npm - @pod-os/core - Versions diffs - 0.2.0 → 0.2.1-4e1a22f.0 - Mend

@pod-os/core 0.2.0 → 0.2.1-4e1a22f.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.js +266 -105
package/lib/index.js +265 -105
package/package.json +3 -1
package/types/Store.d.ts +2 -2
package/types/authentication/index.d.ts +5 -1
package/types/files/BinaryFile.d.ts +7 -0
package/types/files/BrokenFile.d.ts +9 -0
package/types/files/BrokenFile.spec.d.ts +1 -0
package/types/files/FileFetcher.d.ts +7 -0
package/types/files/FileFetcher.spec.d.ts +1 -0
package/types/files/HttpStatus.d.ts +6 -0
package/types/files/HttpStatus.spec.d.ts +1 -0
package/types/files/SolidFile.d.ts +4 -0
package/types/files/index.d.ts +4 -0
package/types/index.d.ts +4 -0

package/dist/index.js CHANGED Viewed

@@ -503,26 +503,26 @@ var require_InruptError = __commonJS({
       }
       static lookupErrorIri(iri, messageParams) {
         if (InruptError.determineIfVocabTerm(iri)) {
-          const message = messageParams === void 0 ? iri.message : iri.messageParams(...messageParams);
-          return message === void 0 ? `Looked up error message IRI [${iri.value}], but found no message value.` : message;
+          const message2 = messageParams === void 0 ? iri.message : iri.messageParams(...messageParams);
+          return message2 === void 0 ? `Looked up error message IRI [${iri.value}], but found no message value.` : message2;
         }
         return `Error message looked up at: [${iri.value}]${messageParams === void 0 ? "" : `, with params [${messageParams.toString()}]`}`;
       }
-      static appendHttpResponseDetails(message, response, append) {
+      static appendHttpResponseDetails(message2, response, append) {
         if (append && typeof response !== "undefined") {
-          return `${message} HTTP details: status code [${response.status}], status text [${response.statusText}].`;
+          return `${message2} HTTP details: status code [${response.status}], status text [${response.statusText}].`;
         }
-        return message;
+        return message2;
       }
-      static appendErrorIri(message, iri, append) {
-        return append ? `${message} Error IRI: [${iri.value}].` : message;
+      static appendErrorIri(message2, iri, append) {
+        return append ? `${message2} Error IRI: [${iri.value}].` : message2;
       }
-      static substituteParams(message, params) {
-        let fullMessage = message;
+      static substituteParams(message2, params) {
+        let fullMessage = message2;
         if (params !== void 0) {
-          const paramsRequired = message.split("{{").length - 1;
+          const paramsRequired = message2.split("{{").length - 1;
           if (paramsRequired !== params.length) {
-            throw new Error(`Setting parameters on message [${message}], but it requires [${paramsRequired}] params and we received [${params.length}].`);
+            throw new Error(`Setting parameters on message [${message2}], but it requires [${paramsRequired}] params and we received [${params.length}].`);
           }
           for (let i = 0; i < params.length; i += 1) {
             const marker = `{{${i}}}`;
@@ -953,10 +953,10 @@ var require_browser_ponyfill = __commonJS({
         try {
           new exports2.DOMException();
         } catch (err) {
-          exports2.DOMException = function(message, name) {
-            this.message = message;
+          exports2.DOMException = function(message2, name) {
+            this.message = message2;
             this.name = name;
-            var error2 = Error(message);
+            var error2 = Error(message2);
             this.stack = error2.stack;
           };
           exports2.DOMException.prototype = Object.create(Error.prototype);
@@ -1188,9 +1188,9 @@ var JOSEError, JWTClaimValidationFailed, JWTExpired, JOSEAlgNotAllowed, JOSENotS
 var init_errors = __esm({
