npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@ai-universe/receipt-utils

v1.0.0

Published

Signed receipt issuance and verification helpers built on jose

Downloads

93

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jleechanjleechan

Keywords

receiptsjosejwsjwksai-universe

Readme

@ai-universe/receipt-utils

TypeScript helpers for issuing and verifying signed receipts using jose. The library prefers asymmetric Ed25519/ES256 keys, publishes JWKS documents for verifiers, and enforces freshness/field validation when receipts are checked.

Features

  • 🔐 Compact JWS receipts with kid headers for JWKS-based verification
  • 🗝️ Ed25519 key generation and JWK/JWKS exports for publishing at .well-known/jwks.json
  • ✅ Optional freshness, nonce, request ID, and body-hash checks during verification
  • 🧩 Typed receipt payloads that match the suggested server response pattern

Usage

Installation

From the repository root, install dependencies and build the package:

cd shared-libs/packages/receipt-utils
npm install
npm run build

Issue a receipt

import { generateEd25519KeyPair, signReceipt } from '@ai-universe/receipt-utils';

const { privateKey, jwks } = await generateEd25519KeyPair('receipt-key');

const receiptJws = await signReceipt(
  {
    req_id: 'uuid',
    uid: 'DLJwXoPZSQUzlb6JQHFOmi0HZWB2',
    op: 'secondOpinion.ask',
    models: [{ id: 'gpt-4o', tokens: 17551, cost: 0.093225 }],
    hash: 'sha256:<hex of response body>',
    nonce: 'client-supplied'
  },
  privateKey,
  { kid: 'receipt-key', alg: 'EdDSA' }
);

Verify a receipt

import { verifyReceipt } from '@ai-universe/receipt-utils';

const verification = await verifyReceipt(receiptJws, jwks, {
  expectedKid: 'receipt-key',
  expectedAlg: 'EdDSA',
  expectedReqId: 'uuid',
  expectedNonce: 'client-supplied',
  expectedHash: 'sha256:<hex of response body>',
  // Default freshness window is 5 minutes with 10 seconds of future skew allowance
});

console.log(verification.payload.ts); // ISO timestamp captured at signing time

Publish the jwks from generateEd25519KeyPair (or createPublicJwks) at an endpoint such as /\.well-known/jwks.json so clients can resolve the kid used in the JWS header.