Updated the files.

my-app/node_modules/@sigstore/sign/dist/external/error.d.ts

@@ -0,0 +1,13 @@
+import fetch from 'make-fetch-happen';
+type Response = Awaited<ReturnType<typeof fetch>>;
+export declare class HTTPError extends Error {
+    statusCode: number;
+    location?: string;
+    constructor({ status, message, location, }: {
+        status: number;
+        message: string;
+        location?: string;
+    });
+}
+export declare const checkStatus: (response: Response) => Promise<Response>;
+export {};

my-app/node_modules/@sigstore/sign/dist/external/error.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkStatus = exports.HTTPError = void 0;
+class HTTPError extends Error {
+    constructor({ status, message, location, }) {
+        super(`(${status}) ${message}`);
+        this.statusCode = status;
+        this.location = location;
+    }
+}
+exports.HTTPError = HTTPError;
+const checkStatus = async (response) => {
+    if (response.ok) {
+        return response;
+    }
+    else {
+        let message = response.statusText;
+        const location = response.headers?.get('Location') || undefined;
+        const contentType = response.headers?.get('Content-Type');
+        // If response type is JSON, try to parse the body for a message
+        if (contentType?.includes('application/json')) {
+            try {
+                await response.json().then((body) => {
+                    message = body.message;
+                });
+            }
+            catch (e) {
+                // ignore
+            }
+        }
+        throw new HTTPError({
+            status: response.status,
+            message: message,
+            location: location,
+        });
+    }
+};
+exports.checkStatus = checkStatus;

my-app/node_modules/@sigstore/sign/dist/external/fulcio.d.ts

@@ -0,0 +1,38 @@
+import type { FetchOptions } from '../types/fetch';
+export type FulcioOptions = {
+    baseURL: string;
+} & FetchOptions;
+export interface SigningCertificateRequest {
+    credentials: {
+        oidcIdentityToken: string;
+    };
+    publicKeyRequest: {
+        publicKey: {
+            algorithm: string;
+            content: string;
+        };
+        proofOfPossession: string;
+    };
+}
+export interface SigningCertificateResponse {
+    signedCertificateEmbeddedSct?: {
+        chain: {
+            certificates: string[];
+        };
+    };
+    signedCertificateDetachedSct?: {
+        chain: {
+            certificates: string[];
+        };
+        signedCertificateTimestamp: string;
+    };
+}
+/**
+ * Fulcio API client.
+ */
+export declare class Fulcio {
+    private fetch;
+    private baseUrl;
+    constructor(options: FulcioOptions);
+    createSigningCertificate(request: SigningCertificateRequest): Promise<SigningCertificateResponse>;
+}

my-app/node_modules/@sigstore/sign/dist/external/fulcio.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Fulcio = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
+const util_1 = require("../util");
+const error_1 = require("./error");
+/**
+ * Fulcio API client.
+ */
+class Fulcio {
+    constructor(options) {
+        this.fetch = make_fetch_happen_1.default.defaults({
+            retry: options.retry,
+            timeout: options.timeout,
+            headers: {
+                'Content-Type': 'application/json',
+                'User-Agent': util_1.ua.getUserAgent(),
+            },
+        });
+        this.baseUrl = options.baseURL;
+    }
+    async createSigningCertificate(request) {
+        const url = `${this.baseUrl}/api/v2/signingCert`;
+        const response = await this.fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(request),
+        });
+        await (0, error_1.checkStatus)(response);
+        const data = await response.json();
+        return data;
+    }
+}
+exports.Fulcio = Fulcio;

my-app/node_modules/@sigstore/sign/dist/external/rekor.d.ts

@@ -0,0 +1,41 @@
+import type { LogEntry, ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, SearchIndex, SearchLogQuery } from '@sigstore/rekor-types';
+import type { FetchOptions } from '../types/fetch';
+export type { ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, SearchIndex, SearchLogQuery, };
+export type Entry = {
+    uuid: string;
+} & LogEntry[string];
+export type RekorOptions = {
+    baseURL: string;
+} & FetchOptions;
+/**
+ * Rekor API client.
+ */
+export declare class Rekor {
+    private fetch;
+    private baseUrl;
+    constructor(options: RekorOptions);
+    /**
+     * Create a new entry in the Rekor log.
+     * @param propsedEntry {ProposedEntry} Data to create a new entry
+     * @returns {Promise<Entry>} The created entry
+     */
+    createEntry(propsedEntry: ProposedEntry): Promise<Entry>;
+    /**
+     * Get an entry from the Rekor log.
+     * @param uuid {string} The UUID of the entry to retrieve
+     * @returns {Promise<Entry>} The retrieved entry
+     */
+    getEntry(uuid: string): Promise<Entry>;
+    /**
+     * Search the Rekor log index for entries matching the given query.
+     * @param opts {SearchIndex} Options to search the Rekor log
+     * @returns {Promise<string[]>} UUIDs of matching entries
+     */
+    searchIndex(opts: SearchIndex): Promise<string[]>;
+    /**
+     * Search the Rekor logs for matching the given query.
+     * @param opts {SearchLogQuery} Query to search the Rekor log
+     * @returns {Promise<Entry[]>} List of matching entries
+     */
+    searchLog(opts: SearchLogQuery): Promise<Entry[]>;
+}

