npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@bsv/authsocket

v1.0.7

Published

Mutually Authenticated Web Socket (Server-side)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dkellendkellenbraydudebraydudetyeveretttyeverett

Keywords

BSVBlockchainAuthenticationWebsocketsSockets

Readme

AuthSocket (server-side)

Overview

This repository provides a drop-in server-side solution for Socket.IO that enforces BRC-103 mutual authentication on all connected clients.

  • Each client message is signed using BRC-103 message format.
  • The server verifies each message upon receipt.
  • The server also signs its outbound messages, so clients can verify authenticity.

It pairs seamlessly with the authsocket-client library, which handles the client side of this handshake. However, if you are building your own client logic, you only need to ensure it also speaks BRC-103 and can sign/verify messages accordingly.

Installation

  1. Install the package (and its dependencies):
    npm install
  2. Ensure you have a BRC-103-compatible Wallet implementation (for instance from @bsv/sdk or your own custom code) that can sign and verify messages.

Usage

Below is a minimal Express + HTTP + Socket.IO + authsocket server. You can adapt it to your own setup (e.g. Fastify, Koa, etc.) since only the raw http.Server is needed for Socket.IO.

import express from 'express'
import http from 'http'
import { AuthSocketServer } from '@bsv/authsocket'
import { ProtoWallet } from '@bsv/sdk' // your BRC-103 compatible wallet

const app = express()
const server = http.createServer(app)
const port = 3000

// Example: create or load your BRC-103 wallet
const serverWallet = new ProtoWallet('my-private-key-hex')

// Wrap your HTTP server with AuthSocketServer
// which internally wraps the Socket.IO server.
const io = new AuthSocketServer(server, {
  wallet: serverWallet,
  cors: {
    origin: '*'
  }
})

// Use it like standard Socket.IO
io.on('connection', (socket) => {
  console.log('New Authenticated Connection -> socket ID:', socket.id)

  // Listen for chat messages
  socket.on('chatMessage', (msg) => {
    console.log('Received message from client:', msg)
    // Reply to the client
    socket.emit('chatMessage', { from: socket.id, text: 'Hello from server!' })
  })

  socket.on('disconnect', () => {
    console.log(`Socket ${socket.id} disconnected`)
  })
})

server.listen(port, () => {
  console.log(`Server listening on port ${port}`)
})
  1. Create an AuthSocketServer with the wallet option.
  2. On 'connection', you receive an AuthSocket instance that works like a normal Socket.IO socket: socket.on(...), socket.emit(...), etc.
  3. All messages are automatically signed and verified under the hood.

How It Works (Briefly)

  • On each new connection, AuthSocketServer sets up a BRC-103 Peer with a corresponding transport (SocketServerTransport).
  • Incoming messages on a special 'authMessage' channel are processed for authenticity and re-dispatched as your normal 'chatMessage' (or any other event name).
  • Outgoing messages from your code pass through the same Peer to be signed before being sent to the client.

Detailed Explanations

AuthSocketServer & AuthSocket

  • AuthSocketServer:

    • Internally wraps a normal Socket.IO server.
    • On each new client connection, it:
      1. Instantiates a SocketServerTransport.
      2. Creates a new BRC-103 Peer for that connection.
      3. Wraps the Socket.IO socket in an AuthSocket for your convenience.
    • Maintains a mapping of connected sockets by socket.id with their associated Peer.

  • AuthSocket:

    • A thin wrapper that provides on(eventName, callback) and emit(eventName, data) (just like a normal Socket.IO socket).
    • Internally, it uses the BRC-103 Peer to sign outbound messages and verify inbound ones.

SocketServerTransport

  • Implements the BRC-103 Transport interface for server-side usage.
  • Receives messages via socket.on('authMessage', ...) from the Socket.IO layer.
  • Passes them to the Peer for handshake steps (signature verification, certificate exchange, etc.).
  • Sends BRC-103 messages back to the client via socket.emit('authMessage', ...).

License

See LICENSE.txt.