github-webhook-handler 1.0.0 → 2.0.0

package/.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    commit-message:
+      prefix: 'chore'
+      include: 'scope'
+    cooldown:
+      default-days: 5
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    commit-message:
+      prefix: 'chore'
+      include: 'scope'
+    cooldown:
+      default-days: 5

package/.github/workflows/test-and-release.yml

@@ -0,0 +1,56 @@
+name: Test & Maybe Release
+on: [push, pull_request]
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        node: [lts/*, current]
+        os: [macos-latest, ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v6
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install Dependencies
+        run: npm install --no-progress
+      - name: Check build is up to date
+        run: |
+          npm run build
+          git diff --exit-code || (echo "::error::Build artifacts not committed. Run 'npm run build' and commit the changes." && exit 1)
+      - name: Run tests
+        run: npm test
+
+  release:
+    name: Release
+    needs: test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install dependencies
+        run: npm install --no-progress --no-package-lock --no-save
+      - name: Build
+        run: npm run build
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
+        run: npx semantic-release

package/CHANGELOG.md

@@ -0,0 +1,9 @@
+## [2.0.0](https://github.com/rvagg/github-webhook-handler/compare/v1.0.0...v2.0.0) (2026-01-28)
+
+### ⚠ BREAKING CHANGES
+
+* modernise, ESM, promises, update deps, GHA, auto-release (#58)
+
+### Features
+
+* modernise, ESM, promises, update deps, GHA, auto-release ([#58](https://github.com/rvagg/github-webhook-handler/issues/58)) ([bc84845](https://github.com/rvagg/github-webhook-handler/commit/bc848457d5c28110ac24335af520ec3b921355fc))

package/README.md

@@ -1,13 +1,15 @@
 # github-webhook-handler
 
-[![Build Status](https://travis-ci.org/rvagg/github-webhook-handler.svg?branch=master)](https://travis-ci.org/rvagg/github-webhook-handler)
-
-[![NPM](https://nodei.co/npm/github-webhook-handler.svg)](https://nodei.co/npm/github-webhook-handler/)
+[![NPM](https://nodei.co/npm/github-webhook-handler.svg?style=flat&data=n,v&color=blue)](https://nodei.co/npm/github-webhook-handler/)
 
 GitHub allows you to register **[Webhooks](https://developer.github.com/webhooks/)** for your repositories. Each time an event occurs on your repository, whether it be pushing code, filling issues or creating pull requests, the webhook address you register can be configured to be pinged with details.
 
 This library is a small handler (or "middleware" if you must) for Node.js web servers that handles all the logic of receiving and verifying webhook requests from GitHub.
 
+## Requirements
+
+Node.js >= 20
+
 ## Tips
 
 In Github Webhooks settings, Content type must be `application/json`.
@@ -17,28 +19,29 @@ In Github Webhooks settings, Content type must be `application/json`.
 ## Example
 
 ```js
-var http = require('http')
-var createHandler = require('github-webhook-handler')
-var handler = createHandler({ path: '/webhook', secret: 'myhashsecret' })
+import http from 'node:http'
+import createHandler from 'github-webhook-handler'
 
-http.createServer(function (req, res) {
-  handler(req, res, function (err) {
+const handler = createHandler({ path: '/webhook', secret: 'myhashsecret' })
+
+http.createServer((req, res) => {
+  handler(req, res, (err) => {
     res.statusCode = 404
     res.end('no such location')
   })
 }).listen(7777)
 
-handler.on('error', function (err) {
+handler.on('error', (err) => {
   console.error('Error:', err.message)
 })
 
-handler.on('push', function (event) {
+handler.on('push', (event) => {
   console.log('Received a push event for %s to %s',
     event.payload.repository.name,
     event.payload.ref)
 })
 
-handler.on('issues', function (event) {
+handler.on('issues', (event) => {
   console.log('Received an issue event for %s action=%s: #%d %s',
     event.payload.repository.name,
     event.payload.action,
@@ -47,11 +50,11 @@ handler.on('issues', function (event) {
 })
 ```
 
-for multiple handlers, please see [multiple-handlers-issue](https://github.com/rvagg/github-webhook-handler/pull/22#issuecomment-274301907).
+For multiple handlers, see [multiple-handlers-issue](https://github.com/rvagg/github-webhook-handler/pull/22#issuecomment-274301907).
 
