npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@usemona/attest-backend-sdk

v2.0.20

Published

Mona Attest Backend SDK - Secure server-side verification for cryptographic attestations and digital signatures. Provides robust signature validation, user verification, and enterprise-grade security for Node.js applications.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rorymonarorymona

Keywords

attestationcryptographyverificationsignaturebackendservermona

Readme

Mona Attest Backend SDK

npm version License: MIT

🔐 Enterprise-Grade Server-Side Verification for Cryptographic Attestations

The Mona Attest Backend SDK provides secure server-side verification for cryptographic attestations and digital signatures. Built for Node.js applications requiring robust user verification, signature validation, and enterprise-grade security.

✨ Key Features

  • 🔒 Cryptographic Verification - Secure signature validation using WebAuthn
  • 🏢 Enterprise Security - Production-ready attestation verification
  • ⚡ High Performance - Optimized for server-side operations
  • 🔄 Framework Agnostic - Works with Express, Fastify, Koa, and more
  • 📊 Audit Logging - Comprehensive verification audit trails
  • 🌐 Production Ready - Enterprise-grade production environment
  • 📡 Zero Dependencies - Lightweight with minimal external dependencies

📦 Installation

npm install @usemona/attest-backend-sdk

🎯 Quick Start

Basic Verification

import { AttestBackendSDK } from '@usemona/attest-backend-sdk';

// Initialize the SDK
const attestBackendSDK = new AttestBackendSDK({
  apiUrl: 'https://your-attesttool-backend.com',
  environment: 'production'
});

// Verify an attestation signature
const verificationResult = await attestBackendSDK.verifyAttestation(
  attestationSignature,  // From client request headers
  req                   // Express request object - SDK extracts API call data
);

if (verificationResult.verified) {
  console.log('✅ Signature valid:', verificationResult.user);
  // Process the authenticated request
} else {
  console.log('❌ Signature invalid:', verificationResult.error);
  // Reject the request
}

Express.js Middleware Integration

import express from 'express';
import { AttestBackendSDK } from '@usemona/attest-backend-sdk';

const app = express();
const attestBackendSDK = new AttestBackendSDK();

// Attestation verification middleware
const verifyAttestation = async (req, res, next) => {
  try {
    const signature = req.headers['x-mona-attest'];
    
    if (!signature) {
      return res.status(401).json({ error: 'Missing attestation signature' });
    }

    // Pass the entire request object - SDK will extract API call structure from actual request
    const verification = await attestBackendSDK.verifyAttestation(signature, req);

    if (!verification.verified) {
      return res.status(403).json({ 
        error: 'Invalid attestation',
        details: verification.error 
      });
    }

    // Add user info to request
    req.attestedUser = verification.user;
    req.verificationId = verification.id;
    
    next();
  } catch (error) {
    res.status(500).json({ error: 'Verification failed' });
  }
};

// Protected route
app.post('/api/secure-payment', verifyAttestation, async (req, res) => {
  console.log(`Authenticated user: ${req.attestedUser.firstName}`);
  
  // Process the payment with confidence
  const result = await processPayment(req.body, req.attestedUser);
  
  res.json({ success: true, paymentId: result.id });
});

🔧 Configuration Options

SDK Configuration

const attestBackendSDK = new AttestBackendSDK({
  // Environment Configuration
  environment: 'production',         // 'production' | 'auto'
  
  // API Configuration  
  apiUrl: 'https://api.attest.ng',   // Attest API endpoint
  timeout: 30000,                    // Request timeout in ms
  
  // Security Configuration
  strictMode: true,                  // Enable strict signature validation

  
  // Logging Configuration
  auditLog: true,                    // Enable audit logging
  logLevel: 'info',                  // 'debug' | 'info' | 'warn' | 'error'
  
  // Custom Headers
  customHeaders: {
    'X-API-Version': '2.0',
    'X-Client-ID': 'your-client-id'
  }
});

📚 API Reference

AttestBackendSDK Methods

verifyAttestation(signature, req)

Verifies a cryptographic attestation signature against the actual HTTP request.

