NodeBB currently rolls its own cavage-12 support but and I did some preliminary research into updating to the latest HTTP Signatures draft, but quickly got overwhelmed.

For a variety of reasons, but mainly to avoid NIH, I'd consider switching to a dependency.

My question is: does your library support verification for non-hs2019 signatures, or will I need to invoke your library in front, and fall back to existing cavage-12 verification otherwise?

I suppose, same question re: double-knocking.