{"_id":"@sigstore/tuf","_rev":"291835","name":"@sigstore/tuf","description":"Client for the Sigstore TUF repository","dist-tags":{"latest":"2.2.0"},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"time":{"modified":"2023-10-06T06:37:29.000Z","created":"2023-06-06T15:15:03.416Z","2.2.0":"2023-09-08T17:20:34.664Z","2.1.0":"2023-08-29T15:40:24.007Z","2.0.0":"2023-08-18T16:05:36.195Z","1.0.3":"2023-07-19T16:10:34.914Z","1.0.2":"2023-06-30T17:14:57.848Z","1.0.1":"2023-06-30T16:36:29.939Z","1.0.0":"2023-06-06T15:15:03.416Z"},"users":{},"author":{"name":"bdehamer@github.com"},"repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"versions":{"2.2.0":{"name":"@sigstore/tuf","version":"2.2.0","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^2.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.2.1","tuf-js":"^2.1.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/tuf@2.2.0","gitHead":"acdffd6e4acd448ea9a8a96dddfd2a3c31060691","_nodeVersion":"18.17.0","_npmVersion":"10.0.0","dist":{"shasum":"ef636239687e41af3f2ce10667ab88f5ca6165b3","size":10274,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-2.2.0.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-2.2.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_2.2.0_1694193634496_0.5828924383306959"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-09-08T17:20:34.664Z","publish_time":1694193634664,"_source_registry_name":"default","_cnpm_publish_time":1694193634664},"2.1.0":{"name":"@sigstore/tuf","version":"2.1.0","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^2.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.2.1","tuf-js":"^2.1.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/tuf@2.1.0","gitHead":"26d16513386ffaa790b1c32f927544f1322e4194","_nodeVersion":"16.20.2","_npmVersion":"9.8.1","dist":{"shasum":"8bf99444e431ba36198d8f742296b48170dcb486","size":10086,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-2.1.0.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-2.1.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_2.1.0_1693323623737_0.24378298856085845"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-08-29T15:40:24.007Z","publish_time":1693323624007,"_source_registry_name":"default","_cnpm_publish_time":1693323624007},"2.0.0":{"name":"@sigstore/tuf","version":"2.0.0","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^2.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.2.1","tuf-js":"^2.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/tuf@2.0.0","gitHead":"f0b49a04e5a62250e0f60fb128004a73110fe311","_nodeVersion":"16.20.2","_npmVersion":"9.8.1","dist":{"shasum":"e459ec51bd5c01319b7e2f66ddfe446d42964a56","size":10085,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-2.0.0.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-2.0.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_2.0.0_1692374736026_0.26284016174182856"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-08-18T16:05:36.195Z","publish_time":1692374736195,"_source_registry_name":"default","_cnpm_publish_time":1692374736195},"1.0.3":{"name":"@sigstore/tuf","version":"1.0.3","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^1.1.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.2.0","tuf-js":"^1.1.7"},"engines":{"node":"^14.17.0 || ^16.13.0 || >=18.0.0"},"_id":"@sigstore/tuf@1.0.3","gitHead":"8d69554570934c3f82fad8eda929ec36f5d12262","_nodeVersion":"16.20.1","_npmVersion":"9.8.0","dist":{"shasum":"2a65986772ede996485728f027b0514c0b70b160","size":10226,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-1.0.3.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-1.0.3.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_1.0.3_1689783034656_0.19310064849884645"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-07-19T16:10:34.914Z","publish_time":1689783034914,"_source_registry_name":"default","_cnpm_publish_time":1689783034914},"1.0.2":{"name":"@sigstore/tuf","version":"1.0.2","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^1.1.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.1.0","tuf-js":"^1.1.7"},"engines":{"node":"^14.17.0 || ^16.13.0 || >=18.0.0"},"gitHead":"6bdd44094f1ac4697d01d70861cd1fb672985fec","_id":"@sigstore/tuf@1.0.2","_nodeVersion":"16.20.1","_npmVersion":"9.7.2","dist":{"shasum":"acbb2c8399fb03aca0c90fa1dc1934bda4160623","size":10225,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-1.0.2.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-1.0.2.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_1.0.2_1688145297524_0.0821325858261086"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-06-30T17:14:57.848Z","publish_time":1688145297848,"_source_registry_name":"default","_cnpm_publish_time":1688145297848},"1.0.1":{"name":"@sigstore/tuf","version":"1.0.1","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@tufjs/repo-mock":"^1.1.0"},"dependencies":{"@sigstore/protobuf-specs":"^0.1.0","@types/make-fetch-happen":"^10.0.0","tuf-js":"^1.1.7"},"engines":{"node":"^14.17.0 || ^16.13.0 || >=18.0.0"},"gitHead":"ebdcfdfbdfeb9c9aeee6df53674ef230613629f5","_id":"@sigstore/tuf@1.0.1","_nodeVersion":"16.20.1","_npmVersion":"9.7.2","dist":{"shasum":"45a6d14713d98013d970394791a9999e7dc9edeb","size":10228,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-1.0.1.