sigstore-npm-signer
Version:
Sign and verify npm packages using Sigstore
52 lines • 1.65 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.defaultConfig = exports.ConfigSchema = void 0;
exports.loadConfig = loadConfig;
const cosmiconfig_1 = require("cosmiconfig");
const zod_1 = require("zod");
/**
* Configuration module for sigstore-npm-signer
*
* Handles loading and parsing of configuration from .signerrc files
* using cosmiconfig.
*/
/**
* Configuration schema for sigstore-npm-signer
*/
exports.ConfigSchema = zod_1.z.object({
// List of allowed package publishers (GitHub usernames or email addresses)
allowedPublishers: zod_1.z.array(zod_1.z.string()).default([]),
// Whether to enforce signature verification on install
enforceVerification: zod_1.z.boolean().default(true),
// Custom Fulcio URL (optional)
fulcioUrl: zod_1.z.string().optional(),
// Custom Rekor URL (optional)
rekorUrl: zod_1.z.string().optional(),
});
/**
* Default configuration values
*/
exports.defaultConfig = {
allowedPublishers: [],
enforceVerification: true,
};
/**
* Loads configuration from .signerrc file using cosmiconfig
*/
async function loadConfig() {
const explorer = (0, cosmiconfig_1.cosmiconfig)('signer');
const result = await explorer.search();
if (!result || result.isEmpty) {
return exports.defaultConfig;
}
try {
return exports.ConfigSchema.parse(result.config);
}
catch (error) {
if (error instanceof zod_1.z.ZodError) {
throw new Error(`Invalid configuration: ${error.errors.map(e => e.message).join(', ')}`);
}
throw error;
}
}
//# sourceMappingURL=config.js.map