github-webhook-handler 1.0.0 → 2.1.0

package/.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    commit-message:
+      prefix: 'chore'
+      include: 'scope'
+    cooldown:
+      default-days: 5
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    commit-message:
+      prefix: 'chore'
+      include: 'scope'
+    cooldown:
+      default-days: 5

package/.github/workflows/test-and-release.yml

@@ -0,0 +1,56 @@
+name: Test & Maybe Release
+on: [push, pull_request]
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        node: [lts/*, current]
+        os: [macos-latest, ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v6
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install Dependencies
+        run: npm install --no-progress
+      - name: Check build is up to date
+        run: |
+          npm run build
+          git diff --exit-code || (echo "::error::Build artifacts not committed. Run 'npm run build' and commit the changes." && exit 1)
+      - name: Run tests
+        run: npm test
+
+  release:
+    name: Release
+    needs: test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install dependencies
+        run: npm install --no-progress --no-package-lock --no-save
+      - name: Build
+        run: npm run build
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
+        run: npx semantic-release

package/CHANGELOG.md

@@ -0,0 +1,15 @@
+## [2.1.0](https://github.com/rvagg/github-webhook-handler/compare/v2.0.0...v2.1.0) (2026-01-28)
+
+### Features
+
+* add types via jsdoc tsc, remove old handrolled types ([#59](https://github.com/rvagg/github-webhook-handler/issues/59)) ([f8f20d8](https://github.com/rvagg/github-webhook-handler/commit/f8f20d864cf9529b2eebd953099967267b068ba4))
+
+## [2.0.0](https://github.com/rvagg/github-webhook-handler/compare/v1.0.0...v2.0.0) (2026-01-28)
+
+### ⚠ BREAKING CHANGES
+
+* modernise, ESM, promises, update deps, GHA, auto-release (#58)
+
+### Features
+
+* modernise, ESM, promises, update deps, GHA, auto-release ([#58](https://github.com/rvagg/github-webhook-handler/issues/58)) ([bc84845](https://github.com/rvagg/github-webhook-handler/commit/bc848457d5c28110ac24335af520ec3b921355fc))

package/README.md

@@ -1,13 +1,15 @@
 # github-webhook-handler
 
-[![Build Status](https://travis-ci.org/rvagg/github-webhook-handler.svg?branch=master)](https://travis-ci.org/rvagg/github-webhook-handler)
-
-[![NPM](https://nodei.co/npm/github-webhook-handler.svg)](https://nodei.co/npm/github-webhook-handler/)
+[![NPM](https://nodei.co/npm/github-webhook-handler.svg?style=flat&data=n,v&color=blue)](https://nodei.co/npm/github-webhook-handler/)
 
 GitHub allows you to register **[Webhooks](https://developer.github.com/webhooks/)** for your repositories. Each time an event occurs on your repository, whether it be pushing code, filling issues or creating pull requests, the webhook address you register can be configured to be pinged with details.
 
 This library is a small handler (or "middleware" if you must) for Node.js web servers that handles all the logic of receiving and verifying webhook requests from GitHub.
 
+## Requirements
+
+Node.js >= 20
+
 ## Tips
 
 In Github Webhooks settings, Content type must be `application/json`.
@@ -17,28 +19,29 @@ In Github Webhooks settings, Content type must be `application/json`.
 ## Example
 
 ```js
-var http = require('http')
-var createHandler = require('github-webhook-handler')
-var handler = createHandler({ path: '/webhook', secret: 'myhashsecret' })
+import http from 'node:http'
+import createHandler from 'github-webhook-handler'
 
-http.createServer(function (req, res) {
-  handler(req, res, function (err) {
+const handler = createHandler({ path: '/webhook', secret: 'myhashsecret' })
+
+http.createServer((req, res) => {
+  handler(req, res, (err) => {
     res.statusCode = 404
     res.end('no such location')
   })
 }).listen(7777)
 
-handler.on('error', function (err) {
+handler.on('error', (err) => {
   console.error('Error:', err.message)
 })
 
-handler.on('push', function (event) {
+handler.on('push', (event) => {
   console.log('Received a push event for %s to %s',
     event.payload.repository.name,
     event.payload.ref)
 })
 
-handler.on('issues', function (event) {
+handler.on('issues', (event) => {
   console.log('Received an issue event for %s action=%s: #%d %s',
     event.payload.repository.name,
     event.payload.action,
@@ -47,11 +50,11 @@ handler.on('issues', function (event) {
 })
 ```
 
-for multiple handlers, please see [multiple-handlers-issue](https://github.com/rvagg/github-webhook-handler/pull/22#issuecomment-274301907).
+For multiple handlers, see [multiple-handlers-issue](https://github.com/rvagg/github-webhook-handler/pull/22#issuecomment-274301907).
 
 ## API
 
-github-webhook-handler exports a single function, use this function to *create* a webhook handler by passing in an *options* object. Your options object should contain:
+github-webhook-handler exports a single function. Use this function to *create* a webhook handler by passing in an *options* object. Your options object should contain:
 
  * `"path"`: the complete case sensitive path/route to match when looking at `req.url` for incoming requests. Any request not matching this path will cause the callback function to the handler to be called (sometimes called the `next` handler).
  * `"secret"`: this is a hash key used for creating the SHA-1 HMAC signature of the JSON blob sent by GitHub. You should register the same secret key with GitHub. Any request not delivering a `X-Hub-Signature` that matches the signature generated using this key against the blob will be rejected and cause an `'error'` event (also the callback will be called with an `Error` object).
@@ -66,13 +69,14 @@ See the [GitHub Webhooks documentation](https://developer.github.com/webhooks/)
 Included in the distribution is an *events.json* file which maps the event names to descriptions taken from the API:
 
 ```js
-var events = require('github-webhook-handler/events')
-Object.keys(events).forEach(function (event) {
-  console.log(event, '=', events[event])
-})
+import events from 'github-webhook-handler/events.json' with { type: 'json' }
+
+for (const [event, description] of Object.entries(events)) {
+  console.log(event, '=', description)
+}
 ```
 
-Additionally, there is a special `'*'` even you can listen to in order to receive _everything_.
+Additionally, there is a special `'*'` event you can listen to in order to receive _everything_.
 
 ## License
 

package/github-webhook-handler.js

@@ -1,7 +1,30 @@
-const EventEmitter = require('events')
-const crypto = require('crypto')
-const bl = require('bl')
-
+import { EventEmitter } from 'node:events'
+import crypto from 'node:crypto'
+import bl from 'bl'
+
+/**
+ * @typedef {Object} CreateHandlerOptions
+ * @property {string} path
+ * @property {string} secret
+ * @property {string | string[]} [events]
+ */
+
+/**
+ * @typedef {Object} WebhookEvent
+ * @property {string} event - The event type (e.g. 'push', 'issues')
+ * @property {string} id - The delivery ID from X-Github-Delivery header
+ * @property {any} payload - The parsed JSON payload
+ * @property {string} [protocol] - The request protocol
+ * @property {string} [host] - The request host header
+ * @property {string} url - The request URL
+ * @property {string} path - The matched handler path
+ */
+
+/**
+ * @param {string} url
+ * @param {CreateHandlerOptions | CreateHandlerOptions[]} arr
+ * @returns {CreateHandlerOptions}
+ */
 function findHandler (url, arr) {
   if (!Array.isArray(arr)) {
     return arr
@@ -17,23 +40,30 @@ function findHandler (url, arr) {
   return ret
 }
 
+/**
+ * @param {CreateHandlerOptions} options
+ */
 function checkType (options) {
   if (typeof options !== 'object') {
     throw new TypeError('must provide an options object')
   }
 
   if (typeof options.path !== 'string') {
-    throw new TypeError('must provide a \'path\' option')
+    throw new TypeError("must provide a 'path' option")
   }
 
   if (typeof options.secret !== 'string') {
-    throw new TypeError('must provide a \'secret\' option')
+    throw new TypeError("must provide a 'secret' option")
   }
 }
 
+/**
+ * @param {CreateHandlerOptions | CreateHandlerOptions[]} initOptions
+ * @returns {EventEmitter & {(req: import('node:http').IncomingMessage, res: import('node:http').ServerResponse, callback: (err?: Error) => void): void, sign(data: string | Buffer): string, verify(signature: string, data: string | Buffer): boolean}}
+ */
 function create (initOptions) {
+  /** @type {CreateHandlerOptions} */
   let options
-  // validate type of options
   if (Array.isArray(initOptions)) {
     for (let i = 0; i < initOptions.length; i++) {
       checkType(initOptions[i])
@@ -42,19 +72,30 @@ function create (initOptions) {
     checkType(initOptions)
   }
 
