npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@binalyze/notar

v1.2.0

Published

Ed25519 file signing and verification — library and CLI

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

emretinaztepeemretinaztepeh.polatyurukh.polatyurukburakkaanozbekburakkaanozbek

Keywords

ed25519signingverificationnotarycryptographydigital-signaturetrustcli

Readme

@binalyze/notar

Ed25519 file signing and verification library for Trust-First AI.

Sign markdown files and ZIP packages with Ed25519 signatures, then verify them against public keys served over HTTPS or DNS TXT records.

Install

npm install @binalyze/notar

Usage

Sign & Verify

The sign() and verify() functions accept both markdown (string) and ZIP packages (Uint8Array), dispatching automatically based on input type.

import { generateKeyPair, sign, verify } from "@binalyze/notar";

const { publicKey, privateKey } = await generateKeyPair();

// Sign a markdown file
const signedMd = await sign(markdown, privateKey, {
  keyId: "my-key-id",
  publisher: "example.com",
});

// Sign a ZIP package
const signedZip = await sign(zipBytes, privateKey, {
  name: "my-package",
  description: "A signed package",
  version: "1.0.0",
  author: "Jane Doe",
  keyId: "my-key-id",
  publisher: "example.com",
});

// Verify either format
const result = await verify(signedMd, publicKey);
const zipResult = await verify(signedZip, publicKey);
// { valid: true, details: { author: "Jane Doe", signers: [...] } }

Verify from Author Domain

Resolve the signer's public key automatically from https://<domain>/.well-known/notar-keys.json:

import { verifyFromAuthor } from "@binalyze/notar";

const result = await verifyFromAuthor(signedContent);

Key Utilities

import {
  generateKeyPair,
  uint8ToBase64,
  base64ToUint8,
} from "@binalyze/notar";

const { publicKey, privateKey } = await generateKeyPair();
const publicKeyBase64 = uint8ToBase64(publicKey);

API

Unified (preferred)

  • sign(input, privateKey, opts) — Sign markdown (string) or ZIP (Uint8Array). Options differ by type: { keyId, publisher? } for markdown, PackageMetadata for ZIP.
  • verify(input, publicKey) — Verify a signed markdown or ZIP against a known public key.
  • verifyFromAuthor(input, options?) — Verify by auto-resolving the public key from the publisher domain (HTTPS + DNS TXT).

Format-specific

  • signFile(content, privateKey, opts) / signPackage(zip, metadata, privateKey)
  • verifyFile(content, publicKey) / verifyPackage(zip, publicKey)

Keys & Utilities

  • generateKeyPair() — Generate an Ed25519 key pair
  • uint8ToBase64(bytes) / base64ToUint8(str) — Base64 encoding utilities
  • parseFrontMatter(content) / stringifyFrontMatter(data, body) — YAML front matter parsing
  • fetchPublicKey(domain, keyId, options?) / fetchPublicKeys(domain, options?) — Key discovery
  • validateSigningKey(privateKey, publisher, keyId, options?) — Pre-flight check that a private key matches a published public key

DNS TXT Records

  • parseDnsTxtRecord(txt) — Parse a DNS TXT record into a key record
  • formatDnsTxtRecord(keyId, publicKey, expiresUnix) — Format a key record into a DNS TXT string

License

MIT