@helia/verified-fetch 2.2.1 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -1
- package/dist/index.min.js +36 -33
- package/dist/src/index.d.ts +32 -1
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +28 -2
- package/dist/src/index.js.map +1 -1
- package/dist/typedoc-urls.json +25 -25
- package/package.json +3 -2
- package/src/index.ts +36 -4
package/README.md
CHANGED
|
@@ -34,7 +34,13 @@ repo and examine the changes made.
|
|
|
34
34
|
|
|
35
35
|
All content is retrieved in a [trustless manner](https://www.techopedia.com/definition/trustless), and the integrity of all bytes are verified by comparing hashes of the data.
|
|
36
36
|
|
|
37
|
-
By default, providers for CIDs are found
|
|
37
|
+
By default, providers for CIDs are found using [delegated routing endpoints](https://docs.ipfs.tech/concepts/public-utilities/#delegated-routing).
|
|
38
|
+
|
|
39
|
+
Data is retrieved using the following strategies:
|
|
40
|
+
|
|
41
|
+
- Directly from providers, using [Bitswap](https://docs.ipfs.tech/concepts/bitswap/) over WebSockets and WebRTC if available.
|
|
42
|
+
- Directly from providers exposing a [trustless gateway](https://specs.ipfs.tech/http-gateways/trustless-gateway/) over HTTPS.
|
|
43
|
+
- As a fallback, if no providers reachable from a browser are found, data is retrieved using recursive gateways, e.g. `trustless-gateway.link` which can be configured.
|
|
38
44
|
|
|
39
45
|
This is a marked improvement over `fetch` which offers no such protections and is vulnerable to all sorts of attacks like [Content Spoofing](https://owasp.org/www-community/attacks/Content_Spoofing), [DNS Hijacking](https://en.wikipedia.org/wiki/DNS_hijacking), etc.
|
|
40
46
|
|
|
@@ -219,6 +225,26 @@ const fetch = await createVerifiedFetch({
|
|
|
219
225
|
})
|
|
220
226
|
```
|
|
221
227
|
|
|
228
|
+
### Custom Hashers
|
|
229
|
+
|
|
230
|
+
By default, `@helia/verified-fetch` supports `sha256`, `sha512`, and `identity` hashers.
|
|
231
|
+
|
|
232
|
+
If you need to use a different hasher, you can provide a [custom `hasher` function](https://multiformats.github.io/js-multiformats/interfaces/hashes_interface.MultihashHasher.html) as an option to `createVerifiedFetch`.
|
|
233
|
+
|
|
234
|
+
## Example - Passing a custom hashing function
|
|
235
|
+
|
|
236
|
+
```typescript
|
|
237
|
+
import { createVerifiedFetch } from '@helia/verified-fetch'
|
|
238
|
+
import { blake2b256 } from '@multiformats/blake2/blake2b'
|
|
239
|
+
|
|
240
|
+
const verifiedFetch = await createVerifiedFetch({
|
|
241
|
+
gateways: ['https://ipfs.io'],
|
|
242
|
+
hashers: [blake2b256]
|
|
243
|
+
})
|
|
244
|
+
|
|
245
|
+
const resp = await verifiedFetch('ipfs://cid-using-blake2b256')
|
|
246
|
+
```
|
|
247
|
+
|
|
222
248
|
### IPLD codec handling
|
|
223
249
|
|
|
224
250
|
IPFS supports several data formats (typically referred to as codecs) which are included in the CID. `@helia/verified-fetch` attempts to abstract away some of the details for easier consumption.
|