Project node-addon-slsa
Namespaces§
Type Aliases§
- BundleVerifier
Sigstore bundle verifier created by
createVerifier()from thesigstorepackage.- FetchOptions
Options controlling HTTP fetch behavior (timeouts, retries, cancellation).
- GitHubRepo
GitHub
owner/reposlug.- PackageProvenance
Returned by verifyPackageProvenance after npm provenance checks pass.
- RequireAddonOptions
- RunInvocationURI
- SemVerString
Strict semver string (no
vprefix):major.minor.patch[-pre][+build]. The template literal type is intentionally wider than the runtime check in semVerString because TypeScript cannot express the full regex.- Sha256Hex
- TrustMaterial
- VerifyOptions
Verification options: extends FetchOptions with attestation-specific limits.
Functions§
- githubRepo
Type constructors.
- isProvenanceError
Error handling.
- loadTrustMaterial
Verification.
- requireAddon
Runtime addon loader.
- runInvocationURI
Type constructors.
- semVerString
Type constructors.
- sha256Hex
Type constructors.
- verifyAddonProvenance
Verification.
- verifyPackageProvenance
Verification.
Classes§
- ProvenanceError
Thrown when provenance verification detects a security issue. The message is prefixed with
SECURITY:and includes remediation advice.
Interfaces§
- Dispatcher
Dispatcher is the core API used to dispatch requests.