{"_id":"@sigstore/sign","_rev":"4130917","name":"@sigstore/sign","description":"Sigstore signing library","dist-tags":{"latest":"4.1.0"},"maintainers":[{"name":"bdehamer","email":""}],"time":{"modified":"2026-03-01T18:33:10.000Z","created":"2023-08-10T16:18:29.208Z","4.1.0":"2025-12-19T16:49:00.559Z","4.0.1":"2025-09-25T17:39:14.954Z","4.0.0":"2025-07-29T23:16:48.015Z","3.1.0":"2025-02-04T20:35:48.754Z","3.0.0":"2024-10-14T16:13:47.000Z","2.3.2":"2024-05-16T17:12:04.041Z","2.3.1":"2024-05-08T23:23:18.362Z","2.3.0":"2024-04-03T18:43:58.181Z","2.2.3":"2024-02-15T18:03:31.137Z","2.2.2":"2024-02-08T23:12:03.177Z","2.2.1":"2024-01-12T20:56:35.400Z","2.2.0":"2023-10-20T20:57:16.778Z","2.1.0":"2023-08-29T15:40:24.461Z","2.0.0":"2023-08-18T16:05:36.544Z","1.0.0":"2023-08-10T16:18:29.208Z"},"users":{},"author":{"name":"bdehamer@github.com"},"repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"versions":{"4.1.0":{"name":"@sigstore/sign","version":"4.1.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.11.0","@sigstore/rekor-types":"^4.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^4.0.0","@sigstore/core":"^3.1.0","@sigstore/protobuf-specs":"^0.5.0","make-fetch-happen":"^15.0.3","proc-log":"^6.1.0","promise-retry":"^2.0.1"},"engines":{"node":"^20.17.0 || >=22.9.0"},"gitHead":"c4ad6141eb947a20690837888e5d90d9a30b5af3","_id":"@sigstore/sign@4.1.0","_nodeVersion":"24.12.0","_npmVersion":"11.6.2","dist":{"shasum":"63df15a137337b29f463a1d1c51e1f7d4c1db2f1","size":22943,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-4.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-4.1.0.tgz"},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:57beebb8-adda-434c-9637-ca55536c4289"}},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/sign_4.1.0_1766162940417_0.8614573575117532"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2025-12-19T16:49:00.559Z","publish_time":1766162940559,"_source_registry_name":"default","_cnpm_publish_time":1766162940559},"4.0.1":{"name":"@sigstore/sign","version":"4.0.1","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.11.0","@sigstore/rekor-types":"^4.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^4.0.0","@sigstore/core":"^3.0.0","@sigstore/protobuf-specs":"^0.5.0","make-fetch-happen":"^15.0.2","proc-log":"^5.0.0","promise-retry":"^2.0.1"},"engines":{"node":"^20.17.0 || >=22.9.0"},"gitHead":"83b349b02f28d4ef42193cf59ea4730b2236f645","_id":"@sigstore/sign@4.0.1","_nodeVersion":"20.19.5","_npmVersion":"11.6.1","dist":{"shasum":"36ed397d0528e4da880b9060e26234098de5d35b","size":20355,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-4.0.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-4.0.1.tgz"},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:57beebb8-adda-434c-9637-ca55536c4289"}},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/sign_4.0.1_1758821954736_0.42020888697005754"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2025-09-25T17:39:14.954Z","publish_time":1758821954954,"_source_registry_name":"default","_cnpm_publish_time":1758821954954},"4.0.0":{"name":"@sigstore/sign","version":"4.0.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.11.0","@sigstore/rekor-types":"^4.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^4.0.0","@sigstore/core":"^3.0.0","@sigstore/protobuf-specs":"^0.5.0","make-fetch-happen":"^15.0.0","proc-log":"^5.0.0","promise-retry":"^2.0.1"},"engines":{"node":"^20.17.0 || >=22.9.0"},"_id":"@sigstore/sign@4.0.0","gitHead":"21dd66d041593ad5d9fc2fe461131d8db868ad6f","_nodeVersion":"20.19.4","_npmVersion":"11.5.1","dist":{"shasum":"bfa8754b00597594f48c48102805c26697b96623","size":20339,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-4.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-4.0.0.tgz"},"_npmUser":{"name":"GitHub Actions","email":"npm-oidc-no-reply@github.com","trustedPublisher":{"id":"github","oidcConfigId":"oidc:57beebb8-adda-434c-9637-ca55536c4289"}},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/sign_4.0.0_1753831007830_0.3438453087047697"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2025-07-29T23:16:48.015Z","publish_time":1753831008015,"_source_registry_name":"default","_cnpm_publish_time":1753831008015},"3.1.0":{"name":"@sigstore/sign","version":"3.1.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.10.0","@sigstore/rekor-types":"^3.