npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@datafire/google_digitalassetlinks

v4.0.0

Published

DataFire integration for Digital Asset Links API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

datafiredatafire

Keywords

Readme

@datafire/google_digitalassetlinks

Client library for Digital Asset Links API

Installation and Usage

npm install --save @datafire/google_digitalassetlinks
let google_digitalassetlinks = require('@datafire/google_digitalassetlinks').create();

.then(data => {
  console.log(data);
});

Description

Discovers relationships between online assets such as websites or mobile apps.

Actions

digitalassetlinks.assetlinks.check

Determines whether the specified (directional) relationship exists between the specified source and target assets. The relation describes the intent of the link between the two assets as claimed by the source asset. An example for such relationships is the delegation of privileges or permissions. This command is most often used by infrastructure systems to check preconditions for an action. For example, a client may want to know if it is OK to send a web URL to a particular mobile app instead. The client can check for the relevant asset link from the website to the mobile app to decide if the operation should be allowed. A note about security: if you specify a secure asset as the source, such as an HTTPS website or an Android app, the API will ensure that any statements used to generate the response have been made in a secure way by the owner of that asset. Conversely, if the source asset is an insecure HTTP website (that is, the URL starts with http:// instead of https://), the API cannot verify its statements securely, and it is not possible to ensure that the website's statements have not been altered by a third party. For more information, see the Digital Asset Links technical design specification.

google_digitalassetlinks.digitalassetlinks.assetlinks.check({}, context)

Input

  • input object
    • relation string: Query string for the relation. We identify relations with strings of the format /, where must be one of a set of pre-defined purpose categories, and is a free-form lowercase alphanumeric string that describes the specific use case of the statement. Refer to our API documentation for the current list of supported relations. For a query to match an asset link, both the query's and the asset link's relation strings must match exactly. Example: A query with relation delegate_permission/common.handle_all_urls matches an asset link with relation delegate_permission/common.handle_all_urls.
    • source.androidApp.certificate.sha256Fingerprint string: The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this example, the contents of this field would be 14:6D:E9:83:C5:73: 06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5. If these tools are not available to you, you can convert the PEM certificate into the DER format, compute the SHA-256 hash of that string and represent the result as a hexstring (that is, uppercase hexadecimal representations of each octet, separated by colons).
    • source.androidApp.packageName string: Android App assets are naturally identified by their Java package name. For example, the Google Maps app uses the package name com.google.android.apps.maps. REQUIRED
    • source.web.site string: Web assets are identified by a URL that contains only the scheme, hostname and port parts. The format is http[s]://[:] Hostnames must be fully qualified: they must end in a single period ("."). Only the schemes "http" and "https" are currently allowed. Port numbers are given as a decimal number, and they must be omitted if the standard port numbers are used: 80 for http and 443 for https. We call this limited URL the "site". All URLs that share the same scheme, hostname and port are considered to be a part of the site and thus belong to the web asset. Example: the asset with the site https://www.google.com contains all these URLs: * https://www.google.com/ * https://www.google.com:443/ * https://www.google.com/foo * https://www.google.com/foo?bar * https://www.google.com/foo#bar * https://user@password:www.google.com/ But it does not contain these URLs: * http://www.google.com/ (wrong scheme) * https://google.com/ (hostname does not match) * https://www.google.com:444/ (port does not match) REQUIRED
    • target.androidApp.certificate.sha256Fingerprint string: The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this example, the contents of this field would be 14:6D:E9:83:C5:73: 06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5. If these tools are not available to you, you can convert the PEM certificate into the DER format, compute the SHA-256 hash of that string and represent the result as a hexstring (that is, uppercase hexadecimal representations of each octet, separated by colons).
    • target.androidApp.packageName string: Android App assets are naturally identified by their Java package name. For example, the Google Maps app uses the package name com.google.android.apps.maps. REQUIRED
    • target.web.site string: Web assets are identified by a URL that contains only the scheme, hostname and port parts. The format is http[s]://[:] Hostnames must be fully qualified: they must end in a single period ("."). Only the schemes "http" and "https" are currently allowed. Port numbers are given as a decimal number, and they must be omitted if the standard port numbers are used: 80 for http and 443 for https. We call this limited URL the "site". All URLs that share the same scheme, hostname and port are considered to be a part of the site and thus belong to the web asset. Example: the asset with the site https://www.google.com contains all these URLs: * https://www.google.com/ * https://www.google.com:443/ * https://www.google.com/foo * https://www.google.com/foo?bar * https://www.google.com/foo#bar * https://user@password:www.google.com/ But it does not contain these URLs: * http://www.google.com/ (wrong scheme) * https://google.com/ (hostname does not match) * https://www.google.com:444/ (port does not match) REQUIRED
    • $.xgafv string (values: 1, 2): V1 error format.
    • access_token string: OAuth access token.
    • alt string (values: json, media, proto): Data format for response.
    • callback string: JSONP
    • fields string: Selector specifying which fields to include in a partial response.
    • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
    • oauth_token string: OAuth 2.0 token for the current user.
    • prettyPrint boolean: Returns response with indentations and line breaks.
    • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
    • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
    • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

