npm - node-opcua-pki - Versions diffs - 6.3.0 → 6.5.0 - Mend

node-opcua-pki 6.3.0 → 6.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/bin/pki.ts +1 -1
package/dist/bin/install_prerequisite.mjs +1 -1
package/dist/bin/pki.mjs +3425 -3
package/dist/bin/pki.mjs.map +1 -1
package/dist/{chunk-VXGTT7QM.mjs → chunk-GCHH54PS.mjs} +9 -1
package/dist/{chunk-VXGTT7QM.mjs.map → chunk-GCHH54PS.mjs.map} +1 -1
package/dist/index.d.mts +507 -68
package/dist/index.d.ts +507 -68
package/dist/index.js +662 -1244
package/dist/index.js.map +1 -1
package/dist/index.mjs +713 -1296
package/dist/index.mjs.map +1 -1
package/package.json +3 -3
package/readme.md +23 -7

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "node-opcua-pki",
-    "version": "6.3.0",
+    "version": "6.5.0",
     "description": "PKI management for node-opcua",
     "type": "commonjs",
     "main": "./dist/index.js",
@@ -44,10 +44,10 @@
         "chokidar": "4.0.3",
         "command-line-args": "^6.0.1",
         "command-line-usage": "^7.0.3",
-        "node-opcua-crypto": "5.1.0",
+        "node-opcua-crypto": "5.2.0",
         "progress": "^2.0.3",
         "wget-improved-2": "^3.3.0",
         "yauzl": "^3.2.0"
     },
-    "gitHead": "b923adbc2c9bb43588035562a28be7ad51b20196"
+    "gitHead": "1ca27a313de057145601f25385fd6522dbcf9621"
 }

package/readme.md CHANGED Viewed

@@ -213,13 +213,15 @@ await cm.createSelfSignedCertificate({
 #### Certificate Trust
-| Method                                 | Description                                                                                |
-| -------------------------------------- | ------------------------------------------------------------------------------------------ |
-| `trustCertificate(cert)`               | Add a certificate to the trusted store                                                     |
-| `rejectCertificate(cert)`              | Move a certificate to the rejected store                                                   |
-| `getCertificateStatus(cert)`           | Returns `"trusted"`, `"rejected"`, or `"unknown"`                                          |
-| `removeTrustedCertificate(thumbprint)` | Remove a trusted certificate by SHA-1 thumbprint. Returns the certificate buffer or `null` |
-| `verifyCertificate(cert, options?)`    | Full certificate chain validation                                                          |
+| Method                                          | Description                                                                                |
+| ----------------------------------------------- | ------------------------------------------------------------------------------------------ |
+| `trustCertificate(cert)`                        | Add a certificate to the trusted store                                                     |
+| `rejectCertificate(cert)`                       | Move a certificate to the rejected store                                                   |
+| `verifyCertificate(cert, options?)`             | Full certificate chain validation                                                          |
+| `removeTrustedCertificate(thumbprint)`          | Remove a trusted certificate by SHA-1 thumbprint. Returns the certificate buffer or `null` |
+| `addTrustedCertificateFromChain(certChain)`     | Validate and trust the leaf certificate from a DER chain                                   |
+| `isIssuerInUseByTrustedCertificate(issuerCert)` | Check if any trusted cert was signed by this issuer                                        |
+| `reloadCertificates()`                          | Force a full re-scan of all PKI folders                                                    |
 #### Issuer (CA) Certificates
@@ -250,6 +252,20 @@ await cm.createSelfSignedCertificate({
 | `issuersCrlFolder`  | `{location}/issuers/crl`   |
 | `rootDir`           | `{location}`               |
+### File Watching
+`CertificateManager` uses [chokidar](https://github.com/paulmillr/chokidar) to watch the PKI folders for changes. By default, it uses **native OS events** (inotify, FSEvents, ReadDirectoryChangesW) for near-real-time detection.
+If the PKI folders are on a network file system (NFS, CIFS) or inside a Docker volume where native events don't propagate, set the environment variable:
+```bash
+OPCUA_PKI_USE_POLLING=true
+```
+This falls back to filesystem polling, which is slower but works on all file systems.
+> **Note:** If external processes modify the PKI folders directly (e.g., CLI tools, OPC UA `WriteTrustList`), call `reloadCertificates()` to force an immediate re-scan of the folder state.
 ## References
 - [OPC Foundation GDS File Store](https://reference.opcfoundation.org/GDS/docs/F.1/)