npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@talak-web3/auth

v1.0.11

Published

Authentication and session management for talak-web3. Provides secure SIWE (Sign-In with Ethereum) authentication with atomic nonce consumption, refresh token rotation, and JWT session management.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dagimabebedagimabebe

Keywords

Readme

@talak-web3/auth

Authentication and session management for talak-web3. Provides secure SIWE (Sign-In with Ethereum) authentication with atomic nonce consumption, refresh token rotation, and JWT session management.

Features

  • SIWE Authentication - Sign-In with Ethereum (structured SIWE messages; validate production traffic against your threat model)
  • Atomic Nonce Consumption - In-memory dev stores; production: RedisNonceStore uses a Redis Lua script for atomic GET+DEL per nonce
  • Refresh Token Rotation - One-time use refresh tokens with automatic rotation
  • JWT Session Management - Short-lived access tokens with secure revocation
  • Pluggable Storage - In-memory (dev), Redis implementations in @talak-web3/auth/stores, or custom NonceStore / RefreshStore / RevocationStore

Installation

npm install @talak-web3/auth

yarn add @talak-web3/auth

pnpm add @talak-web3/auth

Quick Start

import { TalakWeb3Auth, InMemoryNonceStore, InMemoryRefreshStore } from '@talak-web3/auth';

const auth = new TalakWeb3Auth({
  nonceStore: new InMemoryNonceStore(),
  refreshStore: new InMemoryRefreshStore(),
  accessTtlSeconds: 15 * 60,
  refreshTtlSeconds: 7 * 24 * 60 * 60,
});

const nonce = await auth.createNonce('0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266');

const { accessToken, refreshToken } = await auth.loginWithSiwe(message, signature);

const session = await auth.verifySession(accessToken);

const { accessToken: newAccessToken, refreshToken: newRefreshToken } =
  await auth.refresh(refreshToken);

Production Setup

For production, use Redis-backed stores:

import Redis from 'ioredis';
import { TalakWeb3Auth } from '@talak-web3/auth';
import { RedisNonceStore, RedisRefreshStore, RedisRevocationStore } from '@talak-web3/auth/stores';

const redis = new Redis(process.env.REDIS_URL!);

const auth = new TalakWeb3Auth({
  nonceStore: new RedisNonceStore({ redis }),
  refreshStore: new RedisRefreshStore({ redis }),
  revocationStore: new RedisRevocationStore({ redis }),
  expectedDomain: 'yourdomain.com',
  accessTtlSeconds: 900,
  refreshTtlSeconds: 604800,
});

Use one shared ioredis client for all three stores (or separate clients pointing at the same Redis, depending on your pooling strategy).

API Reference

TalakWeb3Auth

Main authentication class.

Constructor Options

| Option | Type | Default | Description | |--------|------|---------|-------------| | nonceStore | NonceStore | InMemoryNonceStore | Store for SIWE nonces | | refreshStore | RefreshStore | InMemoryRefreshStore | Store for refresh tokens | | revocationStore | RevocationStore | InMemoryRevocationStore | Store for revoked JWTs | | accessTtlSeconds | number | 900 | Access token TTL in seconds | | refreshTtlSeconds | number | 604800 | Refresh token TTL in seconds | | expectedDomain | string | - | Expected SIWE domain |

Methods

  • createNonce(address: string): Promise<string> - Generate a new nonce
  • loginWithSiwe(message: string, signature: string): Promise<TokenPair> - Authenticate with SIWE
  • verifySession(token: string): Promise<SessionPayload> - Verify access token
  • refresh(token: string): Promise<TokenPair> - Rotate refresh token
  • revokeSession(accessToken: string, refreshToken?: string): Promise<void> - Revoke session

Security

  • Nonces are single-use and expire after 5 minutes
  • Refresh tokens are rotated on each use (one-time use)
  • Access tokens are short-lived (15 minutes by default)
  • All tokens are cryptographically secure random strings
  • Addresses are normalized to lowercase for consistency

License

MIT