digitalassetlinks.statements.list

Retrieves a list of all statements from a given source that match the specified target and statement string. The API guarantees that all statements with secure source assets, such as HTTPS websites or Android apps, have been made in a secure way by the owner of those assets, as described in the Digital Asset Links technical design specification. Specifically, you should consider that for insecure websites (that is, where the URL starts with http:// instead of https://), this guarantee cannot be made. The List command is most useful in cases where the API client wants to know all the ways in which two assets are related, or enumerate all the relationships from a particular source asset. Example: a feature that helps users navigate to related items. When a mobile app is running on a device, the feature would make it easy to navigate to the corresponding web site or Google+ profile.

google_digitalassetlinks.digitalassetlinks.statements.list({}, context)

Input

  • input object
    • relation string: Use only associations that match the specified relation. See the Statement message for a detailed definition of relation strings. For a query to match a statement, one of the following must be true: * both the query's and the statement's relation strings match exactly, or * the query's relation string is empty or missing. Example: A query with relation delegate_permission/common.handle_all_urls matches an asset link with relation delegate_permission/common.handle_all_urls.
    • source.androidApp.certificate.sha256Fingerprint string: The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this example, the contents of this field would be 14:6D:E9:83:C5:73: 06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5. If these tools are not available to you, you can convert the PEM certificate into the DER format, compute the SHA-256 hash of that string and represent the result as a hexstring (that is, uppercase hexadecimal representations of each octet, separated by colons).
    • source.androidApp.packageName string: Android App assets are naturally identified by their Java package name. For example, the Google Maps app uses the package name com.google.android.apps.maps. REQUIRED
    • source.web.site string: Web assets are identified by a URL that contains only the scheme, hostname and port parts. The format is http[s]://[:] Hostnames must be fully qualified: they must end in a single period ("."). Only the schemes "http" and "https" are currently allowed. Port numbers are given as a decimal number, and they must be omitted if the standard port numbers are used: 80 for http and 443 for https. We call this limited URL the "site". All URLs that share the same scheme, hostname and port are considered to be a part of the site and thus belong to the web asset. Example: the asset with the site https://www.google.com contains all these URLs: * https://www.google.com/ * https://www.google.com:443/ * https://www.google.com/foo * https://www.google.com/foo?bar * https://www.google.com/foo#bar * https://user@password:www.google.com/ But it does not contain these URLs: * http://www.google.com/ (wrong scheme) * https://google.com/ (hostname does not match) * https://www.google.com:444/ (port does not match) REQUIRED
    • $.xgafv string (values: 1, 2): V1 error format.
    • access_token string: OAuth access token.
    • alt string (values: json, media, proto): Data format for response.
    • callback string: JSONP
    • fields string: Selector specifying which fields to include in a partial response.
    • key string: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
    • oauth_token string: OAuth 2.0 token for the current user.
    • prettyPrint boolean: Returns response with indentations and line breaks.
    • quotaUser string: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
    • upload_protocol string: Upload protocol for media (e.g. "raw", "multipart").
    • uploadType string: Legacy upload protocol for media (e.g. "media", "multipart").

Output

Definitions

AndroidAppAsset

  • AndroidAppAsset object: Describes an android app asset.
    • certificate CertificateInfo
    • packageName string: Android App assets are naturally identified by their Java package name. For example, the Google Maps app uses the package name com.google.android.apps.maps. REQUIRED

Asset

  • Asset object: Uniquely identifies an asset. A digital asset is an identifiable and addressable online entity that typically provides some service or content. Examples of assets are websites, Android apps, Twitter feeds, and Plus Pages.