   "../node_modules/jose/dist/browser/util/errors.js"() {
     JOSEError = class extends Error {
-      constructor(message) {
+      constructor(message2) {
         var _a;
-        super(message);
+        super(message2);
         this.code = "ERR_JOSE_GENERIC";
         this.name = this.constructor.name;
         (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);
@@ -1200,8 +1200,8 @@ var init_errors = __esm({
       }
     };
     JWTClaimValidationFailed = class extends JOSEError {
-      constructor(message, claim = "unspecified", reason = "unspecified") {
-        super(message);
+      constructor(message2, claim = "unspecified", reason = "unspecified") {
+        super(message2);
         this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
         this.claim = claim;
         this.reason = reason;
@@ -1211,8 +1211,8 @@ var init_errors = __esm({
       }
     };
     JWTExpired = class extends JOSEError {
-      constructor(message, claim = "unspecified", reason = "unspecified") {
-        super(message);
+      constructor(message2, claim = "unspecified", reason = "unspecified") {
+        super(message2);
         this.code = "ERR_JWT_EXPIRED";
         this.claim = claim;
         this.reason = reason;
@@ -1394,8 +1394,9 @@ var init_check_cek_length = __esm({
   "../node_modules/jose/dist/browser/runtime/check_cek_length.js"() {
     init_errors();
     checkCekLength = (cek, expected) => {
-      if (cek.length << 3 !== expected) {
-        throw new JWEInvalid("Invalid Content Encryption Key length");
+      const actual = cek.byteLength << 3;
+      if (actual !== expected) {
+        throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
       }
     };
     check_cek_length_default = checkCekLength;
@@ -1430,7 +1431,7 @@ var init_timing_safe_equal = __esm({
 // ../node_modules/jose/dist/browser/runtime/env.js
 function isCloudflareWorkers() {
-  return typeof WebSocketPair === "function";
+  return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
 }
 var init_env = __esm({
   "../node_modules/jose/dist/browser/runtime/env.js"() {
@@ -1513,6 +1514,12 @@ function checkSigCryptoKey(key, alg, ...usages) {
         throw unusable("NODE-ED25519");
       break;
     }
+    case "EdDSA": {
+      if (key.algorithm.name !== "Ed25519" && key.algorithm.name !== "Ed448") {
+        throw unusable("Ed25519 or Ed448");
+      }
+      break;
+    }
     case "ES256":
     case "ES384":
     case "ES512": {
@@ -1553,10 +1560,17 @@ function checkEncCryptoKey(key, alg, ...usages) {
         throw unusable(expected, "algorithm.length");
       break;
     }
-    case "ECDH":
-      if (!isAlgorithm(key.algorithm, "ECDH"))
-        throw unusable("ECDH");
+    case "ECDH": {
+      switch (key.algorithm.name) {
+        case "ECDH":
+        case "X25519":
+        case "X448":
+          break;
+        default:
+          throw unusable("ECDH, X25519, or X448");
+      }
       break;
+    }
     case "PBES2-HS256+A128KW":
     case "PBES2-HS384+A192KW":
     case "PBES2-HS512+A256KW":
@@ -1587,29 +1601,34 @@ var init_crypto_key = __esm({
 });
 // ../node_modules/jose/dist/browser/lib/invalid_key_input.js
+function message(msg2, actual, ...types2) {
+  if (types2.length > 2) {
+    const last = types2.pop();
+    msg2 += `one of type ${types2.join(", ")}, or ${last}.`;
+  } else if (types2.length === 2) {
+    msg2 += `one of type ${types2[0]} or ${types2[1]}.`;
+  } else {
+    msg2 += `of type ${types2[0]}.`;
+  }
+  if (actual == null) {
+    msg2 += ` Received ${actual}`;
+  } else if (typeof actual === "function" && actual.name) {
+    msg2 += ` Received function ${actual.name}`;
+  } else if (typeof actual === "object" && actual != null) {
+    if (actual.constructor && actual.constructor.name) {
+      msg2 += ` Received an instance of ${actual.constructor.name}`;
+    }
+  }