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^3.1.0","@sigstore/core":"^2.0.0","@sigstore/protobuf-specs":"^0.4.0","make-fetch-happen":"^14.0.2","proc-log":"^5.0.0","promise-retry":"^2.0.1"},"engines":{"node":"^18.17.0 || >=20.5.0"},"_id":"@sigstore/sign@3.1.0","gitHead":"06cd267cbdc2eeaa04294995622db9f6ad2fa7cf","_nodeVersion":"18.17.0","_npmVersion":"10.9.2","dist":{"shasum":"5d098d4d2b59a279e9ac9b51c794104cda0c649e","size":20333,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-3.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-3.1.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/sign_3.1.0_1738701348495_0.8907908560846478"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2025-02-04T20:35:48.754Z","publish_time":1738701348754,"_source_registry_name":"default","_cnpm_publish_time":1738701348754},"3.0.0":{"name":"@sigstore/sign","version":"3.0.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.8.0","@sigstore/rekor-types":"^3.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^3.0.0","@sigstore/core":"^2.0.0","@sigstore/protobuf-specs":"^0.3.2","make-fetch-happen":"^14.0.1","proc-log":"^5.0.0","promise-retry":"^2.0.1"},"engines":{"node":"^18.17.0 || >=20.5.0"},"_id":"@sigstore/sign@3.0.0","gitHead":"3a57a741bfb9f7c3bca69b63e170fc28e9432e69","_nodeVersion":"18.17.0","_npmVersion":"10.9.0","dist":{"shasum":"70752aaa54dfeafa0b0fbe1f58ebe9fe3d621f8f","size":20116,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-3.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-3.0.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_3.0.0_1728922426783_0.4915024002859205"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-10-14T16:13:47.000Z","publish_time":1728922427000,"_source_registry_name":"default","_cnpm_publish_time":1728922427000},"2.3.2":{"name":"@sigstore/sign","version":"2.3.2","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.7.4","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^2.3.2","@sigstore/core":"^1.0.0","@sigstore/protobuf-specs":"^0.3.2","make-fetch-happen":"^13.0.1","proc-log":"^4.2.0","promise-retry":"^2.0.1"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.3.2","gitHead":"46e7056ff9912ebfee5298d94024895a9fea76c0","_nodeVersion":"18.17.0","_npmVersion":"10.8.0","dist":{"shasum":"d3d01e56d03af96fd5c3a9b9897516b1233fc1c4","size":20207,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.3.2.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.3.2.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.3.2_1715879523882_0.7008746466446438"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-05-16T17:12:04.041Z","publish_time":1715879524041,"_source_registry_name":"default","_cnpm_publish_time":1715879524041},"2.3.1":{"name":"@sigstore/sign","version":"2.3.1","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.7.3","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4","@types/promise-retry":"^1.1.6"},"dependencies":{"@sigstore/bundle":"^2.3.0","@sigstore/core":"^1.0.0","@sigstore/protobuf-specs":"^0.3.1","make-fetch-happen":"^13.0.1","proc-log":"^4.2.0","promise-retry":"^2.0.1"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.3.1","gitHead":"08ac1f1dc9e0352a3551b612d337b82108d9496e","_nodeVersion":"18.17.0","_npmVersion":"10.7.0","dist":{"shasum":"4fc4e6faee5689b5e9d42e97f1207273b7dd7b7f","size":20207,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.3.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.3.1.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.3.1_1715210598220_0.48810932090172354"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-05-08T23:23:18.362Z","publish_time":1715210598362,"_source_registry_name":"default","_cnpm_publish_time":1715210598362},"2.3.0":{"name":"@sigstore/sign","version":"2.3.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.7.0","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4"},"dependencies":{"@sigstore/bundle":"^2.3.0","@sigstore/core":"^1.0.0","@sigstore/protobuf-specs":"^0.3.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.3.0","gitHead":"8c8c71d30a9b0f2e5e9428ffc58cd41fb40f73e2","_nodeVersion":"18.17.0","_npmVersion":"10.5.1","dist":{"shasum":"c35e10a3d707e0c69a29bd9f93fa2bdc6275817c","size":19652,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.3.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.3.