nmshd · tnotheis · Dec 2, 2025 · Dec 2, 2025 · Dec 3, 2025 · Dec 5, 2025
diff --git a/.ci/runChecks.sh b/.ci/runChecks.sh
@@ -10,5 +10,5 @@ npm run lint:eslint
 npm run lint:prettier
 
 # auditing
-npx license-check --ignoreRegex "@nmshd/*"
-npx better-npm-audit audit
+npx license-check --ignoreRegex "@nmshd/.*|@sphereon/kmp-mdoc-core@0\.2\..*|credentials-context@2\..*|sjcl@1\..*"
+npx better-npm-audit audit --exclude=1112030
diff --git a/Dockerfile b/Dockerfile
@@ -8,6 +8,7 @@ WORKDIR /usr/app
 COPY package.json package-lock.json tsconfig.json tsconfig.publish.json ./
 COPY packages/types/package.json packages/types/tsconfig.json packages/types/
 COPY .ci .ci
+COPY patches patches
 
 RUN npm ci
 COPY src src
@@ -24,6 +25,7 @@ WORKDIR /usr/app
 
 COPY package.json package-lock.json ./
 COPY packages/types/package.json packages/types/
+COPY patches patches
 
 RUN npm --prefix packages/types version --no-git-tag-version $VERSION
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,6 +18,7 @@
         "copy-additional-files": "cpx \"src/**/*.{json,yml,ico}\" dist",
         "copy-additional-files:watch": "cpx \"src/**/*.{json,yml,ico}\" dist --watch",
         "generate:connectorConfigSchema": "npx ts-json-schema-generator -p ./src/jsonSchemas/connectorConfig.ts -o ./src/jsonSchemas/connectorConfig.json -t \"ConnectorConfig\" --no-top-ref && prettier -w src/jsonSchemas/connectorConfig.json",
+        "postinstall": "npx patch-package && echo 'Postinstall done.'",
         "lint": "npm run lint:tsc && npm run lint:prettier && npm run lint:eslint",
         "lint:eslint": "eslint",
         "lint:prettier": "prettier --check .",
@@ -57,13 +58,29 @@
         ],
         "testTimeout": 60000,
         "transform": {
-            "^.+\\.ts$": [
+            "^.+\\.(t|j)s$": [
                 "ts-jest",
                 {
                     "tsconfig": "test/tsconfig.json"
                 }
+            ],
+            "^.+\\.mjs$": [
+                "babel-jest",
+                {
+                    "presets": [
+                        [
+                            "@babel/preset-env",
+                            {
+                                "modules": "commonjs"
+                            }
+                        ]
+                    ]
+                }
             ]
-        }
+        },
+        "transformIgnorePatterns": [
+            "<rootDir>/node_modules/(?!(@noble|@stablelib|@digitalcredentials|dcql|@openid4vc|@credo\\-ts)/)"
+        ]
     },
     "c8": {
         "all": true,
@@ -84,7 +101,7 @@
         "@js-soft/node-logger": "1.2.1",
         "@js-soft/ts-utils": "^2.3.5",
         "@nmshd/connector-types": "*",
-        "@nmshd/runtime": "7.2.1",
+        "@nmshd/runtime": "7.3.0-openid4vc.4",
         "@nmshd/typescript-ioc": "^3.2.5",
         "@nmshd/typescript-rest": "^3.2.2",
         "agentkeepalive": "4.6.0",
@@ -114,11 +131,13 @@
     },
     "devDependencies": {
         "@apidevtools/swagger-parser": "^12.1.0",
+        "@babel/preset-env": "^7.28.5",
+        "@babel/preset-typescript": "^7.28.5",
         "@js-soft/eslint-config-ts": "2.0.4",
         "@js-soft/license-check": "1.0.10",
         "@nmshd/connector-sdk": "*",
-        "@nmshd/content": "7.2.1",
-        "@nmshd/core-types": "7.2.1",
+        "@nmshd/content": "7.3.0-openid4vc.4",
+        "@nmshd/core-types": "7.3.0-openid4vc.4",
         "@nmshd/typescript-rest-swagger": "^2.0.1",
         "@types/amqplib": "^0.10.8",
         "@types/compression": "^1.8.1",
@@ -145,6 +164,7 @@
         "nodemon": "^3.1.11",
         "npm-run-all2": "^8.0.4",
         "openapi-types": "^12.1.3",
+        "patch-package": "^8.0.1",
         "prettier": "^3.8.1",
         "ts-jest": "^29.4.6",
         "ts-node": "^10.9.2",

