Adding info for JS client. (#343)

* Adding info for JS client. Signed-off-by: hayleycd <[email protected]> * Addressing linter comments. Signed-off-by: hayleycd <[email protected]> * Addressing linter comments. Signed-off-by: hayleycd <[email protected]> * Adding link to further information. Signed-off-by: hayleycd <[email protected]> * bringing titles in line with the python pr. Signed-off-by: hayleycd <[email protected]> * Addressing comments. Signed-off-by: hayleycd <[email protected]> --------- Signed-off-by: hayleycd <[email protected]>
sigstore · Nov 8, 2024 · 8406c1d · 8406c1d
1 parent cb7a54b
commit 8406c1d
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 2 deletions.
diff --git a/content/en/language_clients/javascript/_index.html b/content/en/language_clients/javascript/_index.html
@@ -0,0 +1,11 @@
+---
+type: docs
+title: "JavaScript"
+description: "JavaScript Language Client"
+lead: "JavaScript Language Client"
+date: 2024-10-06T08:49:15+00:00
+lastmod: 2024-10-06T08:49:15+00:00
+draft: false
+images: []
+weight: 40
+---
diff --git a/content/en/language_clients/javascript/overview.md b/content/en/language_clients/javascript/overview.md
@@ -0,0 +1,71 @@
+---
+type: docs
+category: JavaScript
+title: JavaScript Client Overview
+weight: 5
+---
+
+[sigstore-js](https://github.com/sigstore/sigstore-js) is a collection of [javascript libraries](#additional-packages) for interacting with Sigstore.
+
+The main package,[`sigstore`](https://www.npmjs.com/package/sigstore), is a JavaScript library for generating and verifying Sigstore signatures. One of the intended uses is to sign and verify npm packages but it can be used to sign and verify any file.
+
+Full project documentation can be found in the [sigstore-js](https://github.com/sigstore/sigstore-js#sigstore-js---) project README and in each [package README](https://github.com/sigstore/sigstore-js/tree/main/packages).
+
+## Features
+
+- Support for signing using an OpenID Connect identity
+- Support for publishing signatures to a [Rekor](../../logging/overview/) instance
+- Support for verifying Sigstore bundles
+
+## Installation
+
+[`sigstore`](https://www.npmjs.com/package/sigstore) requires Node.js version >= 18.17.0.
+
+To install `sigstore` run the following command:
+
+```console
+npm install sigstore
+```
+
+## Example
+
+ To use `sigstore`, import the following into your project using the following:
+
+ ```console
+ const { sign, verify } = require('sigstore');
+ ```
+
+ ```console
+ import { sign, verify } from 'sigstore';
+ ```
+
+### Signing example
+
+ ```console
+ const bundle = await sign(Buffer.from('hello world'));
+```
+
+ There are a number of optional arguments that can be used with the sign function. Additional information is available in the [project repository](https://github.com/sigstore/sigstore-js/tree/main/packages/client#signpayload-options).
+
+ The sign function will return a JSON-encoded Sigstore bundle which includes the signature and the necessary verification material.
+
+### Verifying example
+
+The following function will verify the previously signed message:
+
+```console
+verify(bundle, Buffer.from('hello world'), { certificateIssuer: 'https://token.actions.githubusercontent.com/' });
+```
+
+More information on optional arguments can be found in the [project documentation](https://github.com/sigstore/sigstore-js/tree/main/packages/client#verifybundle-payload-options)
+
+## Additional Packages
+
+The [sigstore-js](https://github.com/sigstore/sigstore-js) project includes additional functionality through its scoped packages.
+
+- [`@sigstore/bundle`](https://www.npmjs.com/package/@sigstore/bundle) - TypeScript types and utility functions for working with Sigstore bundles.
+- [`@sigstore/cli`](https://www.npmjs.com/package/@sigstore/cli) - Command line interface for signing/verifying artifacts with Sigstore.
+- [`@sigstore/sign`](https://www.npmjs.com/package/@sigstore/sign) - Library for generating Sigstore signatures.
+- [`@sigstore/tuf`](https://www.npmjs.com/package/@sigstore/tuf) - Library for interacting with the Sigstore TUF repository.
+- [`@sigstore/rekor-types`](https://www.npmjs.com/package/@sigstore/rekor-types) - TypeScript types for the Sigstore Rekor REST API.
+- [`@sigstore/mock`](https://www.npmjs.com/package/@sigstore/mock) - Mocking library for Sigstore services.
diff --git a/content/en/language_clients/language_client_overview.md b/content/en/language_clients/language_client_overview.md
@@ -9,11 +9,12 @@ Sigstore uses [cosign](../../cosign/signing/overview) to sign and verify package
 
 Sigstore has clients for the following language ecosystems:
 
+- [Go](../go/overview)
+- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
+- [JavaScript](../javascript/overview)
 - [Python](../python/overview)
 - [Rust](https://github.com/sigstore/sigstore-rs#features)
 - [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore)
-- [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---)
 - [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
-- [Go](../go/overview)
 
 Language client documentation is hosted in the individual project repositories. Project summaries are currently being added to the main Sigstore documentation.