-  // make it an EventEmitter
+  // @ts-ignore - handler is a callable EventEmitter via setPrototypeOf
   Object.setPrototypeOf(handler, EventEmitter.prototype)
+  // @ts-ignore
   EventEmitter.call(handler)
 
   handler.sign = sign
   handler.verify = verify
 
+  // @ts-ignore
   return handler
 
+  /**
+   * @param {string | Buffer} data
+   * @returns {string}
+   */
   function sign (data) {
     return `sha1=${crypto.createHmac('sha1', options.secret).update(data).digest('hex')}`
   }
 
+  /**
+   * @param {string} signature
+   * @param {string | Buffer} data
+   * @returns {boolean}
+   */
   function verify (signature, data) {
     const sig = Buffer.from(signature)
     const signed = Buffer.from(sign(data))
@@ -64,10 +105,16 @@ function create (initOptions) {
     return crypto.timingSafeEqual(sig, signed)
   }
 
+  /**
+   * @param {import('node:http').IncomingMessage} req
+   * @param {import('node:http').ServerResponse} res
+   * @param {(err?: Error) => void} callback
+   */
   function handler (req, res, callback) {
+    /** @type {string[] | undefined} */
     let events
 
-    options = findHandler(req.url, initOptions)
+    options = findHandler(/** @type {string} */ (req.url), initOptions)
 
     if (typeof options.events === 'string' && options.events !== '*') {
       events = [options.events]
@@ -79,12 +126,16 @@ function create (initOptions) {
       return callback()
     }
 
+    /**
+     * @param {string} msg
+     */
     function hasError (msg) {
       res.writeHead(400, { 'content-type': 'application/json' })
       res.end(JSON.stringify({ error: msg }))
 
       const err = new Error(msg)
 
+      // @ts-ignore - handler has EventEmitter prototype
       handler.emit('error', err, req)
       callback(err)
     }
@@ -105,7 +156,7 @@ function create (initOptions) {
       return hasError('No X-Github-Delivery found on request')
     }
 
-    if (events && events.indexOf(event) === -1) {
+    if (events && events.indexOf(/** @type {string} */ (event)) === -1) {
       return hasError('X-Github-Event is not acceptable')
     }
 
@@ -116,33 +167,35 @@ function create (initOptions) {
 
       let obj
 
-      if (!verify(sig, data)) {
+      if (!verify(/** @type {string} */ (sig), data)) {
         return hasError('X-Hub-Signature does not match blob signature')
       }
 
       try {
         obj = JSON.parse(data.toString())
       } catch (e) {
-        return hasError(e)
+        return hasError(/** @type {Error} */ (e).message)
       }
 
       res.writeHead(200, { 'content-type': 'application/json' })
       res.end('{"ok":true}')
 
       const emitData = {
-        event: event,
-        id: id,
+        event,
+        id,
         payload: obj,
-        protocol: req.protocol,
+        protocol: /** @type {any} */ (req).protocol,
         host: req.headers.host,
         url: req.url,
         path: options.path
       }
 
+      // @ts-ignore - handler has EventEmitter prototype
       handler.emit(event, emitData)
+      // @ts-ignore - handler has EventEmitter prototype
       handler.emit('*', emitData)
     }))
   }
 }
 