+  return msg2;
+}
+function withAlg(alg, actual, ...types2) {
+  return message(`Key for the ${alg} algorithm must be `, actual, ...types2);
+}
 var invalid_key_input_default;
 var init_invalid_key_input = __esm({
   "../node_modules/jose/dist/browser/lib/invalid_key_input.js"() {
     invalid_key_input_default = (actual, ...types2) => {
-      let msg2 = "Key must be ";
-      if (types2.length > 2) {
-        const last = types2.pop();
-        msg2 += `one of type ${types2.join(", ")}, or ${last}.`;
-      } else if (types2.length === 2) {
-        msg2 += `one of type ${types2[0]} or ${types2[1]}.`;
-      } else {
-        msg2 += `of type ${types2[0]}.`;
-      }
-      if (actual == null) {
-        msg2 += ` Received ${actual}`;
-      } else if (typeof actual === "function" && actual.name) {
-        msg2 += ` Received function ${actual.name}`;
-      } else if (typeof actual === "object" && actual != null) {
-        if (actual.constructor && actual.constructor.name) {
-          msg2 += ` Received an instance of ${actual.constructor.name}`;
-        }
-      }
-      return msg2;
+      return message("Key must be ", actual, ...types2);
     };
   }
 });
@@ -1842,10 +1861,18 @@ async function deriveKey(publicKey, privateKey, algorithm, keyLength, apu = new
   }
   checkEncCryptoKey(privateKey, "ECDH", "deriveBits");
   const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));
+  let length;
+  if (publicKey.algorithm.name === "X25519") {
+    length = 256;
+  } else if (publicKey.algorithm.name === "X448") {
+    length = 448;
+  } else {
+    length = Math.ceil(parseInt(publicKey.algorithm.namedCurve.substr(-3), 10) / 8) << 3;
+  }
   const sharedSecret = new Uint8Array(await webcrypto_default.subtle.deriveBits({
-    name: "ECDH",
+    name: publicKey.algorithm.name,
     public: publicKey
-  }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.slice(-3), 10) / 8) << 3));
+  }, privateKey, length));
   return concatKdf(sharedSecret, keyLength, value);
 }
 async function generateEpk(key) {
@@ -1858,7 +1885,7 @@ function ecdhAllowed(key) {
   if (!isCryptoKey(key)) {
     throw new TypeError(invalid_key_input_default(key, ...types));
   }
-  return ["P-256", "P-384", "P-521"].includes(key.algorithm.namedCurve);
+  return ["P-256", "P-384", "P-521"].includes(key.algorithm.namedCurve) || key.algorithm.name === "X25519" || key.algorithm.name === "X448";
 }
 var init_ecdhes = __esm({
   "../node_modules/jose/dist/browser/runtime/ecdhes.js"() {
@@ -2107,8 +2134,14 @@ var init_asn1 = __esm({
           return "P-384";
         case findOid(keyData, [43, 129, 4, 0, 35]):
           return "P-521";
-        case (isCloudflareWorkers() && findOid(keyData, [43, 101, 112])):
+        case findOid(keyData, [43, 101, 110]):
+          return "X25519";
+        case findOid(keyData, [43, 101, 111]):
+          return "X448";
+        case findOid(keyData, [43, 101, 112]):
           return "Ed25519";
+        case findOid(keyData, [43, 101, 113]):
+          return "Ed448";
         default:
           throw new JOSENotSupported("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
       }
@@ -2157,15 +2190,22 @@ var init_asn1 = __esm({
         case "ECDH-ES":
         case "ECDH-ES+A128KW":
         case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          algorithm = { name: "ECDH", namedCurve: getNamedCurve2(keyData) };
+        case "ECDH-ES+A256KW": {
+          const namedCurve = getNamedCurve2(keyData);
+          algorithm = namedCurve.startsWith("P-") ? { name: "ECDH", namedCurve } : { name: namedCurve };
           keyUsages = isPublic ? [] : ["deriveBits"];
           break;
-        case (isCloudflareWorkers() && "EdDSA"):
+        }
+        case (isCloudflareWorkers() && "EdDSA"): {
           const namedCurve = getNamedCurve2(keyData).toUpperCase();
