Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding info for JS client. #343

Merged
merged 7 commits into from
Nov 8, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions content/en/language_clients/javascript/_index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
type: docs
title: "JavaScript"
description: "JavaScript Language Client"
lead: "JavaScript Language Client"
date: 2024-10-06T08:49:15+00:00
lastmod: 2024-10-06T08:49:15+00:00
draft: false
images: []
weight: 40
---
71 changes: 71 additions & 0 deletions content/en/language_clients/javascript/overview.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
---
type: docs
category: JavaScript
title: JavaScript Client Overview
weight: 5
---

[sigstore-js](https://github.com/sigstore/sigstore-js) is a collection of [javascript libraries](#additional-packages) for interacting with Sigstore.

The main package,[`sigstore`](https://www.npmjs.com/package/sigstore), is a JavaScript library for generating and verifying Sigstore signatures. One of the intended uses is to sign and verify npm packages but it can be used to sign and verify any file.

Full project documentation can be found in the [sigstore-js](https://github.com/sigstore/sigstore-js#sigstore-js---) project README and in each [package README](https://github.com/sigstore/sigstore-js/tree/main/packages).

## Features

- Support for signing using an OpenID Connect identity
- Support for publishing signatures to a [Rekor](../../logging/overview/) instance
- Support for verifying Sigstore bundles

## Installation

[`sigstore`](https://www.npmjs.com/package/sigstore) requires Node.js version >= 18.17.0.

To install `sigstore` run the following command:

```console
npm install sigstore
```

## Example

To use `sigstore`, import the following into your project using the following:

```console
const { sign, verify } = require('sigstore');
```

```console
import { sign, verify } from 'sigstore';
```

### Signing example

```console
const bundle = await sign(Buffer.from('hello world'));
```

There are a number of optional arguments that can be used with the sign function. Additional information is available in the [project repository](https://github.com/sigstore/sigstore-js/tree/main/packages/client#signpayload-options).

The sign function will return a JSON-encoded Sigstore bundle which includes the signature and the necessary verification material.

### Verifying example

The following function will verify the previously signed message:

```console
verify(bundle, Buffer.from('hello world'), { certificateIssuer: 'https://token.actions.githubusercontent.com/' });
```

More information on optional arguments can be found in the [project documentation](https://github.com/sigstore/sigstore-js/tree/main/packages/client#verifybundle-payload-options)

## Additional Packages

The [sigstore-js](https://github.com/sigstore/sigstore-js) project includes additional functionality through its scoped packages.

- [`@sigstore/bundle`](https://www.npmjs.com/package/@sigstore/bundle) - TypeScript types and utility functions for working with Sigstore bundles.
- [`@sigstore/cli`](https://www.npmjs.com/package/@sigstore/cli) - Command line interface for signing/verifying artifacts with Sigstore.
- [`@sigstore/sign`](https://www.npmjs.com/package/@sigstore/sign) - Library for generating Sigstore signatures.
- [`@sigstore/tuf`](https://www.npmjs.com/package/@sigstore/tuf) - Library for interacting with the Sigstore TUF repository.
- [`@sigstore/rekor-types`](https://www.npmjs.com/package/@sigstore/rekor-types) - TypeScript types for the Sigstore Rekor REST API.
- [`@sigstore/mock`](https://www.npmjs.com/package/@sigstore/mock) - Mocking library for Sigstore services.
5 changes: 3 additions & 2 deletions content/en/language_clients/language_client_overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,12 @@ Sigstore uses [cosign](../../cosign/signing/overview) to sign and verify package

Sigstore has clients for the following language ecosystems:

- [Go](https://github.com/sigstore/sigstore-go#sigstore-go)
- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
- [JavaScript](../javascript/overview)
- [Python](../python/overview)
- [Rust](https://github.com/sigstore/sigstore-rs#features)
- [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore)
- [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---)
- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
- [Go](https://github.com/sigstore/sigstore-go#sigstore-go)

Language client documentation is hosted in the individual project repositories. Project summaries are currently being added to the main Sigstore documentation.
Loading