-module.exports = create
+export default create

package/package.json

@@ -1,12 +1,26 @@
 {
   "name": "github-webhook-handler",
-  "version": "1.0.0",
+  "version": "2.1.0",
   "description": "Web handler / middleware for processing GitHub Webhooks",
+  "type": "module",
   "main": "github-webhook-handler.js",
-  "types": "github-webhook-handler.d.ts",
+  "exports": {
+    ".": {
+      "import": "./github-webhook-handler.js",
+      "types": "./types/github-webhook-handler.d.ts"
+    }
+  },
+  "types": "types/github-webhook-handler.d.ts",
+  "engines": {
+    "node": ">=20"
+  },
   "scripts": {
-    "lint": "standard *.js",
-    "test": "npm run lint && node test.js"
+    "lint": "standard",
+    "build": "npm run build:types",
+    "build:types": "tsc --build",
+    "prepublishOnly": "npm run build",
+    "test:unit": "node --test test.js",
+    "test": "npm run lint && npm run test:unit"
   },
   "keywords": [
     "github",
@@ -19,13 +33,100 @@
   },
   "license": "MIT",
   "dependencies": {
-    "bl": "~4.0.0"
+    "bl": "^6.1.6"
   },
   "devDependencies": {
-    "@types/node": "*",
-    "run-series": "~1.1.8",
-    "standard": "~14.3.1",
-    "tape": "~4.11.0",
-    "through2": "~3.0.1"
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.2",
+    "@semantic-release/npm": "^13.1.3",
+    "@semantic-release/release-notes-generator": "^14.1.0",
+    "@types/node": "^25.0.10",
+    "conventional-changelog-conventionalcommits": "^9.1.0",
+    "semantic-release": "^25.0.2",
+    "standard": "^17.1.2",
+    "typescript": "^5.9.3"
+  },
+  "release": {
+    "branches": [
+      "master"
+    ],
+    "plugins": [
+      [
+        "@semantic-release/commit-analyzer",
+        {
+          "preset": "conventionalcommits",
+          "releaseRules": [
+            {
+              "breaking": true,
+              "release": "major"
+            },
+            {
+              "revert": true,
+              "release": "patch"
+            },
+            {
+              "type": "feat",
+              "release": "minor"
+            },
+            {
+              "type": "fix",
+              "release": "patch"
+            },
+            {
+              "type": "chore",
+              "release": "patch"
+            },
+            {
+              "type": "docs",
+              "release": "patch"
+            },
+            {
+              "type": "test",
+              "release": "patch"
+            },
+            {
+              "scope": "no-release",
+              "release": false
+            }
+          ]
+        }
+      ],
+      [
+        "@semantic-release/release-notes-generator",
+        {
+          "preset": "conventionalcommits",
+          "presetConfig": {
+            "types": [
+              {
+                "type": "feat",
+                "section": "Features"
+              },
+              {
+                "type": "fix",
+                "section": "Bug Fixes"
+              },
+              {
+                "type": "chore",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "docs",
+                "section": "Trivial Changes"
+              },
+              {
+                "type": "test",
+                "section": "Tests"
+              }
+            ]
+          }
+        }
+      ],
+      "@semantic-release/changelog",
+      "@semantic-release/npm",
+      "@semantic-release/github",
+      "@semantic-release/git"
+    ]
   }
 }

package/test.js

@@ -1,15 +1,15 @@
-const test = require('tape')
-const crypto = require('crypto')
-const handler = require('./')
-const through2 = require('through2')
-const series = require('run-series')
+import { test } from 'node:test'
+import assert from 'node:assert'
+import crypto from 'node:crypto'
+import { PassThrough } from 'node:stream'
+import handler from './github-webhook-handler.js'
 
 function signBlob (key, blob) {
   return `sha1=${crypto.createHmac('sha1', key).update(blob).digest('hex')}`
 }
 
 function mkReq (url, method) {
-  const req = through2()
+  const req = new PassThrough()
   req.method = method || 'POST'
   req.url = url
   req.headers = {
@@ -22,116 +22,102 @@ function mkReq (url, method) {
 
 function mkRes () {
   const res = {
-    writeHead: function (statusCode, headers) {
+    writeHead (statusCode, headers) {
       res.$statusCode = statusCode
       res.$headers = headers
     },
-
-    end: function (content) {
+    end (content) {
       res.$end = content
     }
   }
-
   return res
 }
 
-test('handler without full options throws', (t) => {
-  t.plan(4)
-
-  t.equal(typeof handler, 'function', 'handler exports a function')
-
-  t.throws(handler, /must provide an options object/, 'throws if no options')
-
-  t.throws(handler.bind(null, {}), /must provide a 'path' option/, 'throws if no path option')
-
-  t.throws(handler.bind(null, { path: '/' }), /must provide a 'secret' option/, 'throws if no secret option')
+test('handler without full options throws', () => {
+  assert.strictEqual(typeof handler, 'function', 'handler exports a function')
+  assert.throws(() => handler(), /must provide an options object/, 'throws if no options')
+  assert.throws(() => handler({}), /must provide a 'path' option/, 'throws if no path option')
+  assert.throws(() => handler({ path: '/' }), /must provide a 'secret' option/, 'throws if no secret option')
 })
 
-test('handler without full options throws in array', (t) => {
-  t.plan(2)
-
-  t.throws(handler.bind(null, [{}]), /must provide a 'path' option/, 'throws if no path option')
-
-  t.throws(handler.bind(null, [{ path: '/' }]), /must provide a 'secret' option/, 'throws if no secret option')
+test('handler without full options throws in array', () => {
+  assert.throws(() => handler([{}]), /must provide a 'path' option/, 'throws if no path option')
+  assert.throws(() => handler([{ path: '/' }]), /must provide a 'secret' option/, 'throws if no secret option')
 })
 
-test('handler ignores invalid urls', (t) => {
+test('handler ignores invalid urls', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(6)
-
-  h(mkReq('/'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  // near match
-  h(mkReq('/some/url/'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url/'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  // partial match
-  h(mkReq('/some'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 })
 
-test('handler ingores non-POST requests', (t) => {
+test('handler ignores non-POST requests', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(4)
-
-  h(mkReq('/some/url', 'GET'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url', 'GET'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 
-  h(mkReq('/some/url?test=param', 'GET'), mkRes(), (err) => {
-    t.error(err)
-    t.ok(true, 'request was ignored')
+  await new Promise((resolve) => {
+    h(mkReq('/some/url?test=param', 'GET'), mkRes(), (err) => {
+      assert.ifError(err)
+      resolve()
+    })
   })
 })
 
-test('handler accepts valid urls', (t) => {
+test('handler accepts valid urls', async () => {
   const options = { path: '/some/url', secret: 'bogus' }
   const h = handler(options)
 
-  t.plan(1)
-
-  h(mkReq('/some/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
+  let callbackCalled = false
+  h(mkReq('/some/url'), mkRes(), () => {
+    callbackCalled = true
   })
 
-  setTimeout(t.ok.bind(t, true, 'done'))
+  await new Promise((resolve) => setTimeout(resolve, 10))
+  assert.strictEqual(callbackCalled, false, 'callback should not be called for valid POST')
 })
 
-test('handler accepts valid urls in Array', (t) => {
+test('handler accepts valid urls in Array', async () => {
   const options = [{ path: '/some/url', secret: 'bogus' }, { path: '/someOther/url', secret: 'bogus' }]
   const h = handler(options)
 
-  t.plan(1)
-
-  h(mkReq('/some/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
-  })
-
-  h(mkReq('/someOther/url'), mkRes(), (err) => {
-    t.error(err)
-    t.fail(false, 'should not call')
-  })
+  let callbackCalled = false
+  h(mkReq('/some/url'), mkRes(), () => { callbackCalled = true })
+  h(mkReq('/someOther/url'), mkRes(), () => { callbackCalled = true })
 
-  setTimeout(t.ok.bind(t, true, 'done'))
+  await new Promise((resolve) => setTimeout(resolve, 10))
+  assert.strictEqual(callbackCalled, false, 'callback should not be called for valid POSTs')
 })
 
-test('handler can reject events', (t) => {
+test('handler can reject events', async () => {
   const acceptableEvents = {
-    undefined: undefined,
+    undefined,
     'a string equal to the event': 'bogus',
     'a string equal to *': '*',
     'an array containing the event': ['bogus'],
@@ -141,74 +127,55 @@ test('handler can reject events', (t) => {
     'a string not equal to the event or *': 'not-bogus',
     'an array not containing the event or *': ['not-bogus']
   }
-  const acceptable = Object.keys(acceptableEvents)
-  const unacceptable = Object.keys(unacceptableEvents)
-  const acceptableTests = acceptable.map((events) => {
-    return acceptableReq.bind(null, events)
-  })
-  const unacceptableTests = unacceptable.map((events) => {
-    return unacceptableReq.bind(null, events)
-  })
-
-  t.plan(acceptable.length + unacceptable.length)
-  series(acceptableTests.concat(unacceptableTests))
 
