{ "_args": [ [ { "raw": "csrf@~3.0.0", "scope": null, "escapedName": "csrf", "name": "csrf", "rawSpec": "~3.0.0", "spec": ">=3.0.0 <3.1.0", "type": "range" }, "/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/csurf" ] ], "_from": "csrf@>=3.0.0 <3.1.0", "_id": "csrf@3.0.6", "_inCache": true, "_location": "/csrf", "_nodeVersion": "4.7.3", "_npmOperationalInternal": { "host": "packages-18-east.internal.npmjs.com", "tmp": "tmp/csrf-3.0.6.tgz_1489549463230_0.9222420507576317" }, "_npmUser": { "name": "dougwilson", "email": "doug@somethingdoug.com" }, "_npmVersion": "2.15.11", "_phantomChildren": {}, "_requested": { "raw": "csrf@~3.0.0", "scope": null, "escapedName": "csrf", "name": "csrf", "rawSpec": "~3.0.0", "spec": ">=3.0.0 <3.1.0", "type": "range" }, "_requiredBy": [ "/csurf" ], "_resolved": "https://registry.npmjs.org/csrf/-/csrf-3.0.6.tgz", "_shasum": "b61120ddceeafc91e76ed5313bb5c0b2667b710a", "_shrinkwrap": null, "_spec": "csrf@~3.0.0", "_where": "/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/csurf", "author": { "name": "Jonathan Ong", "email": "me@jongleberry.com", "url": "http://jongleberry.com" }, "bugs": { "url": "https://github.com/pillarjs/csrf/issues" }, "contributors": [ { "name": "Douglas Christopher Wilson", "email": "doug@somethingdoug.com" } ], "dependencies": { "rndm": "1.2.0", "tsscmp": "1.0.5", "uid-safe": "2.1.4" }, "description": "primary logic behind csrf tokens", "devDependencies": { "bluebird": "3.5.0", "eslint": "3.17.1", "eslint-config-standard": "7.0.1", "eslint-plugin-markdown": "1.0.0-beta.4", "eslint-plugin-promise": "3.5.0", "eslint-plugin-standard": "2.1.1", "istanbul": "0.4.5", "mocha": "2.5.3" }, "directories": {}, "dist": { "shasum": "b61120ddceeafc91e76ed5313bb5c0b2667b710a", "tarball": "https://registry.npmjs.org/csrf/-/csrf-3.0.6.tgz" }, "engines": { "node": ">= 0.8" }, "files": [ "LICENSE", "HISTORY.md", "README.md", "index.js" ], "gitHead": "018ec746e8ce5dea10dda78a2480a0a9e756f1a8", "homepage": "https://github.com/pillarjs/csrf#readme", "keywords": [ "csrf", "tokens" ], "license": "MIT", "maintainers": [ { "name": "dougwilson", "email": "doug@somethingdoug.com" }, { "name": "dwolla", "email": "api@dwolla.com" }, { "name": "jongleberry", "email": "jonathanrichardong@gmail.com" } ], "name": "csrf", "optionalDependencies": {}, "readme": "# CSRF\n\n[![NPM Version][npm-image]][npm-url]\n[![NPM Downloads][downloads-image]][downloads-url]\n[![Node.js Version][node-image]][node-url]\n[![Build Status][travis-image]][travis-url]\n[![Test Coverage][coveralls-image]][coveralls-url]\n\nLogic behind CSRF token creation and verification.\n\nRead [Understanding-CSRF](https://github.com/pillarjs/understanding-csrf)\nfor more information on CSRF. Use this module to create custom CSRF middleware.\n\nLooking for a CSRF framework for your favorite framework that uses this\nmodule?\n\n * Express/connect: [csurf](https://www.npmjs.com/package/csurf) or\n [alt-xsrf](https://www.npmjs.com/package/alt-xsrf)\n * Koa: [koa-csrf](https://www.npmjs.com/package/koa-csrf) or\n [koa-atomic-session](https://www.npmjs.com/package/koa-atomic-session)\n\n### Install\n\n```sh\n$ npm install csrf\n```\n\n## API\n\n\n\n```js\nvar Tokens = require('csrf')\n```\n\n### new Tokens([options])\n\nCreate a new token generation/verification instance. The `options` argument is\noptional and will just use all defaults if missing.\n\n#### Options\n\nTokens accepts these properties in the options object.\n\n##### saltLength\n\nThe length of the internal salt to use, in characters. Internally, the salt\nis a base 62 string. Defaults to `8` characters.\n\n##### secretLength\n\nThe length of the secret to generate, in bytes. Note that the secret is\npassed around base-64 encoded and that this length refers to the underlying\nbytes, not the length of the base-64 string. Defaults to `18` bytes.\n\n#### tokens.create(secret)\n\nCreate a new CSRF token attached to the given `secret`. The `secret` is a\nstring, typically generated from the `tokens.secret()` or `tokens.secretSync()`\nmethods. This token is what you should add into HTML `
` blocks and\nexpect the user's browser to provide back.\n\n\n\n```js\nvar secret = tokens.secretSync()\nvar token = tokens.create(secret)\n```\n\n#### tokens.secret(callback)\n\nAsynchronously create a new `secret`, which is a string. The secret is to\nbe kept on the server, typically stored in a server-side session for the\nuser. The secret should be at least per user.\n\n\n\n```js\ntokens.secret(function (err, secret) {\n if (err) throw err\n // do something with the secret\n})\n```\n\n#### tokens.secret()\n\nAsynchronously create a new `secret` and return a `Promise`. Please see\n`tokens.secret(callback)` documentation for full details.\n\n**Note**: To use promises in Node.js _prior to 0.12_, promises must be\n\"polyfilled\" using `global.Promise = require('bluebird')`.\n\n\n\n```js\ntokens.secret().then(function (secret) {\n // do something with the secret\n})\n```\n\n#### tokens.secretSync()\n\nA synchronous version of `tokens.secret(callback)`. Please see\n`tokens.secret(callback)` documentation for full details.\n\n\n\n```js\nvar secret = tokens.secretSync()\n```\n\n#### tokens.verify(secret, token)\n\nCheck whether a CSRF token is valid for the given `secret`, returning\na Boolean.\n\n\n\n```js\nif (!tokens.verify(secret, token)) {\n throw new Error('invalid token!')\n}\n```\n\n## License\n\n[MIT](LICENSE)\n\n[npm-image]: https://img.shields.io/npm/v/csrf.svg\n[npm-url]: https://npmjs.org/package/csrf\n[node-image]: https://img.shields.io/node/v/csrf.svg\n[node-url]: https://nodejs.org/en/download/\n[travis-image]: https://img.shields.io/travis/pillarjs/csrf/master.svg\n[travis-url]: https://travis-ci.org/pillarjs/csrf\n[coveralls-image]: https://img.shields.io/coveralls/pillarjs/csrf/master.svg\n[coveralls-url]: https://coveralls.io/r/pillarjs/csrf?branch=master\n[downloads-image]: https://img.shields.io/npm/dm/csrf.svg\n[downloads-url]: https://npmjs.org/package/csrf\n", "readmeFilename": "README.md", "repository": { "type": "git", "url": "git+https://github.com/pillarjs/csrf.git" }, "scripts": { "lint": "eslint --plugin markdown --ext js,md .", "test": "mocha --trace-deprecation --reporter spec --bail --check-leaks test/", "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --trace-deprecation --reporter dot --check-leaks test/", "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --trace-deprecation --reporter spec --check-leaks test/" }, "version": "3.0.6" }