my-app/node_modules/@sigstore/sign/dist/external/rekor.js

@@ -0,0 +1,115 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Rekor = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
+const util_1 = require("../util");
+const error_1 = require("./error");
+/**
+ * Rekor API client.
+ */
+class Rekor {
+    constructor(options) {
+        this.fetch = make_fetch_happen_1.default.defaults({
+            retry: options.retry,
+            timeout: options.timeout,
+            headers: {
+                Accept: 'application/json',
+                'User-Agent': util_1.ua.getUserAgent(),
+            },
+        });
+        this.baseUrl = options.baseURL;
+    }
+    /**
+     * Create a new entry in the Rekor log.
+     * @param propsedEntry {ProposedEntry} Data to create a new entry
+     * @returns {Promise<Entry>} The created entry
+     */
+    async createEntry(propsedEntry) {
+        const url = `${this.baseUrl}/api/v1/log/entries`;
+        const response = await this.fetch(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(propsedEntry),
+        });
+        await (0, error_1.checkStatus)(response);
+        const data = await response.json();
+        return entryFromResponse(data);
+    }
+    /**
+     * Get an entry from the Rekor log.
+     * @param uuid {string} The UUID of the entry to retrieve
+     * @returns {Promise<Entry>} The retrieved entry
+     */
+    async getEntry(uuid) {
+        const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
+        const response = await this.fetch(url);
+        await (0, error_1.checkStatus)(response);
+        const data = await response.json();
+        return entryFromResponse(data);
+    }
+    /**
+     * Search the Rekor log index for entries matching the given query.
+     * @param opts {SearchIndex} Options to search the Rekor log
+     * @returns {Promise<string[]>} UUIDs of matching entries
+     */
+    async searchIndex(opts) {
+        const url = `${this.baseUrl}/api/v1/index/retrieve`;
+        const response = await this.fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(opts),
+            headers: { 'Content-Type': 'application/json' },
+        });
+        await (0, error_1.checkStatus)(response);
+        const data = await response.json();
+        return data;
+    }
+    /**
+     * Search the Rekor logs for matching the given query.
+     * @param opts {SearchLogQuery} Query to search the Rekor log
+     * @returns {Promise<Entry[]>} List of matching entries
+     */
+    async searchLog(opts) {
+        const url = `${this.baseUrl}/api/v1/log/entries/retrieve`;
+        const response = await this.fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(opts),
+            headers: { 'Content-Type': 'application/json' },
+        });
+        await (0, error_1.checkStatus)(response);
+        const rawData = await response.json();
+        const data = rawData.map((d) => entryFromResponse(d));
+        return data;
+    }
+}
+exports.Rekor = Rekor;
+// Unpack the response from the Rekor API into a more convenient format.
+function entryFromResponse(data) {
+    const entries = Object.entries(data);
+    if (entries.length != 1) {
+        throw new Error('Received multiple entries in Rekor response');
+    }
+    // Grab UUID and entry data from the response
+    const [uuid, entry] = entries[0];
+    return {
+        ...entry,
+        uuid,
+    };
+}

my-app/node_modules/@sigstore/sign/dist/external/tsa.d.ts

@@ -0,0 +1,18 @@
+/// <reference types="node" />
+import type { FetchOptions } from '../types/fetch';
+export interface TimestampRequest {
+    artifactHash: string;
+    hashAlgorithm: string;
+    certificates?: boolean;
+    nonce?: number;
+    tsaPolicyOID?: string;
+}
+export type TimestampAuthorityOptions = {
+    baseURL: string;
+} & FetchOptions;
+export declare class TimestampAuthority {
+    private fetch;
+    private baseUrl;
+    constructor(options: TimestampAuthorityOptions);
+    createTimestamp(request: TimestampRequest): Promise<Buffer>;
+}

my-app/node_modules/@sigstore/sign/dist/external/tsa.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TimestampAuthority = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
+const util_1 = require("../util");
+const error_1 = require("./error");
+class TimestampAuthority {
+    constructor(options) {
+        this.fetch = make_fetch_happen_1.default.defaults({
+            retry: options.retry,
+            timeout: options.timeout,
+            headers: {
+                'Content-Type': 'application/json',
+                'User-Agent': util_1.ua.getUserAgent(),
+            },
+        });
+        this.baseUrl = options.baseURL;
+    }
+    async createTimestamp(request) {
+        const url = `${this.baseUrl}/api/v1/timestamp`;
+        const response = await this.fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(request),
+        });
+        await (0, error_1.checkStatus)(response);
+        return response.buffer();
+    }
+}
+exports.TimestampAuthority = TimestampAuthority;