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.3.0_1712169838032_0.9333532376099747"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-04-03T18:43:58.181Z","publish_time":1712169838181,"_source_registry_name":"default","_cnpm_publish_time":1712169838181},"2.2.3":{"name":"@sigstore/sign","version":"2.2.3","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.6.5","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4"},"dependencies":{"@sigstore/bundle":"^2.2.0","@sigstore/core":"^1.0.0","@sigstore/protobuf-specs":"^0.3.0","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.2.3","gitHead":"700c78d4e5879c2f4764cc45a89f477106db5ef6","_nodeVersion":"18.17.0","_npmVersion":"10.4.0","dist":{"shasum":"f07bcd2cfee654fade867db44ae260f1a0142ba4","size":19589,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.2.3.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.2.3.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.2.3_1708020210992_0.8240755769869399"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-02-15T18:03:31.137Z","publish_time":1708020211137,"_source_registry_name":"default","_cnpm_publish_time":1708020211137},"2.2.2":{"name":"@sigstore/sign","version":"2.2.2","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.6.4","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4"},"dependencies":{"@sigstore/bundle":"^2.1.1","@sigstore/core":"^1.0.0","@sigstore/protobuf-specs":"^0.2.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"gitHead":"f25501d2f480511a28fab9faee80f15b92f86673","_id":"@sigstore/sign@2.2.2","_nodeVersion":"18.17.0","_npmVersion":"9.6.7","dist":{"shasum":"a958388fd20a7c367e20dd3604de3b47cc0b2b47","size":19590,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.2.2.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.2.2.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.2.2_1707433922966_0.9624971517770637"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-02-08T23:12:03.177Z","publish_time":1707433923177,"_source_registry_name":"default","_cnpm_publish_time":1707433923177},"2.2.1":{"name":"@sigstore/sign","version":"2.2.1","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.6.3","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.4"},"dependencies":{"@sigstore/bundle":"^2.1.1","@sigstore/core":"^0.2.0","@sigstore/protobuf-specs":"^0.2.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.2.1","gitHead":"d9093d4b3b99d9ee446633ac7074e43cea78c727","_nodeVersion":"18.17.0","_npmVersion":"10.3.0","dist":{"shasum":"b37383db1f25ab20cfec980d23ce08e6f99e6caf","size":19579,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.2.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.2.1.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.2.1_1705092995238_0.8523343274198625"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2024-01-12T20:56:35.400Z","publish_time":1705092995400,"_source_registry_name":"default","_cnpm_publish_time":1705092995400},"2.2.0":{"name":"@sigstore/sign","version":"2.2.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.6.0","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.3"},"dependencies":{"@sigstore/bundle":"^2.1.0","@sigstore/protobuf-specs":"^0.2.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.2.0","gitHead":"85c29e78a989d38e61653b0ce40565b14dc39e39","_nodeVersion":"18.17.0","_npmVersion":"10.2.1","dist":{"shasum":"4918207d8356877ab42d85d360d5729e9b3ec65a","size":21085,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.2.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.2.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.2.0_1697835436499_0.46917428573410613"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-10-20T20:57:16.778Z","publish_time":1697835436778,"_source_registry_name":"default","_cnpm_publish_time":1697835436778},"2.1.0":{"name":"@sigstore/sign","version":"2.1.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.4.0","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/bundle":"^2.1.0","@sigstore/protobuf-specs":"^0.2.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.1.0","gitHead":"26d16513386ffaa790b1c32f927544f1322e4194","_nodeVersion":"16.20.2","_npmVersion":"9.8.1","dist":{"shasum":"801f4b5f60e13ecd1925117a7d084ab7b2199f01","size":21035,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.1.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.1.0_1693323624175_0.08146269126692629"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-08-29T15:40:24.461Z","publish_time":1693323624461,"_source_registry_name":"default","_cnpm_publish_time":1693323624461},"2.0.0":{"name":"@sigstore/sign","version":"2.0.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.3.0","@sigstore/rekor-types":"^2.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/bundle":"^2.0.0","@sigstore/protobuf-specs":"^0.2.1","make-fetch-happen":"^13.0.0"},"engines":{"node":"^16.14.0 || >=18.0.0"},"_id":"@sigstore/sign@2.0.0","gitHead":"f0b49a04e5a62250e0f60fb128004a73110fe311","_nodeVersion":"16.20.2","_npmVersion":"9.8.1","dist":{"shasum":"ebd6e76227259d82e592d7651d97126c04a04e3f","size":20493,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-2.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-2.0.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_2.0.0_1692374736282_0.705483606246113"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-08-18T16:05:36.544Z","publish_time":1692374736544,"_source_registry_name":"default","_cnpm_publish_time":1692374736544},"1.0.0":{"name":"@sigstore/sign","version":"1.0.0","description":"Sigstore signing library","main":"dist/index.js","types":"dist/index.d.ts","scripts":{"clean":"shx rm -rf dist *.tsbuildinfo","build":"tsc --build","test":"jest"},"author":{"name":"bdehamer@github.com"},"license":"Apache-2.0","repository":{"type":"git","url":"git+https://github.com/sigstore/sigstore-js.git"},"bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","publishConfig":{"provenance":true},"devDependencies":{"@sigstore/jest":"^0.0.0","@sigstore/mock":"^0.2.0","@sigstore/rekor-types":"^1.0.0","@types/make-fetch-happen":"^10.0.0"},"dependencies":{"@sigstore/bundle":"^1.1.0","@sigstore/protobuf-specs":"^0.2.0","make-fetch-happen":"^11.0.1"},"engines":{"node":"^14.17.0 || ^16.13.0 || >=18.0.0"},"_id":"@sigstore/sign@1.0.0","gitHead":"591db8d9680e29e96813df1d49ce44529385b433","_nodeVersion":"16.20.1","_npmVersion":"9.8.1","dist":{"shasum":"6b08ebc2f6c92aa5acb07a49784cb6738796f7b4","size":20855,"noattachment":false,"key":"/@sigstore/sign/-/@sigstore/sign-1.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/@sigstore/sign/download/@sigstore/sign-1.0.0.tgz"},"_npmUser":{"name":"bdehamer","email":"brian@dehamer.com"},"directories":{},"maintainers":[{"name":"bdehamer","email":""}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/sign_1.0.0_1691684309032_0.26132649557242993"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2023-08-10T16:18:29.208Z","publish_time":1691684309208,"_source_registry_name":"default","_cnpm_publish_time":1691684309208}},"readme":"# @sigstore/sign &middot; [![npm version](https://img.shields.io/npm/v/@sigstore/sign.svg?style=flat)](https://www.npmjs.com/package/@sigstore/sign) [![CI Status](https://github.com/sigstore/sigstore-js/workflows/CI/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/ci.yml) [![Smoke Test Status](https://github.com/sigstore/sigstore-js/workflows/smoke-test/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml)\n\nA library for generating [Sigstore][1] signatures.\n\n## Features\n\n- Support for keyless signature generation with [Fulcio][2]-issued signing\n  certificates\n- Support for ambient OIDC credential detection in CI/CD environments\n- Support for recording signatures to the [Rekor][3] transparency log\n- Support for requesting timestamped countersignature from a [Timestamp\n  Authority][4]\n\n## Prerequisites\n\n- Node.js version ^20.17.0 || >=22.9.0\n\n## Installation\n\n```\nnpm install @sigstore/sign\n```\n\n## Overview\n\nThis library provides the building blocks for composing custom Sigstore signing\nworkflows.\n\n### BundleBuilder\n\nThe top-level component is the `BundleBuilder` which has responsibility for\ntaking some artifact and returning a [Sigstore bundle][5] containing the\nsignature for that artifact and the various materials necessary to verify that\nsignature.\n\n```typescript\ninterface BundleBuilder {\n  create: (artifact: Artifact) => Promise<Bundle>;\n}\n```\n\nThe artifact to be signed is simply an array of bytes and an optional mimetype.\nThe type is necessary when the signature is packaged as a [DSSE][6] envelope.