', jwt};
+          if(json.credential_requests) {
+            json.credential_requests = json.credential_requests.map(
+              cr => ({...cr, proof}));
+          } else {
+            json.proof = proof;
+          }
+        }
+      }
+
+      // wallet / client receives credential:
+      /* Note: The credential is not wrapped here in a VP in the current spec:
+
+      HTTP/1.1 200 OK
+        Content-Type: application/json
+        Cache-Control: no-store
+
+      {
+        "format": "ldp_vc"
+        "credential" : {...}
+      }
+
+      OR (if multiple `requests` were given)
+
+      {
+        "credential_responses": [{
+          "format": "ldp_vc",
+          "credential": {...}
+        }]
+      }
+      */
+      return result;
+    } catch(cause) {
+      const error = new Error('Could not receive credentials.');
+      error.name = 'OperationError';
+      error.cause = cause;
+      throw error;
+    }
+  }
+
+  // create a client from a credential offer
+  static async fromCredentialOffer({offer, agent} = {}) {
+    // validate offer
+    const {credential_issuer, credentials, grants = {}} = offer;
+    let parsedIssuer;
+    try {
+      parsedIssuer = new URL(credential_issuer);
+      if(parsedIssuer.protocol !== 'https:') {
+        throw new Error('Only "https" credential issuer URLs are supported.');
+      }
+    } catch(e) {
+      const err = new Error('"offer.credential_issuer" is not valid.');
+      err.cause = e;
+      throw err;
+    }
+    if(!(Array.isArray(credentials) && credentials.length > 0 &&
+      credentials.every(c => c && typeof c === 'object'))) {
+      throw new Error('"offer.credentials" is not valid.');
+    }
+    const grant = grants[GRANT_TYPES.get('preAuthorizedCode')];
+    if(!grant) {
+      // FIXME: implement `authorization_code` grant type as well
+      throw new Error('Only "pre-authorized_code" grant type is implemented.');
+    }
+    const {
+      'pre-authorized_code': preAuthorizedCode,
+      user_pin_required: userPinRequired
+    } = grant;
+    if(!preAuthorizedCode) {
+      throw new Error('"offer.grant" is missing "pre-authorized_code".');
+    }
+    if(userPinRequired) {
+      throw new Error('User pin is not implemented.');
+    }
+
+    try {
+      // discover issuer info
+      const issuerConfigUrl =
+        `${parsedIssuer.origin}/.well-known/oauth-authorization-server` +
+        parsedIssuer.pathname;
+      const issuerConfig = await discoverIssuer({issuerConfigUrl, agent});
+
+      /* First get access token from AS (Authorization Server), e.g.:
+
+      POST /token HTTP/1.1
+        Host: server.example.com
+        Content-Type: application/x-www-form-urlencoded
+        grant_type=urn:ietf:params:oauth:grant-type:pre-authorized_code
+        &pre-authorized_code=SplxlOBeZQQYbYS6WxSbIA
+        &user_pin=493536
+
+      Note a bad response would look like:
+
+      /*
+      HTTP/1.1 400 Bad Request
+      Content-Type: application/json
+      Cache-Control: no-store
+      {
+        "error": "invalid_request"
+      }
+      */
+      const body = new URLSearchParams();
+      body.set('grant_type', GRANT_TYPES.get('preAuthorizedCode'));
+      body.set('pre-authorized_code', preAuthorizedCode);
+      const {token_endpoint} = issuerConfig;
+      const response = await httpClient.post(token_endpoint, {
+        agent, body, headers: HEADERS
+      });
+      const {data: result} = response;
+      if(!result) {
+        const error = new Error(
+          'Could not get access token; response is not JSON.');
+        error.name = 'DataError';
+        throw error;
+      }
+
+      /* Validate response body (Note: Do not check or use `c_nonce*` here
+      because it conflates AS with DS (Delivery Server)), e.g.:
+
+      HTTP/1.1 200 OK
+        Content-Type: application/json
