npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@robmoffat/fdc3-security

v3.0.0-alpha.5

Published

FDC3 Security provides standardized mechanisms for **signed context**, **encrypted private channels**, and **verified user identity** across FDC3-enabled applications.

Downloads

475

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

robmoffatrobmoffat

Keywords

Readme

FDC3 Security

FDC3 Security provides standardized mechanisms for signed context, encrypted private channels, and verified user identity across FDC3-enabled applications.

This package implements the FDC3 Security specification, focusing on the separation of concerns between a low-trust frontend (e.g., a browser) and a high-trust backend where cryptographic keys are managed.

Package Structure

The library is organized into specialized modules to handle different aspects of the FDC3 security ecosystem:

src/encryption

Classes and utilities for end-to-end encryption over FDC3 channels.

  • EncryptedBroadcastSupport: Wrappers for broadcasting encrypted context.
  • EncryptedContextListenerSupport: Utilities for listening to and decrypting incoming encrypted context.

src/signing

Supports the signing and verification of FDC3 messages (Broadcasts and Intents).

  • SignedBroadcastSupport: Tools for signing outgoing broadcasts.
  • SignatureCheckingHandlerSupport: Wrappers for context and intent handlers that automatically verify incoming signatures.
  • SignedIntentResultSupport: Support for signing the results returned from FDC3 intents.
  • SignedRaiseIntentSupport: Standardized mechanism for raising intents with a signed context.

src/delegates

High-level abstractions for wrapping standard FDC3 objects.

  • MetadataHandler: Manages the packing and unpacking of security metadata (signatures, anti-replay claims) into standard FDC3 contexts.

src/impl

The core cryptographic implementations.

  • JosePrivateFDC3Security: Implementation of private security operations (signing, decryption) using JSON Web Encryption (JWE) and JSON Web Signatures (JWS).
  • JosePublicFDC3Security: Implementation of public security operations (verification, encryption) using the jose library.

src/secure-boundary

Provides a secure bridge (typically over WebSockets) to allow a frontend application to delegate sensitive cryptographic operations to a trusted backend process without exposing private keys.

Getting Started

To explore the capabilities of the library and see these components in action, please refer to the comprehensive set of examples in the samples directory.

Samples and Detailed Walkthroughs

The samples directory contains a dedicated README with sequence diagrams illustrating how the different components interact across the secure boundary.

  • Signed Broadcasts: Authenticate the sender of a context.
  • Encrypted Channels: Protect message privacy from third parties and the Desktop Agent.
  • Mutual Intent Authentication: Verify both the raiser and the responder of an FDC3 intent.
  • User Identity: Securely request and verify identity JWTs from an IDP.

Installation and Development

# Install dependencies
npm install

# Build the project
npm run build

# Run unit and integration tests
npm run test

License

Copyright 2024 FINOS. Distributed under the Apache License, Version 2.0.