-  function acceptableReq (events, callback) {
+  for (const [desc, events] of Object.entries(acceptableEvents)) {
     const h = handler({
       path: '/some/url',
       secret: 'bogus',
-      events: acceptableEvents[events]
+      events
     })
 
-    h(mkReq('/some/url'), mkRes(), (err) => {
-      t.error(err)
-      t.fail(false, 'should not call')
-    })
+    let callbackCalled = false
+    h(mkReq('/some/url'), mkRes(), () => { callbackCalled = true })
 
-    setTimeout(() => {
-      t.ok(true, 'accepted because options.events was ' + events)
-      callback()
-    })
+    await new Promise((resolve) => setTimeout(resolve, 10))
+    assert.strictEqual(callbackCalled, false, `accepted because options.events was ${desc}`)
   }
 
-  function unacceptableReq (events, callback) {
+  for (const [desc, events] of Object.entries(unacceptableEvents)) {
     const h = handler({
       path: '/some/url',
       secret: 'bogus',
-      events: unacceptableEvents[events]
+      events
     })
 
     h.on('error', () => {})
 
-    h(mkReq('/some/url'), mkRes(), (err) => {
-      t.ok(err, 'rejected because options.events was ' + events)
-      callback()
+    await new Promise((resolve) => {
+      h(mkReq('/some/url'), mkRes(), (err) => {
+        assert.ok(err, `rejected because options.events was ${desc}`)
+        resolve()
+      })
     })
   }
 })
 
-// because we don't inherit in a traditional way
-test('handler is an EventEmitter', (t) => {
-  t.plan(5)
-
+test('handler is an EventEmitter', () => {
   const h = handler({ path: '/', secret: 'bogus' })
 
-  t.equal(typeof h.on, 'function', 'has h.on()')
-  t.equal(typeof h.emit, 'function', 'has h.emit()')
-  t.equal(typeof h.removeListener, 'function', 'has h.removeListener()')
-
-  h.on('ping', (pong) => {
-    t.equal(pong, 'pong', 'got event')
-  })
+  assert.strictEqual(typeof h.on, 'function', 'has h.on()')
+  assert.strictEqual(typeof h.emit, 'function', 'has h.emit()')
+  assert.strictEqual(typeof h.removeListener, 'function', 'has h.removeListener()')
 
+  let received
+  h.on('ping', (pong) => { received = pong })
   h.emit('ping', 'pong')
+  assert.strictEqual(received, 'pong', 'got event')
 
-  t.throws(h.emit.bind(h, 'error', new Error('threw an error')), /threw an error/, 'acts like an EE')
+  assert.throws(() => h.emit('error', new Error('threw an error')), /threw an error/, 'acts like an EE')
 })
 
-test('handler accepts a signed blob', (t) => {
-  t.plan(4)
-
+test('handler accepts a signed blob', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -218,54 +185,69 @@ test('handler accepts a signed blob', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'push'
 
-  h.on('push', (event) => {
-    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  const eventPromise = new Promise((resolve) => {
+    h.on('push', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'push',
+        id: 'bogus',
+        payload: obj,
+        url: '/',
+        host: undefined,
+        protocol: undefined,
+        path: '/'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler accepts multi blob in Array', (t) => {
-  t.plan(4)
-
+test('handler accepts multi blob in Array', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler([{ path: '/', secret: 'bogus' }, { path: '/some/url', secret: 'bogus' }])
   const req = mkReq('/some/url')
   const res = mkRes()
+
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'push'
 
-  h.on('push', (event) => {
-    t.deepEqual(event, { event: 'push', id: 'bogus', payload: obj, url: '/some/url', host: undefined, protocol: undefined, path: '/some/url' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  const eventPromise = new Promise((resolve) => {
+    h.on('push', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'push',
+        id: 'bogus',
+        payload: obj,
+        url: '/some/url',
+        host: undefined,
+        protocol: undefined,
+        path: '/some/url'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler accepts a signed blob with alt event', (t) => {
-  t.plan(4)
-
+test('handler accepts a signed blob with alt event', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -275,30 +257,35 @@ test('handler accepts a signed blob with alt event', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'issue'
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
-
-  h.on('issue', (event) => {
-    t.deepEqual(event, { event: 'issue', id: 'bogus', payload: obj, url: '/', host: undefined, protocol: undefined, path: '/' })
-    t.equal(res.$statusCode, 200, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"ok":true}', 'got correct content')
+  h.on('push', () => assert.fail('should not get here'))
+
+  const eventPromise = new Promise((resolve) => {
+    h.on('issue', (event) => {
+      assert.deepStrictEqual(event, {
+        event: 'issue',
+        id: 'bogus',
+        payload: obj,
+        url: '/',
+        host: undefined,
+        protocol: undefined,
+        path: '/'
+      })
+      assert.strictEqual(res.$statusCode, 200, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"ok":true}', 'got correct content')
+      resolve()
+    })
   })
 