+        Cache-Control: no-store
+
+        {
+          "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp..sHQ",
+          "token_type": "bearer",
+          "expires_in": 86400
+        }
+      */
+      const {access_token: accessToken, token_type} = result;
+      if(!(accessToken && typeof accessToken === 'string')) {
+        const error = new Error(
+          'Invalid access token response; "access_token" must be a string.');
+        error.name = 'DataError';
+        throw error;
+      }
+      if(token_type !== 'bearer') {
+        const error = new Error(
+          'Invalid access token response; "token_type" must be a "bearer".');
+        error.name = 'DataError';
+        throw error;
+      }
+
+      // create client w/access token
+      return new OID4Client({accessToken, agent, issuerConfig, offer});
+    } catch(cause) {
+      const error = new Error('Could not create OID4 client.');
+      error.name = 'OperationError';
+      error.cause = cause;
+      throw error;
+    }
+  }
+}
+
+function _assertRequest(request) {
+  if(!(request && typeof request === 'object')) {
+    throw new TypeError('"request" must be an object.');
+  }
+  const {credential_definition, format} = request;
+  if(format !== undefined && format !== 'ldp_vc') {
+    throw new TypeError('Credential request "format" must be "ldp_vc".');
+  }
+  if(!(credential_definition && typeof credential_definition === 'object')) {
+    throw new TypeError(
+      'Credential request "credential_definition" must be an object.');
+  }
+  const {'@context': context, type: type} = credential_definition;
+  if(!(Array.isArray(context) && context.length > 0)) {
+    throw new TypeError(
+      'Credential definition "@context" must be an array of length >= 1.');
+  }
+  if(!(Array.isArray(type) && type.length > 0)) {
+    throw new TypeError(
+      'Credential definition "type" must be an array of length >= 2.');
+  }
+}
+
+function _isMissingProofError(error) {
+  /* If DID authn is required, delivery server sends, e.g.:
+
+  HTTP/1.1 400 Bad Request
+    Content-Type: application/json
+    Cache-Control: no-store
+
+  {
+    "error": "invalid_or_missing_proof"
+    "error_description":
+        "Credential issuer requires proof element in Credential Request"
+    "c_nonce": "8YE9hCnyV2",
+    "c_nonce_expires_in": 86400
+  }
+  */
+  return error.status === 400 &&
+    error?.data?.error === 'invalid_or_missing_proof';
+}
+
+function _createCredentialRequestFromId({id, issuerConfig}) {
+  const {credentials_supported: supported = []} = issuerConfig;
+  const meta = supported.find(d => d.id === id);
+  if(!meta) {
+    throw new Error(`No supported credential "${id}" found.`);
+  }
+  const {format, credential_definition} = meta;
+  if(typeof format !== 'string') {
+    throw new Error(
+      `Invalid supported credential "${id}"; "format" not specified.`);
+  }
+  if(format !== 'ldp_vc') {
+    throw new Error(`Unsupported "format" "${format}".`);
+  }
+  if(!(Array.isArray(credential_definition?.['@context']) &&
+    Array.isArray(credential_definition?.types))) {
+    throw new Error(
+      `Invalid supported credential "${id}"; "credential_definition" not ` +
+      'fully specified.');
+  }
+  return {format, credential_definition};
+}
+
+function _createCredentialRequestsFromOffer({issuerConfig, offer}) {
+  // build requests from `offer`
+  return offer.credentials.map(c => {
+    if(typeof c === 'string') {
+      // use issuer config metadata to dereference string
+      return _createCredentialRequestFromId({id: c, issuerConfig});
+    }
+    return c;
+  });
+}

package/lib/index.js

@@ -0,0 +1,5 @@
+/*!
+ * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved.
+ */
+export * from './util.js';
+export {OID4Client} from './OID4Client.js';

package/lib/util.js

@@ -0,0 +1,183 @@
+/*!
+ * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as base64url from 'base64url-universal';
+import {httpClient} from '@digitalbazaar/http-client';
+
+const TEXT_ENCODER = new TextEncoder();
+const ENCODED_PERIOD = TEXT_ENCODER.encode('.');
+const WELL_KNOWN_REGEX = /\/\.well-known\/([^\/]+)/;
+
+export async function discoverIssuer({issuerConfigUrl, agent} = {}) {
+  try {
+    if(!(issuerConfigUrl && typeof issuerConfigUrl === 'string')) {
+      throw new TypeError('"issuerConfigUrl" must be a string.');
+    }
+
+    // allow these params to be passed / configured
+    const fetchOptions = {
+      // max size for issuer config related responses (in bytes, ~4 KiB)
+      size: 4096,
+      // timeout in ms for fetching an issuer config
+      timeout: 5000,
+      agent
+    };
+
+    const response = await httpClient.get(issuerConfigUrl, fetchOptions);
+    if(!response.data) {
+      const error = new Error('Issuer configuration format is not JSON.');
+      error.name = 'DataError';
+      throw error;
+    }
+
+    const {data: config} = response;
+    const {issuer, token_endpoint} = config;
+
+    // validate `issuer`
+    if(!(typeof issuer === 'string' && issuer.startsWith('https://'))) {
+      const error = new Error('"issuer" is not an HTTPS URL.');
+      error.name = 'DataError';
+      throw error;
+    }
+
+    /* Validate `issuer` value against `issuerConfigUrl` (per RFC 8414):
+
+    The `origin` and `path` element must be parsed from `issuer` and checked
+    against `issuerConfigUrl` like so:
+
+    For issuer `<origin>` (no path), `issuerConfigUrl` must match:
+    `<origin>/.well-known/<any-path-segment>`
+
+    For issuer `<origin><path>`, `issuerConfigUrl` must be:
+    `<origin>/.well-known/<any-path-segment><path>` */
+    const {pathname: wellKnownPath} = new URL(issuerConfigUrl);
+    const anyPathSegment = wellKnownPath.match(WELL_KNOWN_REGEX)[1];
+    const {origin, pathname} = new URL(issuer);
+    let expectedConfigUrl = `${origin}/.well-known/${anyPathSegment}`;
+    if(pathname !== '/') {
+      expectedConfigUrl += pathname;
+    }
+    if(issuerConfigUrl !== expectedConfigUrl) {
+      const error = new Error('"issuer" does not match configuration URL.');
+      error.name = 'DataError';
+      throw error;
+    }
+
+    // ensure `token_endpoint` is valid
+    if(!(token_endpoint && typeof token_endpoint === 'string')) {
+      const error = new TypeError('"token_endpoint" must be a string.');
+      error.name = 'DataError';
+      throw error;
+    }
+
+    return config;
+  } catch(cause) {
+    const error = new Error('Could not get OAuth2 issuer configuration.');
+    error.name = 'OperationError';
+    error.cause = cause;
+    throw error;
+  }
+}
+
+export async function generateDIDProofJWT({
+  signer, nonce, iss, aud, exp, nbf
+} = {}) {
+  /* Example:
+  {
+    "alg": "ES256",
+    "kid":"did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1"
+  }.
+  {
+    "iss": "s6BhdRkqt3",
+    "aud": "https://server.example.com",
+    "iat": 1659145924,
+    "nonce": "tZignsnFbp"
+  }
+  */
+
+  if(exp === undefined) {
+    // default to 5 minute expiration time
+    exp = Math.floor(Date.now() / 1000) + 60 * 5;
+  }
+  if(nbf === undefined) {
+    // default to now
+    nbf = Math.floor(Date.now() / 1000);
+  }
+
+  const {id: kid} = signer;
+  const alg = _curveToAlg(signer.algorithm);
+  const payload = {nonce, iss, aud, exp, nbf};
+  const protectedHeader = {alg, kid};
+
+  return signJWT({payload, protectedHeader, signer});
+}
+
+export function parseCredentialOfferUrl({url} = {}) {
+  if(!(url && typeof url === 'string')) {
+    throw new TypeError('"url" must be a string.');
+  }
+
+  /* Parse URL, e.g.:
+
+  'openid-credential-offer://?' +
+    'credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2F' +
+    'localhost%3A18443%2Fexchangers%2Fz19t8xb568tNRD1zVm9R5diXR%2F' +
+    'exchanges%2Fz1ADs3ur2s9tm6JUW6CnTiyn3%22%2C%22credentials' +
+    '%22%3A%5B%7B%22format%22%3A%22ldp_vc%22%2C%22credential_definition' +
+    '%22%3A%7B%22%40context%22%3A%5B%22https%3A%2F%2Fwww.w3.org%2F2018%2F' +
