edockit 0.4.0-dev.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -1
- package/README.md +3 -7
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.4.0] - 2026-03-19
|
|
11
|
+
|
|
10
12
|
### Added
|
|
11
13
|
|
|
12
14
|
- **Verification checklist output** - `verifySignature()` can now return a structured `checklist` with per-check status details when `includeChecklist: true`
|
|
@@ -16,11 +18,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
16
18
|
- **Compact trusted-list bundle format** - Added local matching against compact JSON bundles with a dedicated provider contract
|
|
17
19
|
- **Public Node-only trusted-list builder** - Added `edockit/trusted-list/build` for generating app-hosted trusted-list JSON, along with the repository `npm run update-trusted-list` script
|
|
18
20
|
|
|
21
|
+
### Changed
|
|
22
|
+
|
|
23
|
+
- **Trust-list aware validation status** - When a `trustListProvider` is configured and the signer's issuer is not found or not trusted at signing time, overall status is now `INDETERMINATE` (previously `VALID`). Also downgrades to `INDETERMINATE` when the trust-list provider throws an error.
|
|
24
|
+
- **ESM-compatible module builds** - `@xmldom/xmldom` and `xpath` are now externalized in ESM/CJS builds with proper `import` statements, fixing `"XML DOM parser not available"` errors in Node.js ESM consumers
|
|
25
|
+
|
|
19
26
|
### Fixed
|
|
20
27
|
|
|
21
28
|
- **SignatureTimeStamp canonicalization** - Respect the timestamp's declared canonicalization method when hashing `ds:SignatureValue`, fixing false `coversSignature: false` results for some real samples
|
|
22
29
|
- **Skip LDAP CRL distribution points** - Filter out non-HTTP(S) URLs from CRL distribution points to avoid failed fetch attempts on unsupported protocols like LDAP
|
|
23
30
|
- **Timestamp trust-list evaluation** - Trusted-list verification now checks timestamp authorities at the timestamp signing time instead of only checking the signer issuer side
|
|
31
|
+
- **TypeScript 5.9 compatibility** - Fix `Uint8Array`/`BufferSource` type errors in Web Crypto API calls
|
|
32
|
+
- **Package security updates** - Update transitive dependencies to resolve vulnerabilities in rollup, minimatch, koa, basic-ftp, diff, qs, and brace-expansion
|
|
24
33
|
|
|
25
34
|
## [0.3.0] - 2026-01-04
|
|
26
35
|
|
|
@@ -104,7 +113,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
104
113
|
- File checksum verification (SHA-256/384/512)
|
|
105
114
|
- Browser and Node.js support
|
|
106
115
|
|
|
107
|
-
[Unreleased]: https://github.com/edgarsj/edockit/compare/v0.
|
|
116
|
+
[Unreleased]: https://github.com/edgarsj/edockit/compare/v0.4.0...HEAD
|
|
117
|
+
[0.4.0]: https://github.com/edgarsj/edockit/compare/v0.3.0...v0.4.0
|
|
108
118
|
[0.3.0]: https://github.com/edgarsj/edockit/compare/v0.2.4...v0.3.0
|
|
109
119
|
[0.2.4]: https://github.com/edgarsj/edockit/compare/v0.2.3...v0.2.4
|
|
110
120
|
[0.2.3]: https://github.com/edgarsj/edockit/compare/v0.2.2...v0.2.3
|
package/README.md
CHANGED
|
@@ -108,14 +108,11 @@ Use these if you need direct RFC 3161 parsing or verification outside `verifySig
|
|
|
108
108
|
- Return a structured verification checklist for consumer applications
|
|
109
109
|
- Match both signer issuers and timestamp authorities against a trusted list through an explicit provider contract
|
|
110
110
|
|
|
111
|
-
##
|
|
111
|
+
## Compatibility
|
|
112
112
|
|
|
113
|
-
The library has been
|
|
113
|
+
The library has been used in production to verify ASiC-E containers across a range of signature algorithms, certificate authorities, and vendor implementations.
|
|
114
114
|
|
|
115
|
-
|
|
116
|
-
- files produced by different vendor implementations
|
|
117
|
-
- more signature algorithm and certificate variations
|
|
118
|
-
- more edge cases and malformed samples
|
|
115
|
+
If the library fails to parse a valid container or does not recognize a signature format, please [open an issue](https://github.com/edgarsj/edockit/issues) or contact [edocviewer@zenomy.tech](mailto:edocviewer@zenomy.tech) and attach the sample file (if it does not contain sensitive or personal data). Real-world samples from other EU and non-EU countries are especially helpful.
|
|
119
116
|
|
|
120
117
|
## Contributing
|
|
121
118
|
|
|
@@ -124,4 +121,3 @@ Contributions are welcome, especially:
|
|
|
124
121
|
- real-world ASiC-E samples from different countries
|
|
125
122
|
- bug reports with reproducible files when possible
|
|
126
123
|
- interoperability fixes
|
|
127
|
-
- documentation improvements
|