npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dooor-ai/trust

v0.1.14

Published

TEE Attestation and Confidential Computing utilities for Dooor OS

Downloads

611

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

bruno353bruno353

Keywords

dooorteeattestationtrust

Readme

@dooor-ai/trust

NPM version License

Part of the Dooor OS, the @dooor-ai/trust library provides essential utilities for Trusted Execution Environment (TEE) attestation and confidential computing within Node.js applications. It allows you to easily expose TEE-specific endpoints for health checks and token attestation, ensuring that your workloads are running in a verified, secure environment.

This package is designed to be lightweight and easy to integrate, with a focus on providing a seamless developer experience for both NestJS and other Node.js frameworks.

Features

  • TEE Attestation Endpoints: Quickly expose /health and /token endpoints for TEE verification.
  • Framework Agnostic Core: Core logic is framework-independent, allowing for use in any Node.js project.
  • Simple NestJS Integration: A one-line attachToNest function to integrate with any NestJS application.
  • Loopback Security: Enforces that attestation requests come from the local machine by default, a common security practice for TEEs.
  • Zero Dependencies: The core logic has zero external dependencies, keeping your application lean.

Installation

npm install @dooor-ai/trust

Quick Start: NestJS Integration

The easiest way to use @dooor-ai/trust in a NestJS project is with the attachToNest helper function. It automatically detects your HTTP adapter (Express or Fastify) and registers the necessary routes.

1. Update your main.ts

In your main application file (src/main.ts), import and call attachToNest right after you create your Nest app instance.

// src/main.ts
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import { attachToNest } from '@dooor-ai/trust'; // 1. Import the helper

async function bootstrap() {
  const app = await NestFactory.create(AppModule);

  // 2. Attach the TEE routes before listening
  attachToNest(app, {
    prefix: '/__attestation',      // Optional: The base path for TEE routes
    audience: 'my-workload-id',    // Required: A unique identifier for your workload
    requireLoopback: true,         // Optional (default: true): Enforce requests come from 127.0.0.1
  });

  await app.listen(process.env.PORT || 8080);
}
bootstrap();

2. That's it!

Your application will now expose the following endpoints:

  • GET /__attestation/tee/health: A simple health check endpoint.
  • POST /__attestation/tee/token: The main attestation endpoint.

How it Works

The attachToNest function adds a few raw routes to the underlying HTTP adapter (Express or Fastify) before the application starts listening for requests. This is a lightweight way to add functionality without creating a full NestJS module.

Because these routes are not full NestJS controllers, they do not participate in the standard NestJS lifecycle (e.g., they will not trigger global guards, pipes, or interceptors). This is intentional, as these endpoints are typically meant for internal, infrastructure-level communication.

Configuration

The attachToNest function accepts the following options:

| Option | Type | Default | Description | | ----------------- | --------- | ------------------- | ------------------------------------------------------------------------------------------------------- | | audience | string | Required | A unique identifier for your application workload. This is used as the aud claim in the attestation JWT. | | prefix | string | "/__attestation" | The base path under which the TEE routes (/tee/health, /tee/token) will be registered. | | requireLoopback | boolean | true | If true, rejects any request that does not originate from a loopback IP address (127.0.0.1 or ::1). | | tokenType | 'PKI' , 'OIDC' | 'PKI' | The type of token to request from the TEE environment. |

License

This project is licensed under the Apache-2.0 License.