+    'credentials%2Fv1%22%2C%22https%3A%2F%2Fwww.w3.org%2F2018%2F' +
+    'credentials%2Fexamples%2Fv1%22%5D%2C%22type%22%3A%5B%22' +
+    'VerifiableCredential%22%2C%22UniversityDegreeCredential' +
+    '%22%5D%7D%7D%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams' +
+    '%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22' +
+    'pre-authorized_code%22%3A%22z1AEvnk2cqeRM1Mfv75vzHSUo%22%7D%7D%7D';
+  */
+  const {protocol, searchParams} = new URL(url);
+  if(protocol !== 'openid-credential-offer:') {
+    throw new SyntaxError(
+      '"url" must express a URL with the ' +
+      '"openid-credential-offer" protocol.');
+  }
+  return JSON.parse(searchParams.get('credential_offer'));
+}
+
+export async function signJWT({payload, protectedHeader, signer} = {}) {
+  // encode payload and protected header
+  const b64Payload = base64url.encode(JSON.stringify(payload));
+  const b64ProtectedHeader = base64url.encode(JSON.stringify(protectedHeader));
+  payload = TEXT_ENCODER.encode(b64Payload);
+  protectedHeader = TEXT_ENCODER.encode(b64ProtectedHeader);
+
+  // concatenate
+  const data = new Uint8Array(
+    protectedHeader.length + ENCODED_PERIOD.length + payload.length);
+  data.set(protectedHeader);
+  data.set(ENCODED_PERIOD, protectedHeader.length);
+  data.set(payload, protectedHeader.length + ENCODED_PERIOD.length);
+
+  // sign
+  const signature = await signer.sign({data});
+
+  // create JWS
+  const jws = {
+    signature: base64url.encode(signature),
+    payload: b64Payload,
+    protected: b64ProtectedHeader
+  };
+
+  // create compact JWT
+  return `${jws.protected}.${jws.payload}.${jws.signature}`;
+}
+
+function _curveToAlg(crv) {
+  if(crv === 'Ed25519' || crv === 'Ed448') {
+    return 'EdDSA';
+  }
+  if(crv?.startsWith('P-')) {
+    return `ES${crv.slice(2)}`;
+  }
+  if(crv === 'secp256k1') {
+    return 'ES256K';
+  }
+  return crv;
+}

package/package.json

@@ -0,0 +1,77 @@
+{
+  "name": "@digitalbazaar/oid4-client",
+  "version": "2.0.0",
+  "description": "An OID4 (VC + VP) client",
+  "homepage": "https://github.com/digitalbazaar/oid4-client",
+  "author": {
+    "name": "Digital Bazaar, Inc.",
+    "email": "support@digitalbazaar.com",
+    "url": "https://digitalbazaar.com/"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/digitalbazaar/oid4-client"
+  },
+  "bugs": {
+    "url": "https://github.com/digitalbazaar/oid4-client/issues",
+    "email": "support@digitalbazaar.com"
+  },
+  "license": "BSD-3-Clause",
+  "type": "module",
+  "exports": "./lib/index.js",
+  "files": [
+    "lib/**/*.js"
+  ],
+  "dependencies": {
+    "@digitalbazaar/http-client": "^3.2.0",
+    "base64url-universal": "^2.0.0"
+  },
+  "devDependencies": {
+    "c8": "^7.11.3",
+    "chai": "^4.3.6",
+    "cross-env": "^7.0.3",
+    "eslint": "^8.41.0",
+    "eslint-config-digitalbazaar": "^5.0.1",
+    "eslint-plugin-jsdoc": "^45.0.0",
+    "eslint-plugin-unicorn": "^42.0.0",
+    "jsdoc": "^4.0.2",
+    "jsdoc-to-markdown": "^8.0.0",
+    "karma": "^6.3.20",
+    "karma-chai": "^0.1.0",
+    "karma-chrome-launcher": "^3.1.1",
+    "karma-mocha": "^2.0.1",
+    "karma-mocha-reporter": "^2.2.5",
+    "karma-sourcemap-loader": "^0.3.8",
+    "karma-webpack": "^5.0.0",
+    "mocha": "^10.0.0",
+    "mocha-lcov-reporter": "^1.3.0",
+    "webpack": "^5.73.0"
+  },
+  "c8": {
+    "reporter": [
+      "lcov",
+      "text-summary",
+      "text"
+    ]
+  },
+  "engines": {
+    "node": ">=16"
+  },
+  "keywords": [
+    "OID4",
+    "OID4VCI",
+    "OID4VC",
+    "OID4VP",
+    "OIDC4VCI"
+  ],
+  "scripts": {
+    "test": "npm run test-node",
+    "test-node": "cross-env NODE_ENV=test mocha --preserve-symlinks -t 10000 -r tests/node.js tests/**/*.spec.js",
+    "test-karma": "karma start tests/karma.conf.cjs",
+    "coverage": "cross-env NODE_ENV=test c8 npm run test-node",
+    "coverage-ci": "cross-env NODE_ENV=test c8 --reporter=lcovonly --reporter=text-summary --reporter=text npm run test-node",
+    "coverage-report": "c8 report",
+    "generate-readme": "jsdoc2md -t readme-template.hbs lib/*.js > README.md",
+    "lint": "eslint ."
+  }
+}