           algorithm = { name: `NODE-${namedCurve}`, namedCurve: `NODE-${namedCurve}` };
           keyUsages = isPublic ? ["verify"] : ["sign"];
           break;
+        }
+        case "EdDSA":
+          algorithm = { name: getNamedCurve2(keyData) };
+          keyUsages = isPublic ? ["verify"] : ["sign"];
+          break;
         default:
           throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
       }
@@ -2288,9 +2328,27 @@ function subtleMapping(jwk) {
           keyUsages = jwk.d ? ["sign"] : ["verify"];
           break;
         default:
-          throw new JOSENotSupported('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value');
+          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
+    case "OKP": {
+      switch (jwk.alg) {
+        case "EdDSA":
+          algorithm = { name: jwk.crv };
+          keyUsages = jwk.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          algorithm = { name: jwk.crv };
+          keyUsages = jwk.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
@@ -2350,18 +2408,12 @@ function parseElement(bytes) {
   if (bytes[position] < 128) {
     length = bytes[position];
     position++;
-  } else {
-    let numberOfDigits = bytes[position] & 127;
-    position++;
-    length = 0;
-    for (let i = 0; i < numberOfDigits; i++) {
-      length = length * 256 + bytes[position];
-      position++;
-    }
-  }
-  if (length === 128) {
+  } else if (length === 128) {
     length = 0;
     while (bytes[position + length] !== 0 || bytes[position + length + 1] !== 0) {
+      if (length > bytes.byteLength) {
+        throw new TypeError("invalid indefinite form length");
+      }
       length++;
     }
     const byteLength2 = position + length + 2;
@@ -2370,6 +2422,14 @@ function parseElement(bytes) {
       contents: bytes.subarray(position, position + length),
       raw: bytes.subarray(0, byteLength2)
     };
+  } else {
+    let numberOfDigits = bytes[position] & 127;
+    position++;
+    length = 0;
+    for (let i = 0; i < numberOfDigits; i++) {
+      length = length * 256 + bytes[position];
+      position++;
+    }
   }
   const byteLength = position + length;
   return {
@@ -2397,7 +2457,12 @@ async function importX509(x509, alg, options) {
   if (typeof x509 !== "string" || x509.indexOf("-----BEGIN CERTIFICATE-----") !== 0) {
     throw new TypeError('"x509" must be X.509 formatted string');
   }
-  const spki = getSPKI(x509);
+  let spki;
+  try {
+    spki = getSPKI(x509);
+  } catch (cause) {
+    throw new TypeError("failed to parse the X.509 certificate", { cause });
+  }
   return fromSPKI(spki, alg, options);
 }
 async function importPKCS8(pkcs8, alg, options) {
@@ -2453,19 +2518,19 @@ var init_check_key_type = __esm({
   "../node_modules/jose/dist/browser/lib/check_key_type.js"() {
     init_invalid_key_input();
     init_is_key_like();
-    symmetricTypeCheck = (key) => {
+    symmetricTypeCheck = (alg, key) => {
       if (key instanceof Uint8Array)
         return;
       if (!is_key_like_default(key)) {
-        throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
+        throw new TypeError(withAlg(alg, key, ...types, "Uint8Array"));
       }
       if (key.type !== "secret") {
         throw new TypeError(`${types.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
       }
     };
-    asymmetricTypeCheck = (key, usage) => {
+    asymmetricTypeCheck = (alg, key, usage) => {
       if (!is_key_like_default(key)) {
-        throw new TypeError(invalid_key_input_default(key, ...types));
+        throw new TypeError(withAlg(alg, key, ...types));
       }
       if (key.type === "secret") {
         throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
@@ -2486,9 +2551,9 @@ var init_check_key_type = __esm({
     checkKeyType = (alg, key, usage) => {
       const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(alg);
       if (symmetric) {
