This library provides a collection of reusable functions and classes to parse, validate, and verify cryptographic signatures for attestation report, TPM measurements and calculate measurements across multiple platforms.

Supported Technologies

• Intel TDX – Parse and validate Intel Trusted Domain Extensions (TDX) attestation reports.
• AMD SEV-SNP – Support for AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
• NVIDIA Confidential Computing – Validate attestation information from NVIDIA’s confidential computing-enabled environments.
• Azure Confidential VMs
  • Azure TDX – Azure's implementation of Intel TDX with vTPM.
  • Azure SNP – AMD SEV-SNP on Azure with vTPM.

Full list of available functions, classes, and object is available in API Documentation.

Dependencies and Licenses

Direct Dependencies (Production)

• @digitalbazaar/security-context v1.0.1 - BSD-3-Clause
• @digitalbazaar/security-document-loader v3.0.1 - BSD-3-Clause
• @digitalbazaar/vc v7.2.0 - BSD-3-Clause
• @noble/hashes v1.8.0 - MIT
• bs58 v6.0.0 - MIT
• jsonld-signatures v11.5.0 - BSD-3-Clause
• multiformats v13.3.6 - Apache-2.0 OR MIT
• node-forge v1.3.2-0 - BSD-3-Clause OR GPL-2.0 (custom fork from github:yurkowashere/node-forge-ec#ecdsa)
• vc v0.1.4 - MIT

Direct Dependencies (Development)

• jsdoc-to-markdown v9.1.1 - MIT
• vite-plugin-node-polyfills v0.23.0 - MIT
• vitest v3.1.4 - MIT

License Summary

• MIT: 150+ packages (majority)
• BSD-3-Clause: 20+ packages (Digital Bazaar ecosystem)
• Apache-2.0: 5+ packages
• ISC: 2 packages (main project + browserify-sign)
• Python-2.0: 1 package (argparse)
• BSD: 1 package (credentials-context)

Notable Considerations

• Custom node-forge fork from yurkowashere/node-forge-ec with ECDSA support
• multiformats dual-licensed (Apache-2.0 OR MIT)
• Most transitive dependencies use permissive licenses (MIT/BSD)
• No GPL dependencies except node-forge's dual BSD-3-Clause OR GPL-2.0 option