CertificateInfo

  • CertificateInfo object: Describes an X509 certificate.
    • sha256Fingerprint string: The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this example, the contents of this field would be 14:6D:E9:83:C5:73: 06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5. If these tools are not available to you, you can convert the PEM certificate into the DER format, compute the SHA-256 hash of that string and represent the result as a hexstring (that is, uppercase hexadecimal representations of each octet, separated by colons).

CheckResponse

  • CheckResponse object: Response message for the CheckAssetLinks call.
    • debugString string: Human-readable message containing information intended to help end users understand, reproduce and debug the result. The message will be in English and we are currently not planning to offer any translations. Please note that no guarantees are made about the contents or format of this string. Any aspect of it may be subject to change without notice. You should not attempt to programmatically parse this data. For programmatic access, use the error_code field below.
    • errorCode array: Error codes that describe the result of the Check operation.
      • items string (values: ERROR_CODE_UNSPECIFIED, ERROR_CODE_INVALID_QUERY, ERROR_CODE_FETCH_ERROR, ERROR_CODE_FAILED_SSL_VALIDATION, ERROR_CODE_REDIRECT, ERROR_CODE_TOO_LARGE, ERROR_CODE_MALFORMED_HTTP_RESPONSE, ERROR_CODE_WRONG_CONTENT_TYPE, ERROR_CODE_MALFORMED_CONTENT, ERROR_CODE_SECURE_ASSET_INCLUDES_INSECURE, ERROR_CODE_FETCH_BUDGET_EXHAUSTED)
    • linked boolean: Set to true if the assets specified in the request are linked by the relation specified in the request.
    • maxAge string: From serving time, how much longer the response should be considered valid barring further updates. REQUIRED

ListResponse

  • ListResponse object: Response message for the List call.
    • debugString string: Human-readable message containing information intended to help end users understand, reproduce and debug the result. The message will be in English and we are currently not planning to offer any translations. Please note that no guarantees are made about the contents or format of this string. Any aspect of it may be subject to change without notice. You should not attempt to programmatically parse this data. For programmatic access, use the error_code field below.
    • errorCode array: Error codes that describe the result of the List operation.
      • items string (values: ERROR_CODE_UNSPECIFIED, ERROR_CODE_INVALID_QUERY, ERROR_CODE_FETCH_ERROR, ERROR_CODE_FAILED_SSL_VALIDATION, ERROR_CODE_REDIRECT, ERROR_CODE_TOO_LARGE, ERROR_CODE_MALFORMED_HTTP_RESPONSE, ERROR_CODE_WRONG_CONTENT_TYPE, ERROR_CODE_MALFORMED_CONTENT, ERROR_CODE_SECURE_ASSET_INCLUDES_INSECURE, ERROR_CODE_FETCH_BUDGET_EXHAUSTED)
    • maxAge string: From serving time, how much longer the response should be considered valid barring further updates. REQUIRED
    • statements array: A list of all the matching statements that have been found.

Statement

  • Statement object: Describes a reliable statement that has been made about the relationship between a source asset and a target asset. Statements are always made by the source asset, either directly or by delegating to a statement list that is stored elsewhere. For more detailed definitions of statements and assets, please refer to our API documentation landing page.
    • relation string: The relation identifies the use of the statement as intended by the source asset's owner (that is, the person or entity who issued the statement). Every complete statement has a relation. We identify relations with strings of the format /, where must be one of a set of pre-defined purpose categories, and is a free-form lowercase alphanumeric string that describes the specific use case of the statement. Refer to our API documentation for the current list of supported relations. Example: delegate_permission/common.handle_all_urls REQUIRED
    • source Asset
    • target Asset

WebAsset

  • WebAsset object: Describes a web asset.
    • site string: Web assets are identified by a URL that contains only the scheme, hostname and port parts. The format is http[s]://[:] Hostnames must be fully qualified: they must end in a single period ("."). Only the schemes "http" and "https" are currently allowed. Port numbers are given as a decimal number, and they must be omitted if the standard port numbers are used: 80 for http and 443 for https. We call this limited URL the "site". All URLs that share the same scheme, hostname and port are considered to be a part of the site and thus belong to the web asset. Example: the asset with the site https://www.google.com contains all these URLs: * https://www.google.com/ * https://www.google.com:443/ * https://www.google.com/foo * https://www.google.com/foo?bar * https://www.google.com/foo#bar * https://user@password:www.google.com/ But it does not contain these URLs: * http://www.google.com/ (wrong scheme) * https://google.com/ (hostname does not match) * https://www.google.com:444/ (port does not match) REQUIRED