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-1.0.1.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_1.0.1_1688142989714_0.4801663628811663"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-06-30T16:36:29.939Z","publish_time":1688142989939,"_source_registry_name":"default","_cnpm_publish_time":1688142989939},"1.0.0":{"name":"@sigstore/tuf","version":"1.0.0","description":"Client for the Sigstore TUF repository","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","publishConfig":{"provenance":true},"devDependencies":{"@total-typescript/shoehorn":"^0.1.0","@tufjs/repo-mock":"^1.1.0","@types/node":"^20.2.5","nock":"^13.2.4","shx":"^0.3.3","typescript":"^5.1.3"},"dependencies":{"@sigstore/protobuf-specs":"^0.1.0","tuf-js":"^1.1.3","make-fetch-happen":"^11.0.1"},"engines":{"node":"^14.17.0 || ^16.13.0 || >=18.0.0"},"gitHead":"c78bc0f6d2e257e0e6c603ebb6fa67ff1d52a53b","_id":"@sigstore/tuf@1.0.0","_nodeVersion":"16.20.0","_npmVersion":"9.6.7","dist":{"shasum":"13b69323e7bf8de458cd6c952c57acd1169772a5","size":10279,"noattachment":false,"key":"/@sigstore/tuf/-/@sigstore/tuf-1.0.0.tgz","tarball":"http://name.csiicloud.com:7001/@sigstore/tuf/download/@sigstore/tuf-1.0.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""},{"name":"mylesborins","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tuf_1.0.0_1686064503179_0.5176801593888163"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-06-06T15:15:03.416Z","publish_time":1686064503416,"_source_registry_name":"default","_cnpm_publish_time":1686064503416}},"readme":"# @sigstore/tuf &middot; [![npm version](https://img.shields.io/npm/v/@sigstore/tuf.svg?style=flat)](https://www.npmjs.com/package/@sigstore/tuf) [![CI Status](https://github.com/sigstore/sigstore-js/workflows/CI/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/ci.yml) [![Smoke Test Status](https://github.com/sigstore/sigstore-js/workflows/smoke-test/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml)\n\nA JavaScript library for securely retrieving targets from the Sigstore [TUF][1]\nrepository.\n\n## Features\n\n- Embeds the trutsted root metadata file necessary to bootstrap interaction\n  with the Sigstore TUF repository.\n- Automatically initializes the local TUF cache for storing metadata and\n  target files.\n\n## Prerequisites\n\n- Node.js version >= 14.17.0\n\n## Installation\n\n```\nnpm install @sigstore/tuf\n```\n\n## Usage\n\n```javascript\nconst { initTUF } = require('@sigstore/tuf');\n```\n\n```javascript\nimport { initTUF } from '@sigstore/tuf';\n```\n\n### initTUF([options])\n\nReturns a TUF client which can be used to retrieve any target from the Sigstore\nTUF repository. The local TUF cache will be initialized and the TUF metadata\nfiles downloaded from the [remote repository][2] as part of the initialization\nprocess.\n\n- `options` `<Object>`\n  - `mirrorURL` `<string>`: Base URL for the Sigstore TUF repository. Defaults to `'https://tuf-repo-cdn.sigstore.dev'`\n  - `cachePath` `<string>`: Absolute path to the directory to be used for caching downloaded TUF metadata and targets. Defaults to a directory named \"sigstore-js\" within the platform-specific application data directory.\n  - `rootPath` `<string>`: Path to the initial trust root for the TUF repository. Defaults to the [embedded root](./store/public-good-instance-root.json).\n  - `force` `boolean`: Force re-initialization of the TUF cache even if it already exists. Defaults to `false`.\n\nThe `TUF` client object returned from `initTUF` has a single `getTarget`\nfunction which takes the name of a target in the Sigstore TUF repository\nand returns the content of that target.\n\n### getTrustedRoot([options])\n\nRetrieves the most recent version of the \"trusted_root.json\" target from the\nSigstore TUF repository. The format of \"trusted_root.json\" file is described\nby the [TrustedRoot][3] protobuf and contains the complete set of trusted\nverification materials for the Sigstore public-good instance.\n\n- `options` `<Object>`\n  - `mirrorURL` `<string>`: Base URL for the Sigstore TUF repository. Defaults to `'https://tuf-repo-cdn.sigstore.dev'`\n  - `cachePath` `<string>`: Absolute path to the directory to be used for caching downloaded TUF metadata and targets. Defaults to a directory named \"sigstore-js\" within the platform-specific application data directory.\n  - `rootPath` `<string>`: Path to the initial trust root for the TUF repository. Defaults to the [embedded root](./store/public-good-instance-root.json).\n  - `force` `boolean`: Force re-initialization of the TUF cache even if it already exists. Defaults to `false`.\n\n[1]: https://theupdateframework.io/\n[2]: https://sigstore-tuf-root.storage.googleapis.com/\n[3]: https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_trustroot.proto\n","_attachments":{},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme","bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"license":"Apache-2.0"}