-  h(req, res, (err) => {
-    t.error(err)
-    t.fail(true, 'should not get here!')
+  h(req, res, () => {
+    assert.fail('should not get here')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await eventPromise
 })
 
-test('handler rejects a badly signed blob', (t) => {
-  t.plan(6)
-
+test('handler rejects a badly signed blob', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -306,33 +293,30 @@ test('handler rejects a badly signed blob', (t) => {
   const res = mkRes()
 
   req.headers['x-hub-signature'] = signBlob('bogus', json)
-  // break signage by a tiny bit
   req.headers['x-hub-signature'] = '0' + req.headers['x-hub-signature'].substring(1)
 
-  h.on('error', (err, _req) => {
-    t.ok(err, 'got an error')
-    t.strictEqual(_req, req, 'was given original request object')
-    t.equal(res.$statusCode, 400, 'correct status code')
-    t.deepEqual(res.$headers, { 'content-type': 'application/json' })
-    t.equal(res.$end, '{"error":"X-Hub-Signature does not match blob signature"}', 'got correct content')
+  const errorPromise = new Promise((resolve) => {
+    h.on('error', (err, _req) => {
+      assert.ok(err, 'got an error')
+      assert.strictEqual(_req, req, 'was given original request object')
+      assert.strictEqual(res.$statusCode, 400, 'correct status code')
+      assert.deepStrictEqual(res.$headers, { 'content-type': 'application/json' })
+      assert.strictEqual(res.$end, '{"error":"X-Hub-Signature does not match blob signature"}', 'got correct content')
+      resolve()
+    })
   })
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
+  h.on('push', () => assert.fail('should not get here'))
 
   h(req, res, (err) => {
-    t.ok(err, 'got error on callback')
+    assert.ok(err, 'got error on callback')
   })
 
-  process.nextTick(() => {
-    req.end(json)
-  })
+  process.nextTick(() => req.end(json))
+  await errorPromise
 })
 
-test('handler responds on a bl error', (t) => {
-  t.plan(4)
-
+test('handler responds on a stream error', async () => {
   const obj = { some: 'github', object: 'with', properties: true }
   const json = JSON.stringify(obj)
   const h = handler({ path: '/', secret: 'bogus' })
@@ -342,29 +326,25 @@ test('handler responds on a bl error', (t) => {
   req.headers['x-hub-signature'] = signBlob('bogus', json)
   req.headers['x-github-event'] = 'issue'
 
-  h.on('push', (event) => {
-    t.fail(true, 'should not get here!')
-  })
-
-  h.on('issue', (event) => {
-    t.fail(true, 'should never get here!')
-  })
+  h.on('push', () => assert.fail('should not get here'))
+  h.on('issue', () => assert.fail('should never get here'))
 
-  h.on('error', (err) => {
-    t.ok(err, 'got an error')
-    t.equal(res.$statusCode, 400, 'correct status code')
+  const errorPromise = new Promise((resolve) => {
+    h.on('error', (err) => {
+      assert.ok(err, 'got an error')
+      assert.strictEqual(res.$statusCode, 400, 'correct status code')
+      resolve()
+    })
   })
 
   h(req, res, (err) => {
-    t.ok(err)
+    assert.ok(err)
   })
 