\n\n```typescript\ntype Artifact = {\n  data: Buffer;\n  type?: string;\n};\n```\n\nThere are two `BundleBuilder` implementations provided as part of this package:\n\n- [`DSSEBundleBuilder`](./src/bundler/dsse.ts) - Combines the verification material and\n  artifact signature into a [`dsse_envelope`][7] -style Sigstore bundle\n- [`MessageBundleBuilder`](./src/bundler/message.ts) - Combines the verification\n  material and artifact signature into a [`message_signature`][8]-style Sigstore\n  bundle.\n\n### Signer\n\nEvery `BundleBuilder` must be instantiated with a `Signer` implementation. The\n`Signer` is responsible for taking a `Buffer` and returning an `Signature`.\n\n```typescript\ninterface Signer {\n  sign: (data: Buffer) => Promise<Signature>;\n}\n```\n\nThe returned `Signature` contains a signature and the public key which can be\nused to verify that signature -- the key may either take the form of a x509\ncertificate or public key.\n\n```typescript\ntype Signature = {\n  signature: Buffer;\n  key: KeyMaterial;\n};\n\ntype KeyMaterial =\n  | {\n      $case: 'x509Certificate';\n      certificate: string;\n    }\n  | {\n      $case: 'publicKey';\n      publicKey: string;\n      hint?: string;\n    };\n```\n\nThis package provides the [`FulcioSigner`](./src/signer/fulcio/index.ts)\nwhich implements the `Signer` interface and signs the artifact with an\nephemeral keypair. It will also retrieve an OIDC token from the configured\n`IdentityProvider` and then request a signing certificate from Fulcio which binds\nthe ephemeral key to the identity embedded in the token. This signing\ncertificate is returned as part of the `Signature`.\n\n### Witness\n\nThe `BundleBuilder` may also be configured with zero-or-more `Witness`\ninstances. Each `Witness` receives the artifact signature and the public key\nand returns an `VerificationMaterial` which represents some sort of\ncounter-signature for the artifact's signature.\n\n```typescript\ninterface Witness {\n  testify: (\n    signature: SignatureBundle,\n    publicKey: string\n  ) => Promise<VerificationMaterial>;\n}\n```\n\nThe returned `VerificationMaterial` may contain either Rekor transparency log\nentries or RFC3161 timestamps.\n\n```typescript\ntype VerificationMaterial = {\n  tlogEntries?: TransparencyLogEntry[];\n  rfc3161Timestamps?: RFC3161SignedTimestamp[];\n};\n```\n\nThe entries in the returned `VerificationMaterial` are automatically added to\nthe Sigstore `Bundle` by the `BundleBuilder`.\n\nThe package provides two different `Witness` implementations:\n\n- [`RekorWitness`](./src/witness/tlog/index.ts) - Adds an entry to the Rekor\n  transparency log and returns a `TransparencyLogEntry` to be included in the\n  `Bundle`\n- [`TSAWitness`](./src/witness/tsa/index.ts) - Requests an RFC3161 timestamp\n  over the artifact signature and returns an `RFC3161SignedTimestamp` to be\n  included in the `Bundle`\n\n## Usage Example\n\n```typescript\nconst {\n  CIContextProvider,\n  DSSEBundleBuilder,\n  FulcioSigner,\n  RekorWitness,\n  TSAWitness,\n} = require('@sigstore/sign');\n\n// Set-up the signer\nconst signer = new FulcioSigner({\n  fulcioBaseURL: 'https://fulcio.sigstore.dev',\n  identityProvider: new CIContextProvider('sigstore'),\n});\n\n// Set-up the witnesses\nconst rekorWitness = new RekorWitness({\n  rekorBaseURL: 'https://rekor.sigstore.dev',\n});\n\nconst tsaWitness = new TSAWitness({\n  tsaBaseURL: 'https://tsa.github.com',\n});\n\n// Instantiate a bundle builder\nconst bundler = new DSSEBundleBuilder({\n  signer,\n  witnesses: [rekorWitness, tsaWitness],\n});\n\n// Sign a thing\nconst artifact = {\n  type: 'text/plain',\n  data: Buffer.from('something to be signed'),\n};\nconst bundle = await bundler.create(artifact);\n```\n\n[1]: https://www.sigstore.dev\n[2]: https://github.com/sigstore/fulcio\n[3]: https://github.com/sigstore/rekor\n[4]: https://github.com/sigstore/timestamp-authority\n[5]: https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto\n[6]: https://github.com/secure-systems-lab/dsse\n[7]: https://github.com/sigstore/protobuf-specs/blob/5ef54068bb534152474c5685f5cd248f38549fbd/protos/sigstore_bundle.proto#L80\n[8]: https://github.com/sigstore/protobuf-specs/blob/5ef54068bb534152474c5685f5cd248f38549fbd/protos/sigstore_bundle.proto#L74\n","_attachments":{},"homepage":"https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme","bugs":{"url":"https://github.com/sigstore/sigstore-js/issues"},"license":"Apache-2.0"}