Parameters:

  • signature (string): The attestation signature from client headers
  • req (object): Express request object - SDK extracts API call structure from actual request
    • body: Request body
    • headers: Request headers
    • method: HTTP method
    • url: Request URL

Returns: Promise

interface VerificationResult {
  verified: boolean;           // Whether signature is valid
  user?: UserInfo;            // Authenticated user information
  id?: string;                // Verification session ID
  error?: string;             // Error message if verification failed
  timestamp: number;          // Verification timestamp
  signatureMetadata?: object; // Additional signature data
}
getUserInfo(userId)

Retrieves detailed information about an attested user.

Parameters:

  • userId (string): The user ID from verification result

Returns: Promise

interface UserInfo {
  userId: string;
  firstName?: string;
  lastName?: string;  
  email?: string;
  phone?: string;
  verificationLevel: 'basic' | 'enhanced' | 'premium';
  lastAttestation: number;
  attestationCount: number;
}

🏗️ Architecture

The backend SDK provides:

  1. Signature Verification - Cryptographic validation of client signatures
  2. User Authentication - Secure user identity verification
  3. Request Integrity - Ensures request data hasn't been tampered with
  4. Session Management - Handles attestation session lifecycle
  5. Audit Logging - Comprehensive security event logging
  6. Error Handling - Robust error reporting and debugging

🔄 Integration with Frontend

Use with the companion frontend package:

npm install mona-attest-frontend  # For React/Next.js frontend

Frontend (React/Next.js):

import { AttestFrontendSDK } from 'mona-attest-frontend';

const frontendSDK = new AttestFrontendSDK();

// Client creates attestation
const response = await frontendSDK.fetchWithAttestation(
  '/api/secure-endpoint',
  { method: 'POST', body: JSON.stringify(data) }
);

Backend (Node.js):

import { AttestBackendSDK } from '@usemona/attest-backend-sdk';

const backendSDK = new AttestBackendSDK();

// Server verifies attestation
const verification = await backendSDK.verifyAttestation(
  signature, 
  req  // Express request object
);

🌟 Use Cases

  • 💳 Payment Processing - Secure payment authorization and validation
  • 🏦 Banking APIs - Account operations and financial transactions
  • 🔐 Identity Services - User authentication and KYC verification
  • 📊 Sensitive Data - Protection of critical business operations
  • 🚀 High-Value Actions - Multi-factor verification for important actions
  • 🔗 API Security - Enterprise-grade API endpoint protection

🛡️ Security Features

Cryptographic Validation

  • WebAuthn Signatures - Industry-standard public key cryptography
  • Timestamp Verification - Prevents replay attacks
  • Data Integrity - Ensures request data hasn't been modified
  • Challenge Validation - Cryptographic challenge-response verification

Enterprise Security

  • Audit Trails - Comprehensive logging of all verification attempts
  • Rate Limiting - Built-in protection against abuse
  • Production Security - Enterprise-grade security for production environments
  • Error Masking - Secure error messages that don't leak sensitive data

🚀 Performance

  • ⚡ Fast Verification - Optimized cryptographic operations
  • 📈 Scalable - Handles high-throughput verification workloads
  • 💾 Memory Efficient - Minimal memory footprint
  • 🔄 Connection Pooling - Efficient API communication

📋 Environment Variables

# Attest Configuration
ATTEST_API_URL=https://api.attest.ng

# Security Configuration  
ATTEST_STRICT_MODE=true
ATTEST_AUDIT_LOG=true

# Performance Configuration
ATTEST_TIMEOUT=30000
ATTEST_MAX_RETRIES=3

🐛 Error Handling

try {
  const verification = await attestBackendSDK.verifyAttestation(signature, req);
  
  if (!verification.verified) {
    // Handle invalid signature
    console.log('Verification failed:', verification.error);
    return res.status(403).json({ error: 'Invalid attestation' });
  }
  
  // Process authenticated request
  
} catch (error) {
  if (error.code === 'NETWORK_ERROR') {
    // Handle network issues
  } else if (error.code === 'SIGNATURE_EXPIRED') {
    // Handle expired signatures
  } else {
    // Handle other errors
    console.error('Verification error:', error);
  }
}

🤝 Support

📄 License

MIT License - see LICENSE file for details.

🚀 Getting Started

Ready to add secure server-side verification to your API? Check out our Integration Guide.

Made with ❤️ by the Mona Team