-        symmetricTypeCheck(key);
+        symmetricTypeCheck(alg, key);
       } else {
-        asymmetricTypeCheck(key, usage);
+        asymmetricTypeCheck(alg, key, usage);
       }
     };
     check_key_type_default = checkKeyType;
@@ -2590,7 +2655,7 @@ var init_aesgcmkw = __esm({
 });
 // ../node_modules/jose/dist/browser/lib/decrypt_key_management.js
-async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {
+async function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {
   check_key_type_default(alg, key, "decrypt");
   switch (alg) {
     case "dir": {
@@ -2644,6 +2709,9 @@ async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {
         throw new JWEInvalid("JWE Encrypted Key missing");
       if (typeof joseHeader.p2c !== "number")
         throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
+      const p2cLimit = (options === null || options === void 0 ? void 0 : options.maxPBES2Count) || 1e4;
+      if (joseHeader.p2c > p2cLimit)
+        throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`);
       if (typeof joseHeader.p2s !== "string")
         throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
       return decrypt2(alg, key, encryptedKey, joseHeader.p2c, decode(joseHeader.p2s));
@@ -2830,9 +2898,9 @@ async function flattenedDecrypt(jwe, key, options) {
   }
   let cek;
   try {
-    cek = await decrypt_key_management_default(alg, key, encryptedKey, joseHeader);
+    cek = await decrypt_key_management_default(alg, key, encryptedKey, joseHeader, options);
   } catch (err) {
-    if (err instanceof TypeError) {
+    if (err instanceof TypeError || err instanceof JWEInvalid || err instanceof JOSENotSupported) {
       throw err;
     }
     cek = cek_default(enc);
@@ -3461,6 +3529,8 @@ function subtleDsa(alg, algorithm) {
     case (isCloudflareWorkers() && "EdDSA"):
       const { namedCurve } = algorithm;
       return { name: namedCurve, namedCurve };
+    case "EdDSA":
+      return { name: algorithm.name };
     default:
       throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
   }
@@ -4752,7 +4822,7 @@ function getModulusLengthOption(options) {
   return modulusLength;
 }
 async function generateKeyPair(alg, options) {
-  var _a, _b;
+  var _a, _b, _c;
   let algorithm;
   let keyUsages;
   switch (alg) {
@@ -4813,17 +4883,44 @@ async function generateKeyPair(alg, options) {
           throw new JOSENotSupported("Invalid or unsupported crv option provided");
       }
       break;
+    case "EdDSA":
+      keyUsages = ["sign", "verify"];
+      const crv = (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "Ed25519";
+      switch (crv) {
+        case "Ed25519":
+        case "Ed448":
+          algorithm = { name: crv };
+          break;
+        default:
+          throw new JOSENotSupported("Invalid or unsupported crv option provided");
+      }
+      break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
-    case "ECDH-ES+A256KW":
-      algorithm = { name: "ECDH", namedCurve: (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "P-256" };
+    case "ECDH-ES+A256KW": {
       keyUsages = ["deriveKey", "deriveBits"];
+      const crv2 = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : "P-256";
+      switch (crv2) {
+        case "P-256":
+        case "P-384":
+        case "P-521": {
+          algorithm = { name: "ECDH", namedCurve: crv2 };
+          break;
+        }
+        case "X25519":
+        case "X448":
+          algorithm = { name: crv2 };
+          break;
+        default:
+          throw new JOSENotSupported("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448");
+      }
       break;
+    }
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
   }
-  return webcrypto_default.subtle.generateKey(algorithm, (_b = options === null || options === void 0 ? void 0 : options.extractable) !== null && _b !== void 0 ? _b : false, keyUsages);
