create-self-signed

v0.0.1-6

HTTPS自签名证书工具，是为了解决启动本地HTTPS服务时，需要创建自签名证书但很繁琐有时候查教材很耗时。它提供命令行调用方式，可以做到一键生成自签名证书并添加到macOS钥匙串，后续通过命令行还可以随时查看和管理证书内容，同时它还提供API接口，可以很方便地集成到命令行工具里。 For more information about how to use this package see README

Latest version published 4 years ago

License: MIT

NPM

GitHub

Package Health Score

42 / 100

security
No known security issues
popularity
Limited
maintenance
Inactive
community
Limited

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
0.0.1-6	\|	04/2020	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (0)

GitHub Stars: 4
Forks: 3
Contributors: 4

Direct Usage Popularity

The npm package create-self-signed receives a total of 0 downloads a week. As such, we scored create-self-signed popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package create-self-signed, we found that it has been starred 4 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 4
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like create-self-signed is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

No Recent Commits

Open Issues: 1
Open PR: 1
Last Release: 4 years ago
Last Commit: 1 year ago

Further analysis of the maintenance status of create-self-signed based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for create-self-signed is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 4 years
Dependencies: 3 Direct
Versions: 7
Install Size: 21.4 kB
Dist-tags: 1
# of Files: 4
Maintainers: 1
TS Typings: No

create-self-signed has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

简介

HTTPS自签名证书工具，是为了解决启动本地HTTPS服务时，需要创建自签名证书但很繁琐有时候查教材很耗时。它提供命令行调用方式，可以做到一键生成自签名证书并添加到macOS钥匙串，后续通过命令行还可以随时查看和管理证书内容，同时它还提供API接口，可以很方便地集成到命令行工具里。

使用说明

开始使用

生成密钥和证书 创建过程会提示输入域名，这里使用默认域名，直接回车；输入密码，向macOS钥匙串里添加证书。

# 全局安装
npm install trusted-cert -g
# 或者使用yarn
yarn global add trusted-cert

# 一键生成自签名证书并添加到macOS钥匙串
trusted-cert install

在nodejs中使用

const https = require('https');
const fs = require('fs');
const path = require('path');

const options = {
  key: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.key')),
  cert: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.crt')),
};

https.createServer(options, (req, res) =&gt; {
  res.writeHead(200);
  res.end('hello world\n');
}).listen(8000);

浏览器打开访问，发现网址标为了安全

使用api方式

安装依赖
```
npm install trusted-cert -D
```

调用api

const https = require('https');
const fs = require('fs');
const { obtainSelfSigned } = require('trusted-cert')
const hosts = ['test.m.taobao.com'] // 本地https服务要使用的host
obtainSelfSigned(hosts).then(result =&gt; {
    // result
    // {
    //     success: true,
    //     sslKeyPath: '/Users/xxx/.self-signed-cert/ssl.key',
    //     sslCrtPath: '/Users/xxx/.self-signed-cert/ssl.crt',
    //     certTrusted: true
    // }
	const options = {
      key: fs.readFileSync(result.sslKeyPath),
      cert: fs.readFileSync(result.sslCrtPath),
	};
	
	https.createServer(options, (req, res) =&gt; {
	  res.writeHead(200);
	  res.end('hello world\n');
	}).listen(8000);
})

浏览器打开访问，发现网址标为了安全

命令行功能介绍

trusted-cert --help

Usage: trusted-cert [global options] command

Options:
  -v, --version   当前版本
  -h, --help      display help for command

Commands:
  install         生成ssl密钥和自签名证书，在系统钥匙串里添加和信任自签名证书
  info            查看自签名信息
  trust           信任自签名证书
  add       添加要支持的域名，支持以,分隔
  unInstall       删除生成的ssl密钥和自签名证书
  help [command]  display help for command

先安装，再使用其它命令
  $ trusted-cert install

`trusted-cert install`

一键生成自签名证书并添加到macOS钥匙串，在这个过程中，需要输入本地启动https服务要支持的域名，多个以,分隔，然后会提示要输入密码，用来将自签名证书以sudo权限添加到系统钥匙串里，如果添加失败，后面浏览器访问https服务，会提示不安全。

`trusted-cert trust`

如果install过程中三次输入密码都错误了，还可以单独运行这个命令重新添加到系统钥匙串。或者发现chrome下访问https还是提醒非安全，可以去查看确认下证书是否已经添加到系统钥匙串，证书是否过期。

`trusted-cert info`

生成证书后，可以随时通过这个命令查看密钥等文件的位置，方便你在配置服务器https时需要它，还可以看到支持的域名，是否已经添加到系统钥匙串，证书的有效时间。

`trusted-cert add`

通过这个命令新增本地https服务要用的域名，新增时先检测证书是否已经支持了该域名，比如证书支持*.m.taobao.com，本地要使用test.m.taobao.com域名，检测发现已经支持了，会提醒不用新增。如果遇到需要新增的，会先删除原有的密钥等文件和钥匙串里证书，然后再新增。

`trusted-cert unInstall`

删除本地存放密钥、证书等文件的目录，删除钥匙串里添加的证书

api介绍

在命令行工具里里局部安装【HTTPS自签名证书工具】，使用的时候通过api传入要使用的host列表，工具先检测是否安装过证书，没安装过开始安装，安装过的继续检测装过的证书是否已经支持这些host，还有其它检测，针对检测到点一一修复，最后返回密钥和证书的文件位置等信息。本地起https服务时，直接读取使用api返回的密钥和证书文件位置。

考虑到对于开发者而言，在电脑中只需要一份ssl的密钥和自签名证书就够用了，所以不管是命令行方式还是api，只需要生成一份文件存放在系统固定位置~/.self-signed-cert，工具在钥匙串里也只有一份自签名证书，由工具来管理自证书包括生成、销毁、重新生成的生命周期。

附配置服务的HTTPS证书示例

webpack

// ...
devServer: {
    https: {
      key: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.key')),
      cert: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.crt')),
    },
  },
},
// ...

nginx

# ...
server {
  listen  443;
  server_name shop.alimama.com;
 
 ssl on;
  ssl_certificate     /Users/xxx/.self-signed-cert/ssl.crt;
  ssl_certificate_key /Users/xxx/.self-signed-cert/ssl.key;
 
  location  / {
    proxy_pass  https://127.0.0.1:8002;
  }
}
# ...

nodejs

const https = require('https');
const fs = require('fs');
const path = require('path');

const options = {
  key: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.key')),
  cert: fs.readFileSync(path.join(process.env.HOME, '.self-signed-cert/ssl.crt')),
};

https.createServer(options, (req, res) =&gt; {
  res.writeHead(200);
  res.end('hello world\n');
}).listen(8000);

create-self-signed dependencies

commander fs-extra inquirer

create-self-signed development dependencies

standard

FAQs

What is create-self-signed?

HTTPS自签名证书工具，是为了解决启动本地HTTPS服务时，需要创建自签名证书但很繁琐有时候查教材很耗时。它提供命令行调用方式，可以做到一键生成自签名证书并添加到macOS钥匙串，后续通过命令行还可以随时查看和管理证书内容，同时它还提供... Visit Snyk Advisor to see a full health score report for create-self-signed, including popularity, security, maintenance & community analysis.

Is create-self-signed popular?

We’re still processing downloads data for the npm package create-self-signed. Visit the popularity section on Snyk Advisor to see the full popularity analysis.

Is create-self-signed well maintained?

We found indications that create-self-signed is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is create-self-signed safe to use?

The npm package create-self-signed was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 8 April-2024, at 07:48 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP