From d1da230d7809a74e45de29a55caef8eb36cdcae6 Mon Sep 17 00:00:00 2001
From: Edoardo Scibona <12040076+velut@users.noreply.github.com>
Date: Tue, 9 Apr 2024 19:11:57 +0200
Subject: [PATCH] feat: add getRegistrySigningKeys

---
 .vscode/settings.json            |  3 ++
 src/get-registry-signing-keys.ts | 51 ++++++++++++++++++++++++++++++++
 src/index.ts                     |  5 ++++
 3 files changed, 59 insertions(+)
 create mode 100644 src/get-registry-signing-keys.ts

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 19b866e..dc48748 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -4,8 +4,11 @@
 		"attw",
 		"codecov",
 		"commitlint",
+		"ddthh",
 		"edoardo",
 		"keyid",
+		"keytype",
+		"nistp",
 		"packument",
 		"packuments",
 		"pathnames",
diff --git a/src/get-registry-signing-keys.ts b/src/get-registry-signing-keys.ts
new file mode 100644
index 0000000..e4fdbe0
--- /dev/null
+++ b/src/get-registry-signing-keys.ts
@@ -0,0 +1,51 @@
+import urlJoin from "url-join";
+import { z } from "zod";
+import { fetchData } from "./fetch-data";
+import { npmRegistryUrl } from "./npm-registry";
+
+/**
+Zod schema for the registry signing keys.
+*/
+export const registrySigningKeysSchema = z
+	.object({
+		keys: z.array(
+			z
+				.object({
+					/**
+          String in the simplified extended ISO 8601 format: `YYYY-MM-DDTHH:mm:ss.sssZ` or `null`.
+          */
+					expires: z.string().nullable(),
+
+					/** SHA256 fingerprint of the public key. */
+					keyid: z.string(),
+
+					/** Key type; only `ecdsa-sha2-nistp256` is currently supported by the npm CLI. */
+					keytype: z.string(),
+
+					/** Key scheme; only `ecdsa-sha2-nistp256` is currently supported by the npm CLI. */
+					scheme: z.string(),
+
+					/** Public key encoded in base64. */
+					key: z.string(),
+				})
+				.passthrough(),
+		),
+	})
+	.passthrough();
+
+/**
+`RegistrySigningKeys` describes the signing keys used by the registry.
+
+@see {@link https://docs.npmjs.com/about-registry-signatures}
+*/
+export type RegistrySigningKeys = z.infer<typeof registrySigningKeysSchema>;
+
+/**
+`getRegistrySigningKeys` returns the public signing keys used by the registry.
+
+@param registry - URL of the registry (default: npm registry)
+*/
+export const getRegistrySigningKeys = async (
+	registry = npmRegistryUrl,
+): Promise<RegistrySigningKeys> =>
+	fetchData(registrySigningKeysSchema, urlJoin(registry, "-/npm/v1/keys"));
diff --git a/src/index.ts b/src/index.ts
index 0ae1b49..9b97716 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,5 +10,10 @@ export {
 	registryMetadataSchema,
 	type RegistryMetadata,
 } from "./get-registry-metadata";
+export {
+	getRegistrySigningKeys,
+	registrySigningKeysSchema,
+	type RegistrySigningKeys,
+} from "./get-registry-signing-keys";
 export { npmRegistryDownloadsApiUrl, npmRegistryUrl } from "./npm-registry";
 export { packageManifestSchema, type PackageManifest } from "./package-manifest";