-  res.end = () => {
-    t.equal(res.$statusCode, 400, 'correct status code')
-  }
-
   req.write('{')
   process.nextTick(() => {
-    req.emit('error', new Error('simulated explosion'))
+    req.destroy(new Error('simulated explosion'))
   })
+
+  await errorPromise
 })

package/tsconfig.json

@@ -0,0 +1,37 @@
+{
+  "compilerOptions": {
+    "allowJs": true,
+    "checkJs": true,
+    "forceConsistentCasingInFileNames": true,
+    "noImplicitReturns": false,
+    "noImplicitAny": true,
+    "noImplicitThis": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "strictFunctionTypes": false,
+    "strictNullChecks": true,
+    "strictPropertyInitialization": true,
+    "strictBindCallApply": true,
+    "strict": true,
+    "alwaysStrict": true,
+    "esModuleInterop": true,
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "declaration": true,
+    "declarationMap": true,
+    "outDir": "types",
+    "skipLibCheck": true,
+    "stripInternal": true,
+    "resolveJsonModule": true,
+    "baseUrl": ".",
+    "emitDeclarationOnly": true,
+    "paths": {
+      "github-webhook-handler": ["github-webhook-handler.js"]
+    }
+  },
+  "include": ["github-webhook-handler.js"],
+  "exclude": ["node_modules"],
+  "compileOnSave": false
+}

package/types/github-webhook-handler.d.ts

@@ -0,0 +1,47 @@
+export default create;
+export type CreateHandlerOptions = {
+    path: string;
+    secret: string;
+    events?: string | string[] | undefined;
+};
+export type WebhookEvent = {
+    /**
+     * - The event type (e.g. 'push', 'issues')
+     */
+    event: string;
+    /**
+     * - The delivery ID from X-Github-Delivery header
+     */
+    id: string;
+    /**
+     * - The parsed JSON payload
+     */
+    payload: any;
+    /**
+     * - The request protocol
+     */
+    protocol?: string | undefined;
+    /**
+     * - The request host header
+     */
+    host?: string | undefined;
+    /**
+     * - The request URL
+     */
+    url: string;
+    /**
+     * - The matched handler path
+     */
+    path: string;
+};
+/**
+ * @param {CreateHandlerOptions | CreateHandlerOptions[]} initOptions
+ * @returns {EventEmitter & {(req: import('node:http').IncomingMessage, res: import('node:http').ServerResponse, callback: (err?: Error) => void): void, sign(data: string | Buffer): string, verify(signature: string, data: string | Buffer): boolean}}
+ */
+declare function create(initOptions: CreateHandlerOptions | CreateHandlerOptions[]): EventEmitter & {
+    (req: import("node:http").IncomingMessage, res: import("node:http").ServerResponse, callback: (err?: Error) => void): void;
+    sign(data: string | Buffer): string;
+    verify(signature: string, data: string | Buffer): boolean;
+};
+import { EventEmitter } from 'node:events';
+//# sourceMappingURL=github-webhook-handler.d.ts.map

package/types/github-webhook-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-webhook-handler.d.ts","sourceRoot":"","sources":["../github-webhook-handler.js"],"names":[],"mappings":";;UAMc,MAAM;YACN,MAAM;;;;;;;WAMN,MAAM;;;;QACN,MAAM;;;;aACN,GAAG;;;;;;;;;;;;SAGH,MAAM;;;;UACN,MAAM;;AAwCpB;;;GAGG;AACH,qCAHW,oBAAoB,GAAG,oBAAoB,EAAE,GAC3C,YAAY,GAAG;IAAC,CAAC,GAAG,EAAE,OAAO,WAAW,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI,CAAC;IAAC,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAA;CAAC,CAyIvP;6BAtM4B,aAAa"}

package/types/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../github-webhook-handler.js"],"version":"5.9.3"}

package/.travis.yml

@@ -1,14 +0,0 @@
-sudo: false
-language: node_js
-node_js:
-  - 8
-  - 10
-  - 12
-  - lts/*
-  - current
-branches:
-  only:
-    - master
-notifications:
-  email:
-    - rod@vagg.org

package/github-webhook-handler.d.ts

@@ -1,18 +0,0 @@
-///<reference types="node" />
-
-import { IncomingMessage, ServerResponse } from "http";
-import { EventEmitter } from "events";
-
-interface CreateHandlerOptions {
-    path: string;
-    secret: string;
-    events?: string | string[];
-}
-
-interface handler extends EventEmitter {
-    (req: IncomingMessage, res: ServerResponse, callback: (err: Error) => void): void;
-}
-
-declare function createHandler(options: CreateHandlerOptions|CreateHandlerOptions[]): handler;
-
-export = createHandler;