+  return webcrypto_default.subtle.generateKey(algorithm, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages);
 }
 var init_generate = __esm({
   "../node_modules/jose/dist/browser/runtime/generate.js"() {
@@ -5218,8 +5315,8 @@ var require_ConfigurationError = __commonJS({
     "use strict";
     Object.defineProperty(exports, "__esModule", { value: true });
     var ConfigurationError = class extends Error {
-      constructor(message) {
-        super(message);
+      constructor(message2) {
+        super(message2);
       }
     };
     exports.default = ConfigurationError;
@@ -5263,8 +5360,8 @@ var require_OidcProviderError = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.OidcProviderError = void 0;
     var OidcProviderError = class extends Error {
-      constructor(message, error2, errorDescription) {
-        super(message);
+      constructor(message2, error2, errorDescription) {
+        super(message2);
         this.error = error2;
         this.errorDescription = errorDescription;
       }
@@ -16100,10 +16197,10 @@ var require_JsonLdError = __commonJS({
   "../node_modules/jsonld/lib/JsonLdError.js"(exports, module2) {
     "use strict";
     module2.exports = class JsonLdError extends Error {
-      constructor(message = "An unspecified JSON-LD error occurred.", name = "jsonld.Error", details = {}) {
-        super(message);
+      constructor(message2 = "An unspecified JSON-LD error occurred.", name = "jsonld.Error", details = {}) {
+        super(message2);
         this.name = name;
-        this.message = message;
+        this.message = message2;
         this.details = details;
       }
     };
@@ -22900,9 +22997,9 @@ var require_dom = __commonJS({
     var INVALID_MODIFICATION_ERR = ExceptionCode.INVALID_MODIFICATION_ERR = (ExceptionMessage[13] = "Invalid modification", 13);
     var NAMESPACE_ERR = ExceptionCode.NAMESPACE_ERR = (ExceptionMessage[14] = "Invalid namespace", 14);
     var INVALID_ACCESS_ERR = ExceptionCode.INVALID_ACCESS_ERR = (ExceptionMessage[15] = "Invalid access", 15);
-    function DOMException(code, message) {
-      if (message instanceof Error) {
-        var error2 = message;
+    function DOMException(code, message2) {
+      if (message2 instanceof Error) {
+        var error2 = message2;
       } else {
         error2 = this;
         Error.call(this, ExceptionMessage[code]);
@@ -22911,8 +23008,8 @@ var require_dom = __commonJS({
           Error.captureStackTrace(this, DOMException);
       }
       error2.code = code;
-      if (message)
-        this.message = this.message + ": " + message;
+      if (message2)
+        this.message = this.message + ": " + message2;
       return error2;
     }
     DOMException.prototype = Error.prototype;
@@ -24206,8 +24303,8 @@ var require_sax = __commonJS({
     var S_ATTR_END = 5;
     var S_TAG_SPACE = 6;
     var S_TAG_CLOSE = 7;
-    function ParseError(message, locator) {
-      this.message = message;
+    function ParseError(message2, locator) {
+      this.message = message2;
       this.locator = locator;
       if (Error.captureStackTrace)
         Error.captureStackTrace(this, ParseError);
@@ -25075,6 +25172,63 @@ var BrowserSession = class {
   }
 };
+// src/files/BinaryFile.ts
+var BinaryFile = class {
+  constructor(url, data) {
+    this.url = url;
+    this.data = data;
+  }
+  blob() {
+    return this.data;
+  }
+};
+// src/files/BrokenFile.ts
+var BrokenFile = class {
+  constructor(url, status) {
+    this.url = url;
+    this.status = status;
+  }
+  toString() {
+    return `${this.status.toString()} - ${this.url}`;
+  }
+  blob() {
+    return null;
+  }
+};
+// src/files/HttpStatus.ts
+var HttpStatus = class {
+  constructor(code, text) {
+    this.code = code;
+    this.text = text;
+  }
+  toString() {