 ## API
 
-github-webhook-handler exports a single function, use this function to *create* a webhook handler by passing in an *options* object. Your options object should contain:
+github-webhook-handler exports a single function. Use this function to *create* a webhook handler by passing in an *options* object. Your options object should contain:
 
  * `"path"`: the complete case sensitive path/route to match when looking at `req.url` for incoming requests. Any request not matching this path will cause the callback function to the handler to be called (sometimes called the `next` handler).
  * `"secret"`: this is a hash key used for creating the SHA-1 HMAC signature of the JSON blob sent by GitHub. You should register the same secret key with GitHub. Any request not delivering a `X-Hub-Signature` that matches the signature generated using this key against the blob will be rejected and cause an `'error'` event (also the callback will be called with an `Error` object).
@@ -66,13 +69,14 @@ See the [GitHub Webhooks documentation](https://developer.github.com/webhooks/)
 Included in the distribution is an *events.json* file which maps the event names to descriptions taken from the API:
 
 ```js
-var events = require('github-webhook-handler/events')
-Object.keys(events).forEach(function (event) {
-  console.log(event, '=', events[event])
-})
+import events from 'github-webhook-handler/events.json' with { type: 'json' }
+
+for (const [event, description] of Object.entries(events)) {
+  console.log(event, '=', description)
+}
 ```
 
-Additionally, there is a special `'*'` even you can listen to in order to receive _everything_.
+Additionally, there is a special `'*'` event you can listen to in order to receive _everything_.
 
 ## License
 

package/github-webhook-handler.d.ts

@@ -1,18 +1,20 @@
-///<reference types="node" />
+/// <reference types="node" />
 
-import { IncomingMessage, ServerResponse } from "http";
-import { EventEmitter } from "events";
+import { IncomingMessage, ServerResponse } from 'node:http'
+import { EventEmitter } from 'node:events'
 
 interface CreateHandlerOptions {
-    path: string;
-    secret: string;
-    events?: string | string[];
+  path: string
+  secret: string
+  events?: string | string[]
 }
 
-interface handler extends EventEmitter {
-    (req: IncomingMessage, res: ServerResponse, callback: (err: Error) => void): void;
+interface Handler extends EventEmitter {
+  (req: IncomingMessage, res: ServerResponse, callback: (err?: Error) => void): void
+  sign(data: string | Buffer): string
+  verify(signature: string, data: string | Buffer): boolean
 }
 
-declare function createHandler(options: CreateHandlerOptions|CreateHandlerOptions[]): handler;
+declare function createHandler (options: CreateHandlerOptions | CreateHandlerOptions[]): Handler
 
-export = createHandler;
+export default createHandler

package/github-webhook-handler.js

@@ -1,6 +1,6 @@
-const EventEmitter = require('events')
-const crypto = require('crypto')
-const bl = require('bl')
+import { EventEmitter } from 'node:events'
+import crypto from 'node:crypto'
+import bl from 'bl'
 
 function findHandler (url, arr) {
   if (!Array.isArray(arr)) {
@@ -23,17 +23,16 @@ function checkType (options) {
   }
 
   if (typeof options.path !== 'string') {
-    throw new TypeError('must provide a \'path\' option')
+    throw new TypeError("must provide a 'path' option")
   }
 
   if (typeof options.secret !== 'string') {
-    throw new TypeError('must provide a \'secret\' option')
+    throw new TypeError("must provide a 'secret' option")
   }
 }
 
 function create (initOptions) {
   let options
-  // validate type of options
   if (Array.isArray(initOptions)) {
     for (let i = 0; i < initOptions.length; i++) {
       checkType(initOptions[i])
@@ -42,7 +41,6 @@ function create (initOptions) {
     checkType(initOptions)
   }
 
