npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vouch-protocol-official/sdk

v1.1.0

Published

Official TypeScript SDK for Vouch Protocol. Verifiable Credentials with Data Integrity proofs (eddsa-jcs-2022), Multikey verification methods, optional hybrid post-quantum profile (Ed25519 + ML-DSA-44), plus a daemon client for delegating signing operatio

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ramprasad-gaddamramprasad-gaddam

Keywords

vouchvouch-protocolai-agentsagent-identityverifiable-credentialsvcw3cdata-integrityeddsa-jcs-2022didmultikeyed25519post-quantumml-dsahybrid-pqsigningc2pacontent-credentialsprovenanceidentitycryptography

Readme

@vouch-protocol-official/sdk

Official TypeScript SDK for the Vouch Protocol.

The open standards-aligned standard for cryptographic identity and provenance of AI agents. Works in both Browser and Node.js.

Installation

npm install @vouch-protocol-official/sdk

# Optional: for the hybrid post-quantum profile
npm install @noble/post-quantum

Two surfaces in one package

This package exports two complementary APIs:

  1. Cryptographic SDK (v1.0+): issue and verify Verifiable Credentials with Data Integrity proofs (eddsa-jcs-2022), Multikey verification methods, and an optional hybrid post-quantum profile (hybrid-eddsa-mldsa44-jcs-2026). Use for direct cryptographic agent identity.
  2. Daemon Client: a client library for delegating signing operations to a locally-running Vouch Bridge Daemon. Use when key material is centrally managed.

Quick Start: Cryptographic SDK (v1.0+)

import { Signer, Verifier, generateIdentity } from '@vouch-protocol-official/sdk';

// Generate a fresh agent identity
const keys = await generateIdentity('agent.example.com');

// Issue a Verifiable Credential bound to a specific intent
const signer = new Signer({
  privateKey: keys.privateKeyJwk,
  did: keys.did!,
});

const credential = await signer.signCredential({
  intent: {
    action: 'read_database',
    target: 'users_table',
    resource: 'https://api.example.com/v1/users',
  },
});

// Verify on the receiving side
const result = await Verifier.verifyCredential(credential, keys.publicKeyJwk);
if (result.isValid) {
  console.log('Verified agent:', result.passport!.iss);
  console.log('Authorized intent:', result.passport!.intent);
}

Quick Start: Daemon Client

import { VouchClient } from '@vouch-protocol-official/sdk';

const client = new VouchClient();

if (await client.connect()) {
  const result = await client.sign('Hello, World!', { origin: 'my-app' });
  console.log('Signature:', result.signature);
  console.log('DID:', result.did);
}

Hybrid Post-Quantum Profile

Optional hybrid-eddsa-mldsa44-jcs-2026 cryptosuite carries Ed25519 + ML-DSA-44 composite signatures over the same canonical bytes. Aligns with NIST CNSA 2.0 / NSM-10 migration timelines.

import { Signer, generateMLDSA44KeyPair } from '@vouch-protocol-official/sdk';

const mldsaKeys = await generateMLDSA44KeyPair();
// ...sign and verify under the hybrid profile...

See the full implementation guide at docs/hybrid-pq-implementation-guide.md.

What's exported

  • Signer, Verifier, generateIdentity, credential issuance and verification (v1.0+)
  • buildVouchCredential, VouchCredential, Intent, DelegationLink, credential construction primitives
  • canonicalize, canonicalizeToString, RFC 8785 JCS canonicalization
  • encodeEd25519Public, encodeMLDSA44Public, decodeMultikey, multikeyAlgorithm, Multikey verification methods
  • buildProof, verifyProof, eddsa-jcs-2022 Data Integrity primitives
  • buildHybridProof, verifyHybridProof, generateMLDSA44KeyPair, hybrid post-quantum primitives
  • VouchClient and the daemon client error types, daemon-delegation client

License

Apache-2.0. See LICENSE in the monorepo.

Documentation

  • specification draft: https://vouch-protocol.com/specs/SPEC/
  • Hybrid Post-Quantum Implementation Guide: https://github.com/vouch-protocol/vouch/blob/main/docs/hybrid-pq-implementation-guide.md
  • Defensive Prior Art Disclosures (CC0): https://github.com/vouch-protocol/vouch/tree/main/docs/disclosures

Repository

github.com/vouch-protocol/vouch (monorepo, this package lives under packages/sdk-ts/).