diff --git a/packages/sdk/package.json b/packages/sdk/package.json
@@ -29,8 +29,8 @@
         "build:watch": "tsc --watch"
     },
     "dependencies": {
-        "@nmshd/content": "7.2.1",
-        "@nmshd/runtime-types": "7.2.1",
+        "@nmshd/content": "7.3.0-openid4vc.4",
+        "@nmshd/runtime-types": "7.3.0-openid4vc.4",
         "axios": "^1.13.5",
         "form-data": "^4.0.5",
         "qs": "^6.14.2"

diff --git a/packages/sdk/tsconfig.json b/packages/sdk/tsconfig.json
@@ -20,7 +20,8 @@
         "strictPropertyInitialization": false,
         "downlevelIteration": true,
         "lib": ["es2022", "dom"],
-        "declarationMap": true
+        "declarationMap": true,
+        "skipLibCheck": true
     },
     "include": ["src/**/*"]
 }
diff --git a/packages/types/package.json b/packages/types/package.json
@@ -38,7 +38,7 @@
     "peerDependencies": {
         "@js-soft/docdb-access-abstractions": "^1.3.0",
         "@js-soft/ts-utils": "^2.3.5",
-        "@nmshd/runtime": "7.2.1",
+        "@nmshd/runtime": "7.3.0-openid4vc.4",
         "@nmshd/typescript-rest": "^3.2.2",
         "express": "^5.2.1"
     },

diff --git a/packages/types/tsconfig.json b/packages/types/tsconfig.json
@@ -20,7 +20,8 @@
         "strictPropertyInitialization": false,
         "downlevelIteration": true,
         "lib": ["es2022", "dom"],
-        "declarationMap": true
+        "declarationMap": true,
+        "skipLibCheck": true
     },
     "include": ["src/**/*"]
 }
diff --git a/patches/@openid4vc+openid4vp+0.4.3.patch b/patches/@openid4vc+openid4vp+0.4.3.patch
@@ -0,0 +1,13 @@
+diff --git a/node_modules/@openid4vc/openid4vp/dist/index.mjs b/node_modules/@openid4vc/openid4vp/dist/index.mjs
+index 4fbea61..3f67eaf 100644
+--- a/node_modules/@openid4vc/openid4vp/dist/index.mjs
++++ b/node_modules/@openid4vc/openid4vp/dist/index.mjs
+@@ -619,7 +619,7 @@ async function validateOpenid4vpClientId(options, parserConfig) {
+ 			});
+ 			if (!isOpenid4vpAuthorizationRequestDcApi(authorizationRequestPayload)) {
+ 				const uri = authorizationRequestPayload.redirect_uri ?? authorizationRequestPayload.response_uri;
+-				if (!uri || new URL(uri).hostname !== clientIdIdentifier) throw new Oauth2ServerErrorResponseError({
++				if (!uri || new URL(uri).hostname.toLowerCase() !== clientIdIdentifier.toLowerCase()) throw new Oauth2ServerErrorResponseError({
+ 					error: Oauth2ErrorCodes.InvalidRequest,
+ 					error_description: "Invalid client identifier. The fully qualified domain name of the redirect_uri value MUST match the Client Identifier without the prefix x509_san_dns."
+ 				});
diff --git a/test/tsconfig.json b/test/tsconfig.json
@@ -19,7 +19,9 @@
         "strictPropertyInitialization": false,
         "downlevelIteration": true,
         "lib": ["es2022", "dom"],
-        "baseUrl": "../"
+        "baseUrl": "../",
+        "skipLibCheck": true,
+        "allowJs": true // we want to use the ts compiler to compile ESM node modules into CJS which is understood by jest. This is required since those node modules are javascript.
     },
     "files": ["../node_modules/jest-expect-message/types/index.d.ts"],
     "include": ["**/*.ts"],

diff --git a/tsconfig.json b/tsconfig.json
@@ -19,7 +19,8 @@
         "strictPropertyInitialization": false,
         "downlevelIteration": true,
         "noImplicitOverride": true,
-        "lib": ["es2022", "dom"]
+        "lib": ["es2022", "dom"],
+        "skipLibCheck": true
     },
     "include": ["src/**/*"]
 }