Skip to content

xdrr/cve.js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
spec
spec
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

CVE.js

CVE.js is a JS client-side library for secure, serverless access to the CVE services REST API.

Features

CVE.js runs in the browser and provides:

  • Serverless access to the MITRE CVE services API.
  • Secure credential management solution using Service Workers.
  • Multi-user session management and session timeouts.
  • Broadcast event notification (similar to push notifications).

The following browsers are currently supported:

  • Google Chrome / Chromium
  • Firefox
  • Opera
  • Microsoft Edge (>= v. 99 preferred)
  • Safari

All versions of Internet Explorer are not supported.

Installation

CVE.js can be integrated by the inclusion of the library in the appropriate component of your application.

<script src="cve.js"></script>

Typically cve.js and sw.js are deployed at the root of the component that will provide access to the CVE Services API. The Service Worker will assume this root as its scope of control. If you need to install sw.js in a different location, be sure to specify its location each time you initialise a handle (see Usage).

Usage

Initialise a new handle to CveServices:

let client = new CveServices();

Want to specify a custom API end point for the MITRE CVE Services API? Need to customise the location where the service worker is installed? These can be customised when initialising the handle.

let client = new CveServices(<API-endpoint>,<sw-installation-path>);

Session management

Before services may be requested from CveServices, a user must be logged in. An error will be returned if no user is logged in or the last user's session timeed out.

await client.login("user", "org", "key");

The active user may be replaced by calling login with a different user's credentials:

await client.login("user2", "org_6", "keyabcdef");

The active session may be manually destroyed (along with the Service Worker in the user's browser) by calling logout:

await client.logout();
Timeout

After login, the active user will be automatically logged out after 1 hour.

Event notifications

Event notifications are provided by the Broadcast Channel Web API.

To subscribe a handle to broadcast event, use the on method like so:

client.on("logout").then(msg => alert(msg.message));

License

This project is published under the MIT license. See LICENSE in the project root directory for a full copy of the license.

About

JS client-side library for the CVE API

Topics

vulnerability cve mitre mitre-corporation

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages