npm - @localnerve/csp-hashes - Versions diffs - 3.0.3 → 3.1.2 - Mend

@localnerve/csp-hashes 3.0.3 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -8,4 +8,4 @@
  * Licensed under the MIT license.
  */
 /* eslint-env node */
-export { hashstream as default, hashstream, removeCspMeta } from './lib/index.js';
+export { hashstream as default, hashstream, removeCspMeta, createCspHash } from './lib/index.js';

package/lib/index.js CHANGED Viewed

@@ -51,6 +51,29 @@ function collectHashes (hashFn, html, hashes) {
   });
 }
+/**
+ * Makes a CSP hash string for the given input and algorithm.
+ *
+ * @param {String} algo - The hash algorithm to use.
+ * @param {String} input - A string of text to generate a hash for.
+ * @returns {String} The hash value of the given input.
+ */
+function makeCspHash (algo, input) {
+  const createHash = r => crypto.createHash(algo).update(r).digest('base64');
+  const formatHash = h => `'${algo}-${h}'`;
+  return formatHash(createHash(input));
+}
+/**
+ * Makes a CSP hash string for the given input and algorithm.
+ *
+ * @param {String} input - A string of text to generate a hash for.
+ * @param {String} [algo] - hash algorithm, default sha256. Can be sha384, sha512.
+ * @returns
+ */
+export function createCspHash(input, algo = 'sha256') {
+  return makeCspHash(algo, input);
+}
 /**
  * hashstream
  * Accepts the processing options and returns the Vinyl transform object stream.
@@ -75,10 +98,6 @@ export function hashstream ({
     throw new Error('callback option must be a valid function.');
   }
-  const createHash = r => crypto.createHash(algo).update(r).digest('base64');
-  const formatHash = h => `'${algo}-${h}'`;
-  const makeCSPHash = s => formatHash(createHash(s));
   const transformObjectStream = new Transform({
     objectMode: true,
     transform: (vinyl, enc, done) => {
@@ -102,7 +121,7 @@ export function hashstream ({
         }
       };
-      collectHashes(makeCSPHash, content, hashes);
+      collectHashes(makeCspHash.bind(null, algo), content, hashes);
       if (replace) {
         const s = callback(path, hashes, content.toString());

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@localnerve/csp-hashes",
-  "version": "3.0.3",
+  "version": "3.1.2",
   "description": "Flexible library to generate CSP hashes",
   "main": "index.js",
   "type": "module",
@@ -16,8 +16,8 @@
   },
   "devDependencies": {
     "@babel/preset-env": "^7.22.9",
-    "eslint": "^8.45.0",
-    "jest": "^29.6.1",
+    "eslint": "^8.46.0",
+    "jest": "^29.6.2",
     "vinyl": "^3.0.0"
   },
   "dependencies": {

package/readme.md CHANGED Viewed

@@ -41,6 +41,20 @@ Stream hashstream ({
 })
 ```
+See [`hashstream options`](#hashstream-options) for a detailed explanation of the input options.
+### createCspHash
+This library exports the helper method it uses to make CSP formatted hashes. This is useful if you have a picece of code you need to hash and place into your hash list outside the scope of the page as rendered.
+```
+String createCSPHash(inputString, algo = 'sha256')
+```
++ {String} **inputString** - Required - The input content to hash.
++ {String} **\[algo\]** - Optional - Defaults to `'sha256'`, can be one of 'sha256', 'sha384' or 'sha512'.
+Returns a ready to use csp hash string (with quotes) in the form of `'sha256-d3ii1Pel57UO62xosCMNgTaZJhJa87Gd/X6e7UdlEU8='`.
 ### removeCspMeta
 This library also exports a convenience helper method, `removeCspMeta` that is useful for some types of development builds. This method takes no options and returns a stream that operates on [Vinyl](https://github.com/gulpjs/vinyl) objects and removes any `Content-Security-Policy` content found in the files.