NodeJS - Generate OAuth 1.0a signature

Is there a standardized way to generate an oauth_signature for OAuth 1.0a in NodeJS?

---

Attempt 1 (+?)

In Intuit's Documentation, it is stated that oauth_signature is needed for Getting the OAuth request token:

oauth_signature A unique string your app generates for each request. Do not attempt to generate this value manually, but rather use one of several OAuth community resources as appropriate to your language.

Those OAuth community resources list the following for NodeJS:

• NodeJS OAuth 2.0 Provider
• Mozilla Firefox Accounts. A full stack Identity Provider system developed to support Firefox Marketplace and other services
• OAuth2orize: toolkit to implement OAuth2 Authorization Servers

I have looked through each resource, but it seems that each is for OAuth2.0 (not OAuth 1.0a) and not have a clear way to generate the oauth-signature (though hopefully I'm missing something here).

---

Attempt 2

I found an npm project for generating an oauth_signature and attempted implementing and testing it as instructed by the documentation:

var httpMethod = 'GET',
    url = 'http://photos.example.net/photos',
    parameters = {
        oauth_consumer_key : 'dpf43f3p2l4k3l03',
        oauth_token : 'nnch734d00sl2jdk',
        oauth_nonce : 'kllo9940pd9333jh',
        oauth_timestamp : '1191242096',
        oauth_signature_method : 'HMAC-SHA1',
        oauth_version : '1.0',
        file : 'vacation.jpg',
        size : 'original'
    },
    consumerSecret = 'kd94hf93k423kf44',
    tokenSecret = 'pfkkdhi9sl3r4s00',
    // generates a RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash 
    encodedSignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret),
    // generates a BASE64 encode HMAC-SHA1 hash 
    signature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret,
        { encodeSignature: false});

However, this did not work and I also noticed that the package's Dependency Status is Insecure. According to further digging, there are security vulnerabilities in its dependencies, which makes me feel as though I shouldn't be using this at all.

---

Any direction no how to a generate an oauth_signature for OAuth 1.0a would be much appreciated. Thanks in advance for any suggestions.

via Rbar