Skip to content

Commit 8406c1d

Browse files
authored
Adding info for JS client. (#343)
* Adding info for JS client. Signed-off-by: hayleycd <[email protected]> * Addressing linter comments. Signed-off-by: hayleycd <[email protected]> * Addressing linter comments. Signed-off-by: hayleycd <[email protected]> * Adding link to further information. Signed-off-by: hayleycd <[email protected]> * bringing titles in line with the python pr. Signed-off-by: hayleycd <[email protected]> * Addressing comments. Signed-off-by: hayleycd <[email protected]> --------- Signed-off-by: hayleycd <[email protected]>
1 parent cb7a54b commit 8406c1d

File tree

3 files changed

+85
-2
lines changed

3 files changed

+85
-2
lines changed
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
---
2+
type: docs
3+
title: "JavaScript"
4+
description: "JavaScript Language Client"
5+
lead: "JavaScript Language Client"
6+
date: 2024-10-06T08:49:15+00:00
7+
lastmod: 2024-10-06T08:49:15+00:00
8+
draft: false
9+
images: []
10+
weight: 40
11+
---
Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
---
2+
type: docs
3+
category: JavaScript
4+
title: JavaScript Client Overview
5+
weight: 5
6+
---
7+
8+
[sigstore-js](https://github.com/sigstore/sigstore-js) is a collection of [javascript libraries](#additional-packages) for interacting with Sigstore.
9+
10+
The main package,[`sigstore`](https://www.npmjs.com/package/sigstore), is a JavaScript library for generating and verifying Sigstore signatures. One of the intended uses is to sign and verify npm packages but it can be used to sign and verify any file.
11+
12+
Full project documentation can be found in the [sigstore-js](https://github.com/sigstore/sigstore-js#sigstore-js---) project README and in each [package README](https://github.com/sigstore/sigstore-js/tree/main/packages).
13+
14+
## Features
15+
16+
- Support for signing using an OpenID Connect identity
17+
- Support for publishing signatures to a [Rekor](../../logging/overview/) instance
18+
- Support for verifying Sigstore bundles
19+
20+
## Installation
21+
22+
[`sigstore`](https://www.npmjs.com/package/sigstore) requires Node.js version >= 18.17.0.
23+
24+
To install `sigstore` run the following command:
25+
26+
```console
27+
npm install sigstore
28+
```
29+
30+
## Example
31+
32+
To use `sigstore`, import the following into your project using the following:
33+
34+
```console
35+
const { sign, verify } = require('sigstore');
36+
```
37+
38+
```console
39+
import { sign, verify } from 'sigstore';
40+
```
41+
42+
### Signing example
43+
44+
```console
45+
const bundle = await sign(Buffer.from('hello world'));
46+
```
47+
48+
There are a number of optional arguments that can be used with the sign function. Additional information is available in the [project repository](https://github.com/sigstore/sigstore-js/tree/main/packages/client#signpayload-options).
49+
50+
The sign function will return a JSON-encoded Sigstore bundle which includes the signature and the necessary verification material.
51+
52+
### Verifying example
53+
54+
The following function will verify the previously signed message:
55+
56+
```console
57+
verify(bundle, Buffer.from('hello world'), { certificateIssuer: 'https://token.actions.githubusercontent.com/' });
58+
```
59+
60+
More information on optional arguments can be found in the [project documentation](https://github.com/sigstore/sigstore-js/tree/main/packages/client#verifybundle-payload-options)
61+
62+
## Additional Packages
63+
64+
The [sigstore-js](https://github.com/sigstore/sigstore-js) project includes additional functionality through its scoped packages.
65+
66+
- [`@sigstore/bundle`](https://www.npmjs.com/package/@sigstore/bundle) - TypeScript types and utility functions for working with Sigstore bundles.
67+
- [`@sigstore/cli`](https://www.npmjs.com/package/@sigstore/cli) - Command line interface for signing/verifying artifacts with Sigstore.
68+
- [`@sigstore/sign`](https://www.npmjs.com/package/@sigstore/sign) - Library for generating Sigstore signatures.
69+
- [`@sigstore/tuf`](https://www.npmjs.com/package/@sigstore/tuf) - Library for interacting with the Sigstore TUF repository.
70+
- [`@sigstore/rekor-types`](https://www.npmjs.com/package/@sigstore/rekor-types) - TypeScript types for the Sigstore Rekor REST API.
71+
- [`@sigstore/mock`](https://www.npmjs.com/package/@sigstore/mock) - Mocking library for Sigstore services.

content/en/language_clients/language_client_overview.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,12 @@ Sigstore uses [cosign](../../cosign/signing/overview) to sign and verify package
99

1010
Sigstore has clients for the following language ecosystems:
1111

12+
- [Go](../go/overview)
13+
- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
14+
- [JavaScript](../javascript/overview)
1215
- [Python](../python/overview)
1316
- [Rust](https://github.com/sigstore/sigstore-rs#features)
1417
- [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore)
15-
- [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---)
1618
- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
17-
- [Go](../go/overview)
1819

1920
Language client documentation is hosted in the individual project repositories. Project summaries are currently being added to the main Sigstore documentation.

0 commit comments

Comments
 (0)