npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@ident-agency/core

v0.0.10

Published

Core Ident Agency SDK for secure, privacy-preserving access to user-controlled identity and data fragments

Downloads

29

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mankinsmankins

Keywords

identityencryptionprivacyauthenticationoauth2pkceident agencypasskeywebauthn

Readme

@ident-agency/core

Core SDK for Ident.Agency - a user-controlled identity and metadata vault where individuals own and control their encrypted data fragments.

What is Ident.Agency?

Ident.Agency is a privacy-preserving identity vault that enables users to:

  • Store personal data ("fragments") at path-based locations
  • Keep data encrypted with keys that never leave the client
  • Share specific data with applications through granular consent
  • Maintain a single identity across multiple applications

Key Features

  • 🔐 Client-side encryption - All encryption/decryption happens locally
  • 🔑 Multiple unlock methods - Passkeys (WebAuthn), passwords, recovery phrases
  • 🌐 OAuth2/PKCE authentication - Standards-based secure authentication
  • 📁 Fragment storage - Path-based data storage (e.g., /identity/name, /wallet/xrpl)
  • 🎯 Two-tier encryption - User KEK wraps per-fragment DEKs for efficient key rotation
  • 🚫 Zero-knowledge server - Server never sees plaintext data or keys

Installation

npm install @ident-agency/core

Quick Start

import { IdentClient, PasswordProvider, DeviceKeyProvider } from '@ident-agency/core';

// Initialize providers for authentication
const passwordProvider = new PasswordProvider('my-secure-password');
const deviceKeyProvider = new DeviceKeyProvider();

// Initialize the client
const client = await IdentClient.create({
	clientId: 'your-app-id',
	redirectUri: window.location.origin,
	apiBaseUrl: 'https://www.ident.agency',
	scopes: ['read', 'write'],
	passwordProvider,
	deviceKeyProvider,
	debug: true
});

// Authenticate and ensure we have a subject
await client.ensureSubject();

// Write an encrypted fragment
await client.put('/identity/bio', { text: 'Software developer' });

// Read and auto-decrypt a fragment
const bio = await client.get('/identity/bio');
console.log(bio); // { text: 'Software developer' }

// List fragments at a path
const identityItems = await client.list('/identity/');
console.log(identityItems); // Array of fragments under /identity/

// Delete a fragment
await client.del('/identity/bio');

API Reference

Core Methods

Client Initialization

import { IdentClient, PasswordProvider, DeviceKeyProvider } from '@ident-agency/core';

const passwordProvider = new PasswordProvider('secure-password');
const deviceKeyProvider = new DeviceKeyProvider();

const client = await IdentClient.create({
	clientId: 'your-app-id',
	redirectUri: window.location.origin,
	apiBaseUrl: 'https://www.ident.agency',
	scopes: ['read', 'write'],
	passwordProvider,
	deviceKeyProvider
});

Authentication & Unlock

// Authenticate and get current subject
const subject = await client.ensureSubject();

// Check if vault is locked
if (client.isLocked()) {
	// Unlock with passkey
	await client.unlockWithPasskey();

	// Or unlock with password
	await client.unlockWithPassword('my-password');

	// Or unlock with recovery phrase
	await client.unlockWithRecoveryPhrase('word1 word2 ...');
}

// Check authentication status
const context = client.getContext();
console.log(context.authenticated); // true/false

Fragment Operations

// Write a fragment (automatically encrypted)
await client.put('/identity/name', { first: 'Alice', last: 'Smith' });

// Read a fragment (automatically decrypted)
const name = await client.get('/identity/name');

// List fragments at a path
const items = await client.list('/identity/', { limit: 10 });

// Delete a fragment
await client.del('/identity/name');

Architecture

The SDK operates on a two-tier encryption model:

  1. User KEK (Key Encryption Key): Derived from the user's root seed, used to wrap fragment DEKs
  2. Fragment DEKs (Data Encryption Keys): Unique per fragment, used for actual data encryption

This design allows efficient key rotation and selective data access without re-encrypting all fragments.

Security Considerations

  • All cryptographic operations happen client-side using WebCrypto API
  • The server stores only encrypted data and metadata
  • Private keys and plaintext never leave the client
  • OAuth2 PKCE flow prevents authorization code interception
  • Per-fragment encryption allows granular access control

Browser Requirements

  • WebCrypto API
  • localStorage
  • fetch API
  • ES2020+ JavaScript features

Browser Compatibility

The @ident-agency/core package is designed to work in both browser and Node.js environments:

Browser Usage

  • SSH key operations are not available in browser environments
  • The package will automatically exclude Node-only dependencies when bundled for the browser
  • All other functionality (OAuth, encryption, fragment operations) works normally

Node.js Usage

  • Full functionality including SSH key operations
  • SSH key support requires the optional sshpk dependency

Bundler Configuration

The package uses conditional imports that are handled automatically by modern bundlers like Vite, webpack, and Rollup. No special configuration is required.

License

MIT

Support