-  // make it an EventEmitter
   Object.setPrototypeOf(handler, EventEmitter.prototype)
   EventEmitter.call(handler)
 
@@ -130,8 +128,8 @@ function create (initOptions) {
       res.end('{"ok":true}')
 
       const emitData = {
-        event: event,
-        id: id,
+        event,
+        id,
         payload: obj,
         protocol: req.protocol,
         host: req.headers.host,
@@ -145,4 +143,4 @@ function create (initOptions) {
   }
 }
 
-module.exports = create
+export default create

package/package.json

@@ -1,12 +1,19 @@
 {
   "name": "github-webhook-handler",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Web handler / middleware for processing GitHub Webhooks",
+  "type": "module",
   "main": "github-webhook-handler.js",
+  "exports": "./github-webhook-handler.js",
   "types": "github-webhook-handler.d.ts",
+  "engines": {
+    "node": ">=20"
+  },
   "scripts": {
-    "lint": "standard *.js",
-    "test": "npm run lint && node test.js"
+    "lint": "standard",
+    "build": "true",
+    "test:unit": "node --test test.js",
+    "test": "npm run lint && npm run test:unit"
   },
   "keywords": [
     "github",
@@ -19,13 +26,98 @@
   },
   "license": "MIT",
   "dependencies": {
-    "bl": "~4.0.0"
+    "bl": "^6.1.6"
   },
   "devDependencies": {
-    "@types/node": "*",
-    "run-series": "~1.1.8",
-    "standard": "~14.3.1",
-    "tape": "~4.11.0",
-    "through2": "~3.0.1"
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.2",
+    "@semantic-release/npm": "^13.1.3",
+    "@semantic-release/release-notes-generator": "^14.1.0",
+    "conventional-changelog-conventionalcommits": "^9.1.0",
+    "semantic-release": "^25.0.2",
+    "standard": "^17.1.2"
+  },
+  "release": {
+    "branches": [
+      "master"
+    ],
+    "plugins": [
+      [
+        "@semantic-release/commit-analyzer",
+        {
+          "preset": "conventionalcommits",
+          "releaseRules": [
+            {
+              "breaking": true,
+              "release": "major"
+            },
+            {
+              "revert": true,
+              "release": "patch"
+            },
+            {
+              "type": "feat",
+              "release": "minor"
+            },
+            {
+              "type": "fix",
+              "release": "patch"
+            },
+            {
+              "type": "chore",
+              "release": "patch"
+            },
+            {
+              "type": "docs",
+              "release": "patch"
+            },
+            {
+              "type": "test",
+              "release": "patch"
+            },
+            {
+              "scope": "no-release",
+              "release": false
+            }
+          ]
+        }
+      ],
+      [
+        "@semantic-release/release-notes-generator",
+        {
+          "preset": "conventionalcommits",
+          "presetConfig": {
+            "types": [
+              {
+                "type": "feat",
+                "section": "Features"
+              },
+              {
+                "type": "fix",
+                "section": "Bug Fixes"
+              },
+              {
+                "type": "chore",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "docs",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "test",
+                "section": "Tests"
+              }
+            ]
+          }
+        }
+      ],
+      "@semantic-release/changelog",
+      "@semantic-release/npm",
+      "@semantic-release/github",
+      "@semantic-release/git"
+    ]
   }
 }

package/test.js

@@ -1,15 +1,15 @@
-const test = require('tape')
-const crypto = require('crypto')
-const handler = require('./')
-const through2 = require('through2')
-const series = require('run-series')
+import { test } from 'node:test'
+import assert from 'node:assert'
+import crypto from 'node:crypto'
+import { PassThrough } from 'node:stream'
+import handler from './github-webhook-handler.js'
 
 function signBlob (key, blob) {
   return `sha1=${crypto.createHmac('sha1', key).update(blob).digest('hex')}`
 }
 
 function mkReq (url, method) {
-  const req = through2()
+  const req = new PassThrough()
   req.method = method || 'POST'
   req.url = url
   req.headers = {
@@ -22,116 +22,102 @@ function mkReq (url, method) {
 
 function mkRes () {
   const res = {
-    writeHead: function (statusCode, headers) {
+    writeHead (statusCode, headers) {
       res.$statusCode = statusCode
       res.$headers = headers
     },
-
-    end: function (content) {
+    end (content) {
       res.$end = content
     }
   }
-
   return res
 }
 
-test('handler without full options throws', (t) => {
-  t.plan(4)
-
-  t.equal(typeof handler, 'function', 'handler exports a function')
-
-  t.throws(handler, /must provide an options object/, 'throws if no options')
-
-  t.throws(handler.bind(null, {}), /must provide a 'path' option/, 'throws if no path option')
-
-  t.throws(handler.bind(null, { path: '/' }), /must provide a 'secret' option/, 'throws if no secret option')
+test('handler without full options throws', () => {
+  assert.strictEqual(typeof handler, 'function', 'handler exports a function')
+  assert.throws(() => handler(), /must provide an options object/, 'throws if no options')
+  assert.throws(() => handler({}), /must provide a 'path' option/, 'throws if no path option')
+  assert.throws(() => handler({ path: '/' }), /must provide a 'secret' option/, 'throws if no secret option')
 })
 
-test('handler without full options throws in array', (t) => {
-  t.plan(2)
-
-  t.throws(handler.bind(null, [{}]), /must provide a 'path' option/, 'throws if no path option')
-
-  t.throws(handler.bind(null, [{ path: '/' }]), /must provide a 'secret' option/, 'throws if no secret option')
+test('handler without full options throws in array', () => {
+  assert.throws(() => handler([{}]), /must provide a 'path' option/, 'throws if no path option')
+  assert.throws(() => handler([{ path: '/' }]), /must provide a 'secret' option/, 'throws if no secret option')
 })
 
-test('handler ignores invalid urls', (t) => {
+test('handler ignores invalid urls', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(6)
-
-  h(mkReq('/'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  // near match
-  h(mkReq('/some/url/'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url/'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  // partial match
-  h(mkReq('/some'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 })
 
-test('handler ingores non-POST requests', (t) => {
+test('handler ignores non-POST requests', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(4)
-
-  h(mkReq('/some/url', 'GET'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url', 'GET'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  h(mkReq('/some/url?test=param', 'GET'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url?test=param', 'GET'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 })
 
-test('handler accepts valid urls', (t) => {
+test('handler accepts valid urls', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(1)
-
-  h(mkReq('/some/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
+  let callbackCalled = false
+  h(mkReq('/some/url'), mkRes(), () => {
+    callbackCalled = true
   })
 
-  setTimeout(t.ok.bind(t, true, 'done'))
+  await new Promise((resolve) => setTimeout(resolve, 10))
+  assert.strictEqual(callbackCalled, false, 'callback should not be called for valid POST')
 })
 
-test('handler accepts valid urls in Array', (t) => {
+test('handler accepts valid urls in Array', async () => {
   const options = [{ path: '/some/url', secret: 'bogus' }, { path: '/someOther/url', secret: 'bogus' }]
   const h = handler(options)
 
-  t.plan(1)
-
-  h(mkReq('/some/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
-  })
-
-  h(mkReq('/someOther/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
-  })
+  let callbackCalled = false
+  h(mkReq('/some/url'), mkRes(), () => { callbackCalled = true })
+  h(mkReq('/someOther/url'), mkRes(), () => { callbackCalled = true })
 
-  setTimeout(t.ok.bind(t, true, 'done'))
+  await new Promise((resolve) => setTimeout(resolve, 10))
+  assert.strictEqual(callbackCalled, false, 'callback should not be called for valid POSTs')
 })
 
