npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@centralping/passcode

v0.1.1

Published

A slightly opinionated stateless passcode manager.

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

centralping-admincentralping-adminjasoncustjasoncust

Keywords

passwordpasswordlessno-passwordpasscodeauthenticationtokenjwtjson-web-tokenstateless

Readme

@CentralPing/passcode

Build Status Coverage Status Dependency Status Greenkeeper Status Known Vulnerabilities

A slightly opinionated stateless passcode manager.

Why slightly opinionated? Some people like more flexibility to implement solutions and this module hopefully allows for that. The few opinions employed in this module include the choice of hashing method, pbkdf2 (which can be configured), and a custom random 6 digit passcode generator (custom passcodes can also be provided). The biggest opinion however is to enforce signing the JWT and hashing the passcode. Doing niether results in an unsecure and effectively useless passcode verification as unsigned JWTs can be modified by anyone and unhashed codes can be read by anyone. If that is desired then this module is superflous as the underlying jsonwebtoken module can handle that directly.

Installation

npm i --save @centralping/passcode

API Reference

passcode~issue(security, [payload], claims, hash) ⇒ Object

Issues a signed token with a hashed passcode, token ID, expiration time and the stringified passcode.

Kind: inner method of passcode
Returns: Object - {error, value: {id, expires, passcode, token}}

| Param | Type | Default | Description | | --- | --- | --- | --- | | security | Object | | | | security.salt | String | | A string to salt the passcode hash. | | security.secret | String | Object | | A string or key to sign the JWT. | | [security.passcode] | String | | The passcode (defaults to random 6 digit string). | | [security.iss] | String | | JWT issuer (used as additional verification). | | [security.aud] | String | | JWT audience (used as additional verification). | | [security.sub] | String | | JWT subject (used as additional verification). | | [payload] | Object | | Essentially a passthrough for jsonwebtoken payload support. | | [payload.jti] | Date | | JWT ID (defaults to a uuid.v4 value). | | claims | Object | | Essentially a passthrough for jsonwebtoken claims support. | | [claims.expiresIn] | Number | String | 5m | JWT expiration time span. In seconds or a parsable string for zeit/ms | | hash | Object | | Essentially a passthrough for pbkdf2 hashing options. | | [hash.iterations] | Number | 1000 | Hash iterations. | | [hash.keyLength] | Number | 64 | Hash length. | | [hash.digest] | String | sha512 | Hashing algorithm. | | [hash.encoding] | String | hex | Hash encoding. |

Example

const {error, value} = issue({salt, secret}, {email: '[email protected]'});

passcode~verify(token, security, hash) ⇒ Object

Verifies a signed token with the provided challenge passcode.

Kind: inner method of passcode
Returns: Object - {error, value: {iat, jti, exp, ...TOKEN_PAYLOAD}}

| Param | Type | Default | Description | | --- | --- | --- | --- | | token | String | | The token to be verified | | security | Object | | | | security.passcode | String | | The challenge passcode. | | security.salt | String | | A string to salt the challenge passcode hash. | | security.secret | String | Object | | A string or key to verify the JWT. | | [security.iss] | String | | JWT issuer (used as additional verification). | | [security.aud] | String | | JWT audience (used as additional verification). | | [security.sub] | String | | JWT subject (used as additional verification). | | hash | Object | | Essentially a passthrough for pbkdf2 hashing options. | | [hash.iterations] | Number | 1000 | Hash iterations. | | [hash.keyLength] | Number | 64 | Hash length. | | [hash.digest] | String | sha512 | Hashing algorithm. | | [hash.encoding] | String | hex | Hash encoding. |

Example

const {error, value} = verify(token, {passcode, salt, secret});

Examples

For Simple Verification With a Secret

const {issue, verify} = require('passcode');

// Generate a signed token with hashed random passcode
const {error, value: {id, expires, passcode, token}} = issue({
  salt: YOUR_SALT,
  secret: YOUR_SECRET
});
/**
 * Do something with the token
 */
// Verify token with code
const {error, value} = verify(token, {
  passcode: ENTERED_PASSCODE,
  salt: YOUR_SALT,
  secret: YOUR_SECRET
});

For Simple Verification With a Key

const {issue, verify} = require('passcode');
const secret = fs.readFileSync('public.pem');

// Generate a signed token with hashed random passcode
const {error, value: {id, expires, passcode, token}} = issue({
  salt: YOUR_SALT,
  secret
});
/**
 * Do something with the token
 */
// Verify token with code
const {error, value} = verify(token, {
  passcode: ENTERED_PASSCODE,
  salt: YOUR_SALT,
  secret
});

For Including Payload Data

const {issue, verify} = require('passcode');

// Generate a signed token with custom payload
const {error, value: {id, expires, passcode, token}} = issue({
  salt: YOUR_SALT,
  secret: YOUR_SECRET
}, {
  email: '[email protected]'
});
/**
 * Do something with the token
 */
// Verify token with code
const {error, value: {email}} = verify(token, {
  passcode: ENTERED_PASSCODE,
  salt: YOUR_SALT,
  secret: YOUR_SECRET
});

License

MIT