npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@trust-proto/auth-node

v0.2.4

Published

Liberion Auth Backend SDK with post-quantum cryptography

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

liberion1liberion1

Keywords

liberionauthauthenticationwebsocketpost-quantumml-kemml-dsa

Readme

@trust-proto/auth-node

npm version License: MIT

Backend SDK for Liberion decentralized authentication system. This package provides a WebSocket server that handles browser-wallet authentication flow.

Requirements

  • Node.js >= 20.0.0

Installation

npm install @trust-proto/auth-node

Quick Start

import { LiberionAuth, createWinstonAdapter } from '@trust-proto/auth-node';

const auth = new LiberionAuth({
  projectId: 'your-project-uuid',
  secretCode: 'your-secret-code',
  port: 31313, // optional, default: 31313

  // Check if user is already registered in your database
  // Return true if user exists - wallet will skip permission request
  // Return false if user is new - wallet will show permission request
  onHello: async (address) => {
    return await userExists(address);
  },

  // Generate JWT token after successful authentication
  onSuccess: async ({ address, fields }) => {
    // Save user data to your database
    await db.users.upsert({
      address,
      nickname: fields?.nickname,
      email: fields?.email,
      // ... other KYC fields
    });

    const token = generateJWT(address);
    return { token };
  },

  // Handle declined authorization (optional)
  onDecline: async ({ address, reason, message, declinedBy, sessionId }) => {
    console.log(`Auth declined by ${declinedBy}: ${reason}`);
  },
});

Configuration

| Option | Type | Required | Default | Description | | ------------ | ----------------------------------------------- | -------- | ------------ | ------------------------------------ | | projectId | string | ✅ | - | Project UUID from Liberion dashboard | | secretCode | string | ✅ | - | Secret code for encryption | | port | number | ❌ | 31313 | WebSocket server port | | ssl | SSLCredentials | ❌ | - | SSL/TLS options for HTTPS server | | debug | boolean | ❌ | false | Enable debug logging | | logger | ILogger | ❌ | NoOpLogger | Custom logger instance | | onHello | (address: string) => Promise<boolean> | ❌ | - | Check if user is registered | | onSuccess | (payload: AuthPayload) => Promise<AuthResult> | ❌ | - | Called on successful auth | | onDecline | (info: DeclineInfo) => Promise<void> | ❌ | - | Called when auth is declined |

Callbacks

onHello

Called when the wallet activates and sends the user's address. This callback should check if the user is already registered in your database.

Return value (isRegistered):

  • Return true if user exists - wallet will skip the permission request screen
  • Return false if user is new - wallet will show the permission request screen

This allows returning users to have a smoother authentication experience without repeatedly granting permissions.

onHello: async (address) => {
  const user = await db.users.findOne({ address });
  return !!user; // true if registered, false if new user
}

onSuccess

Called after successful authentication and signature verification. Use this callback to save user data and generate a JWT token.

Parameters:

  • address - User's blockchain address
  • fields - KYC data object (nickname, email, name, sex, dateOfBirth, etc.)

Return value:

  • { token: string } - JWT token for successful auth
  • { error: string } - (Optional) Error message if auth should fail
onSuccess: async ({ address, fields }) => {
  // Save user data to your database
  await db.users.upsert({
    address,
    nickname: fields?.nickname,
    email: fields?.email,
    name: fields?.name,
    sex: fields?.sex,
    dateOfBirth: fields?.dateOfBirth,
    documentCountry: fields?.documentCountry,
    imageAvatar: fields?.imageAvatar,
    // ... other KYC fields from the wallet
  });

  // Generate JWT token
  const token = jwt.sign({ address }, SECRET_KEY);

  return { token };
}

Error handling:

If you need to reject authentication based on your business logic, return an error:

onSuccess: async ({ address, fields }) => {
  // Example: Check if user meets requirements
  if (!await meetsRequirements(address)) {
    return { error: 'Account not eligible for this service' };
  }

  await db.users.upsert({ address, ...fields });
  const token = jwt.sign({ address }, SECRET_KEY);
  return { token };
}

onDecline

Called when authentication is declined by the user or fails. Useful for logging or analytics.

Parameters:

  • address - User's blockchain address (may be null if declined before activation)
  • reason - Standardized decline reason: 'user_declined', 'timeout', 'error', 'unknown'
  • message - Detailed decline message
  • declinedBy - Who declined: 'wallet' or 'browser'
  • sessionId - Session ID for tracking
onDecline: async ({ address, reason, message, declinedBy, sessionId }) => {
  // Log decline for analytics
  await db.authLogs.create({
    address,
    reason,      // 'user_declined', 'timeout', 'error', 'unknown'
    message,     // Detailed message
    declinedBy,  // 'wallet' or 'browser'
    sessionId,
    timestamp: new Date(),
  });
}

Logger Integration

Using Winston

import { createWinstonAdapter } from '@trust-proto/auth-node';
import winston from 'winston';

const logger = winston.createLogger({ /* your config */ });

const auth = new LiberionAuth({
  projectId: 'your-project-uuid',
  secretCode: 'your-secret-code',
  logger: createWinstonAdapter(logger),
});

Using Console Logger

import { ConsoleLogger } from '@trust-proto/auth-node';

const auth = new LiberionAuth({
  projectId: 'your-project-uuid',
  secretCode: 'your-secret-code',
  logger: new ConsoleLogger('[MyApp]'),
});

Custom Logger

Implement the ILogger interface:

const customLogger: ILogger = {
  info: (message, meta) => { /* ... */ },
  warn: (message, meta) => { /* ... */ },
  error: (message, meta) => { /* ... */ },
};

Authentication Flow

  1. Browser connects to WebSocket Server and sends auth_init
  2. Server creates authorization task via Trust Gate
  3. Server returns QR code link to browser
  4. User scans QR code with Liberion Wallet
  5. Wallet sends activation request with signed session data to Trust Gate server
  6. Trust Gate server gets public keys from Blockchain → User's S-NFT & checks signatures
  7. Trust Gate server calls onHello callback to Server
  8. Server calls onHello callback into its runtime
  9. Server sends ACTIVATED to browser
  10. Server sends onHello response to Trust Gate server
  11. Trust Gate server checks the project settings and required fields
  12. Trust Gate server sends payload back to Liberion Wallet
  13. Liberion Wallet sends signed auth data with KYC fields (Merkle Tree or ZK-proofs) to Server
  14. Server verifies ML-DSA-87 signature, checks data validity of proofs with Blockchain and calls onSuccess or onDecline callbacks respectively
  15. Server sends auth data to Browser, closes all session's connections
  16. Browser authorizes using auth data

Security Features

  • Post-Quantum Cryptography: ML-KEM-1024 + XChaCha20-Poly1305 + ML-DSA-87 (FIPS 203/204)
    • Used by Trust Gate for encrypting data sent to Wallet
    • ML-KEM-1024: Key encapsulation mechanism
    • XChaCha20-Poly1305: Authenticated encryption
    • ML-DSA-87: Digital signatures
  • Layered Encryption:
    • Server ↔ Trust Gate/Wallet: AES-256-CBC with project secretCode
    • Trust Gate → Wallet: Critical data additionally encrypted with ML-KEM-1024 + XChaCha20-Poly1305
  • Signature Verification: All auth data is cryptographically signed and verified
  • Session Timeout: 10-minute authorization window
  • WebSocket Ping/Pong: Keep-alive with 30-second interval

License

MIT