npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vymalo/medusa-webauthn

v1.0.2

Published

A starter for Medusa projects.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

selast-lambouselast-lambou

Keywords

medusamedusajswebauthnmedusa-webauthnauthauthenticationwebauthnmedusa-webauthnmedusa-plugin-authmedusa-v2medusa-plugin-integration

Readme

MedusaJS WebAuthn Authentication

🔐 Passwordless Authentication for MedusaJS using WebAuthn - The Modern, Secure Authentication Standard

🌟 Features

  • Passwordless authentication using WebAuthn
  • Support for hardware and software security keys
  • Enhanced security with public key cryptography
  • Seamless integration with MedusaJS

🔒 WebAuthn Workflow

flowchart TD
    A[User Starts Registration] --> B[Request Registration Options]
    B --> C[Browser Creates Credential]
    C --> D[Send Credential to Server]
    D --> E[Server Verifies & Saves Credential]
    
    F[User Starts Login] --> G[Request Authentication Options]
    G --> H[User Interacts with Security Key]
    H --> I[Browser Generates Authentication Assertion]
    I --> J[Server Verifies Assertion]
    J --> K[User Authenticated]

Detailed Authentication Flow

  1. Registration

    • User initiates registration
    • Server generates registration options
    • Browser creates a unique cryptographic credential
    • Credential verified and saved on server

  2. Authentication

    • User starts login process
    • Server generates authentication challenge
    • User authenticates with security key
    • Server verifies the cryptographic assertion
    • User granted access

📦 Installation

Install the package using npm:

npm install @vymalo/medusa-webauthn

Or using yarn:

yarn add @vymalo/medusa-webauthn

🚀 Configuration

Plugin Configuration

plugins: [
  {
    resolve: "@vymalo/medusa-webauthn",
    options: {
      rpName: process.env.WEBAUTHN_RP_NAME,     // Relying Party Name
      rpID: process.env.WEBAUTHN_RP_ID,         // Relying Party ID
      origin: process.env.WEBAUTHN_ORIGIN,      // Origin of your application
    },
  },
],

projectConfig: {
  http: {
    authMethodsPerActor: {
      customer: ["webauthn"], // Enable WebAuthn for customers
    },
  },
},

modules: [
  {
    resolve: "@medusajs/medusa/auth",
    dependencies: ["webauthn_api"],
    options: {
      providers: [
        {
          resolve: "@vymalo/medusa-webauthn/auth",
          id: "webauthn",
          options: {},
        },
      ],
    },
  }
]

🛡️ Security Architecture

graph TD
    A[User Device] -->|Public Key| B[Server]
    B -->|Challenge| A
    A -->|Signed Challenge| B
    B -->|Verify Signature| A
    
    subgraph Cryptographic Process
    PK[Public Key Cryptography]
    Challenge[Challenge Generation]
    Signature[Signature Verification]
    end

Key Security Concepts

  • No Shared Secrets: Uses public-key cryptography
  • Phishing Resistant: Bound to specific origin and application
  • Hardware Key Support: Works with security keys like YubiKey
  • Multi-Factor Capable: Can combine with other authentication methods

🔧 Environment Variables

  • WEBAUTHN_RP_NAME: Your application's name
  • WEBAUTHN_RP_ID: Domain of your application
  • WEBAUTHN_ORIGIN: Full origin URL

📦 Dependencies

  • @simplewebauthn/server
  • @simplewebauthn/types
  • superjson

🤝 Contributing

Contributions are welcome! Please submit pull requests or open issues.

🛡️ Security Reporting

If you discover a security vulnerability, please contact [your security contact].

📄 License

Check the license

🔗 Related Projects