-test('handler can reject events', (t) => {
+test('handler can reject events', async () => {
   const acceptableEvents = {
-    undefined: undefined,
+    undefined,
     'a string equal to the event': 'bogus',
     'a string equal to *': '*',
     'an array containing the event': ['bogus'],
@@ -141,74 +127,55 @@ test('handler can reject events', (t) => {
     'a string not equal to the event or *': 'not-bogus',
     'an array not containing the event or *': ['not-bogus']
   }
-  const acceptable = Object.keys(acceptableEvents)
-  const unacceptable = Object.keys(unacceptableEvents)
-  const acceptableTests = acceptable.map((events) => {
-    return acceptableReq.bind(null, events)
-  })
-  const unacceptableTests = unacceptable.map((events) => {
-    return unacceptableReq.bind(null, events)
-  })
-
-  t.plan(acceptable.length + unacceptable.length)
-  series(acceptableTests.concat(unacceptableTests))
 
-  function acceptableReq (events, callback) {
+  for (const [desc, events] of Object.entries(acceptableEvents)) {
     const h = handler({
       path: '/some/url',
       secret: 'bogus',
-      events: acceptableEvents[events]
+      events
     })
 
-    h(mkReq('/some/url'), mkRes(), (err) => {
-      t.error(err)
-      t.fail(false, 'should not call')
-    })
+    let callbackCalled = false
+    h(mkReq('/some/url'), mkRes(), () => { callbackCalled = true })
 
-    setTimeout(() => {
-      t.ok(true, 'accepted because options.events was ' + events)
-      callback()
-    })
+    await new Promise((resolve) => setTimeout(resolve, 10))
+    assert.strictEqual(callbackCalled, false, `accepted because options.events was ${desc}`)
   }
 
-  function unacceptableReq (events, callback) {
+  for (const [desc, events] of Object.entries(unacceptableEvents)) {
     const h = handler({
       path: '/some/url',
       secret: 'bogus',
-      events: unacceptableEvents[events]
+      events
     })
 
     h.on('error', () => {})
 
-    h(mkReq('/some/url'), mkRes(), (err) => {
-      t.ok(err, 'rejected because options.events was ' + events)
-      callback()
+    await new Promise((resolve) => {
+      h(mkReq('/some/url'), mkRes(), (err) => {
+        assert.ok(err, `rejected because options.events was ${desc}`)
+        resolve()
+      })
     })
   }
 })
 
-// because we don't inherit in a traditional way
-test('handler is an EventEmitter', (t) => {
-  t.plan(5)
-
+test('handler is an EventEmitter', () => {
   const h = handler({ path: '/', secret: 'bogus' })
 
-  t.equal(typeof h.on, 'function', 'has h.on()')
-  t.equal(typeof h.emit, 'function', 'has h.emit()')
-  t.equal(typeof h.removeListener, 'function', 'has h.removeListener()')
-
-  h.on('ping', (pong) => {
-    t.equal(pong, 'pong', 'got event')
-  })
+  assert.strictEqual(typeof h.on, 'function', 'has h.on()')
+  assert.strictEqual(typeof h.emit, 'function', 'has h.emit()')
+  assert.strictEqual(typeof h.removeListener, 'function', 'has h.removeListener()')
 
+  let received
+  h.on('ping', (pong) => { received = pong })
   h.emit('ping', 'pong')
+  assert.strictEqual(received, 'pong', 'got event')
 
-  t.throws(h.emit.bind(h, 'error', new Error('threw an error')), /threw an error/, 'acts like an EE')
+  assert.throws(() => h.emit('error', new Error('threw an error')), /threw an error/, 'acts like an EE')
 })
 
-test('handler accepts a signed blob', (t) => {
-  t.plan(4)
-
+test('handler accepts a signed blob', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -218,54 +185,69 @@ test('handler accepts a signed blob', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'push'
 