+    return this.text ? `${this.code} - ${this.text}` : this.code.toString();
+  }
+};
+// src/files/FileFetcher.ts
+var FileFetcher = class {
+  constructor(session) {
+    this.session = session;
+  }
+  fetchFile(url) {
+    return __async(this, null, function* () {
+      const response = yield this.session.authenticatedFetch(url);
+      if (response.ok) {
+        const blob = yield response.blob();
+        return new BinaryFile(url, blob);
+      } else {
+        return new BrokenFile(
+          url,
+          new HttpStatus(response.status, response.statusText)
+        );
+      }
+    });
+  }
+};
 // ../node_modules/@babel/runtime/helpers/esm/createClass.js
 function _defineProperties(target, props) {
   for (var i = 0; i < props.length; i++) {
@@ -25490,8 +25644,8 @@ var NamedNode = /* @__PURE__ */ function(_Node) {
       throw new Error('NamedNode IRI "' + iri + '" must be absolute.');
     }
     if (_this.value.includes(" ")) {
-      var message = 'Error: NamedNode IRI "' + iri + '" must not contain unencoded spaces.';
-      throw new Error(message);
+      var message2 = 'Error: NamedNode IRI "' + iri + '" must not contain unencoded spaces.';
+      throw new Error(message2);
     }
     return _this;
   }
@@ -28975,8 +29129,8 @@ var N3Parser = class {
   _emit(subject, predicate, object, graph3) {
     this._callback(null, this._quad(subject, predicate, object, graph3 || this.DEFAULTGRAPH));
   }
-  _error(message, token) {
-    const err = new Error(`${message} on line ${token.line}.`);
+  _error(message2, token) {
+    const err = new Error(`${message2} on line ${token.line}.`);
     err.context = {
       token,
       line: token.line,
@@ -36747,13 +36901,13 @@ var Fetcher = /* @__PURE__ */ function() {
           }
         }
       }, function(err) {
-        var message = err.message || err.statusText;
-        message = "Failed to load  <" + uri + "> " + message;
-        console.log(message);
+        var message2 = err.message || err.statusText;
+        message2 = "Failed to load  <" + uri + "> " + message2;
+        console.log(message2);
         if (err.response && err.response.status) {
-          message += " status: " + err.response.status;
+          message2 += " status: " + err.response.status;
         }
-        userCallback(false, message, err.response);
+        userCallback(false, message2, err.response);
       });
     }
   }, {
@@ -37247,16 +37401,16 @@ var Fetcher = /* @__PURE__ */ function() {
           return this.redirectToProxy(proxyUri, options);
         }
       }
-      var message;
+      var message2;
       if (response instanceof Error) {
-        message = "Fetch error: " + response.message;
+        message2 = "Fetch error: " + response.message;
       } else {
-        message = response.statusText;
+        message2 = response.statusText;
         if (response.responseText) {
-          message += " ".concat(response.responseText);
+          message2 += " ".concat(response.responseText);
         }
       }
-      return this.failFetch(options, message, response.status || 998, response);
+      return this.failFetch(options, message2, response.status || 998, response);
     }
   }, {
     key: "addType",
@@ -37715,6 +37869,7 @@ var PodOS = class {
   constructor() {
     this.session = new BrowserSession();
     this.store = new Store(this.session);
+    this.fileFetcher = new FileFetcher(this.session);
   }
   handleIncomingRedirect() {
     this.session.handleIncomingRedirect();
@@ -37722,6 +37877,9 @@ var PodOS = class {
   fetch(uri) {
     return this.store.fetch(uri);
   }
+  fetchFile(url) {
+    return this.fileFetcher.fetchFile(url);
+  }
   trackSession(callback) {
     return this.session.trackSession(callback);
   }
@@ -37733,7 +37891,10 @@ var PodOS = class {
   }
 };
 export {
+  BinaryFile,
+  BrokenFile,
   BrowserSession,
+  HttpStatus,
   PodOS
 };
 /*!