npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

verify-za-vaccine-cert

v0.1.3

Published

Verifies the validity of a South African digital COVID-19 certificate.

Downloads

12

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

adrianfrithadrianfrith

Keywords

vaccinevaxvaccine certificatevaccine certsouth africacovidvcs

Readme

verify-za-vaccine-cert

npm

This is a TypeScript/JavaScript library which verifies the QR codes of certificates issued by the South African COVID-19 Vaccine Certificate System. It is an implementation of the algorithm described in the VCS Verification API Specification, Version 1.0.

The current vaccine certificates do not incorporate a digital signature. They can only be verified by calling the Public VCS Verification API provided by the Department of Health. It is therefore not possible to validate certificates when offline. For offline use this library does provide a function that checks the format of a certificate without validating it through the API, but this will not detect sophisticated forgeries.

This library works in both Node.js and in the browser. However, the VCS API currently does not set the necessary CORS headers, so you can't call it directly from browser code. You will have to proxy the requests through your own server, for which see the endpointUrl option described below.

Note that the verification API specification indicates that it has is a limit of 30 requests per IP address per second.

Install

npm install --save verify-za-vaccine-cert

Example

import { verifyCert, VerificationError } from 'verify-za-vaccine-cert'

const qrcode = '{"alg":"sha256","kid":"9e9e5863-b900-4f2f-b572-c48ee4ddee75cwtG6ZL54We1MmE","iss":"ZAF","iat":"2021-12-03T18:55:37.790","exp":"3M","hcert":"eyJ2ZXJzaW9uIjoiMi4wIiwiaWRUeXBlIjoiUlNBSUQiLCJpZE1hc2siOiI4ODAyMTAqKioqKio2IiwiZmlyc3ROYW1lIjoiQWRyaWFuIEpvaG4iLCJzdXJuYW1lIjoiRnJpdGgiLCJkYXRlT2ZCaXJ0aCI6IjEwLUZlYi0xOTg4IiwiaW1tdW5pemF0aW9uRXZlbnRzIjpbeyJ2YWNjaW5lUmVjZWl2ZWQiOiJDb21pcm5hdHkiLCJ2YWNjaW5lRGF0ZSI6IjIwLUF1Zy0yMDIxIn0seyJ2YWNjaW5lUmVjZWl2ZWQiOiJDb21pcm5hdHkiLCJ2YWNjaW5lRGF0ZSI6IjA0LU9jdC0yMDIxIn1dLCJleHBpcnlEYXRlIjoiMDMtTWFyLTIwMjIifQ==","hashalg":"sha256","hash":"caed4092ce4cd4af205aa90653126b836ea94e2d2619fe7fb53ea71af24c11fa"}'

const result = await verifyCert(qrcode)

if (result.valid) {
  console.log('Valid cert:', JSON.stringify(result.cert))
} else {
  console.log('Invalid cert:', VerificationError[result.reason])
}

The value of result.cert in this case is:

{
  "version": "2.0",
  "idType": "RSAID",
  "idMask": "880210******6",
  "firstName": "Adrian John",
  "surname": "Frith",
  "dateOfBirth": "10-Feb-1988",
  "immunizationEvents": [
    {
      "vaccineReceived": "Comirnaty",
      "vaccineDate": "20-Aug-2021"
    },
    {
      "vaccineReceived": "Comirnaty",
      "vaccineDate": "04-Oct-2021"
    }
  ],
  "expiryDate": "03-Mar-2022"
}

Usage

Verify a certificate (online)

const result = await verifyCert(qrcode, { endpointUrl: '...' })

The parameter qrcode must be a string containing the data as scanned from the QR code on the certificate. If endpointUrl is set then the verification request will be sent to that URL instead of the public VCS endpoint.

If the certificate is valid the result will have the form:

{
  valid: true,
  cert: { ... }
}

and cert will contain the data stored in the certificate (see the example above).

If the certificate is invalid the result will have the form:

{
  valid: false,
  reason: ...
}

The reason field will be one of the values from VerificationError (which is a TypeScript enum):

  • InvalidJson: the value supplied does not parse as a JSON object.
  • MissingField: one of the required fields is missing from the certificate.
  • InvalidHash: the certificate's hash is not valid.
  • CertFormat: the inner certificate data is not a Base64-encoded JSON object as required.
  • ApiBadResponse: the request to the VCS API failed.
  • ApiBadJson: the response from the VCS API was not valid JSON.
  • ApiNotValid: the VCS API responded that the certificate is not valid.

Check certificate format without verification (offline)

const result = checkCertFormat(qrcode)

The result of this function takes the same format as that of verifyCert, except that it is returned synchronously and not through a Promise.

License

This library is released under the MIT License. See LICENSE for more details. Copyright © 2022 Adrian Frith.