-  h.on('push', (event) => {
-    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  const eventPromise = new Promise((resolve) => {
+    h.on('push', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'push',
+        id: 'bogus',
+        payload: obj,
+        url: '/',
+        host: undefined,
+        protocol: undefined,
+        path: '/'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler accepts multi blob in Array', (t) => {
-  t.plan(4)
-
+test('handler accepts multi blob in Array', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler([{ path: '/', secret: 'bogus' }, { path: '/some/url', secret: 'bogus' }])
   const req = mkReq('/some/url')
   const res = mkRes()
+
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'push'
 
-  h.on('push', (event) => {
-    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/some/url', host: undefined, protocol: undefined, path: '/some/url' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  const eventPromise = new Promise((resolve) => {
+    h.on('push', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'push',
+        id: 'bogus',
+        payload: obj,
+        url: '/some/url',
+        host: undefined,
+        protocol: undefined,
+        path: '/some/url'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler accepts a signed blob with alt event', (t) => {
-  t.plan(4)
-
+test('handler accepts a signed blob with alt event', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -275,30 +257,35 @@ test('handler accepts a signed blob with alt event', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'issue'
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
-
-  h.on('issue', (event) => {
-    t.deepEqual(event, { event: 'issue', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  h.on('push', () => assert.fail('should not get here'))
+
+  const eventPromise = new Promise((resolve) => {
+    h.on('issue', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'issue',
+        id: 'bogus',
+        payload: obj,
+        url: '/',
+        host: undefined,
+        protocol: undefined,
+        path: '/'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler rejects a badly signed blob', (t) => {
-  t.plan(6)
-
+test('handler rejects a badly signed blob', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -306,33 +293,30 @@ test('handler rejects a badly signed blob', (t) => {
   const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
-  // break signage by a tiny bit
   req.headers['x-hub-signature'] = '0' + req.headers['x-hub-signature'].substring(1)
 
-  h.on('error', (err, _req) => {
-    t.ok(err, 'got an error')
-    t.strictEqual(_req, req, 'was given original request object')
-    t.equal(res.$statusCode, 400, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"error":"X-Hub-Signature does not match blob signature"}', 'got correct content')
+  const errorPromise = new Promise((resolve) => {
+    h.on('error', (err, _req) => {
+      assert.ok(err, 'got an error')
+      assert.strictEqual(_req, req, 'was given original request object')
+      assert.strictEqual(res.$statusCode, 400, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"error":"X-Hub-Signature does not match blob signature"}', 'got correct content')
+      resolve()
+    })
   })
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
+  h.on('push', () => assert.fail('should not get here'))
 
   h(req, res, (err) => {
-    t.ok(err, 'got error on callback')
+    assert.ok(err, 'got error on callback')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await errorPromise
 })
 
-test('handler responds on a bl error', (t) => {
-  t.plan(4)
-
+test('handler responds on a stream error', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -342,29 +326,25 @@ test('handler responds on a bl error', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'issue'
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
-
-  h.on('issue', (event) => {
-    t.fail(true, 'should never get here!')
-  })
+  h.on('push', () => assert.fail('should not get here'))
+  h.on('issue', () => assert.fail('should never get here'))
 
-  h.on('error', (err) => {
-    t.ok(err, 'got an error')
-    t.equal(res.$statusCode, 400, 'correct status code')
+  const errorPromise = new Promise((resolve) => {
+    h.on('error', (err) => {
+      assert.ok(err, 'got an error')
+      assert.strictEqual(res.$statusCode, 400, 'correct status code')
+      resolve()
+    })
   })
 
   h(req, res, (err) => {
-    t.ok(err)
+    assert.ok(err)
   })
 
-  res.end = () => {
-    t.equal(res.$statusCode, 400, 'correct status code')
-  }
-
   req.write('{')
   process.nextTick(() => {
-    req.emit('error', new Error('simulated explosion'))
+    req.destroy(new Error('simulated explosion'))
   })
+
+  await errorPromise
 })

package/.travis.yml

@@ -1,14 +0,0 @@
-sudo: false
-language: node_js
-node_js:
-  - 8
-  - 10
-  - 12
-  - lts/*
-  - current
-branches:
-  only:
-    - master
-notifications:
-  email:
-    - rod@vagg.org