npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

create-agent

v0.0.17

Published

create an agent

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

melvincarvalhomelvincarvalho

Keywords

aamcreate-agentagent

Readme

npm init agent

npm version License: MIT Node.js

Your AI agent has no identity. It can't prove who it is. It can't sign anything. It can't be trusted.

Instantly generates a cryptographic identity with a W3C DID document — the foundation for safe AI agents you can trust.

Use with aam to sign and verify skills and agents.

Why?

AI agents and autonomous systems need verifiable identities. Traditional auth (API keys, OAuth) wasn't designed for machine-to-machine trust. create-agent provides:

  • W3C Standards — DID documents for interoperability
  • Cryptographic Identity — Schnorr keypairs on secp256k1
  • Decentralized — No central authority, works with Nostr relays
  • Zero Config — One command, instant identity

Installation

# Just run it (no install required)
npm init agent

# Or install globally
npm install -g create-agent
create-agent

# Or as a library
npm install create-agent

CLI Output

The tool outputs a spec-compliant DID document to stdout:

{
  "@context": [
    "https://w3id.org/did",
    "https://w3id.org/nostr/context"
  ],
  "id": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23",
  "type": "DIDNostr",
  "verificationMethod": [
    {
      "id": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23#key1",
      "type": "Multikey",
      "controller": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23",
      "publicKeyMultibase": "fe70102dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23"
    }
  ],
  "authentication": ["#key1"],
  "assertionMethod": ["#key1"],
  "service": []
}

Key information is displayed on stderr for security (private keys in red).

Programmatic API

import { generateAgent } from 'create-agent'

const agent = generateAgent()

// Nostr keys
console.log(agent.pubkey)   // hex public key
console.log(agent.npub)     // bech32 public key
console.log(agent.privkey)  // hex private key (keep secret)
console.log(agent.nsec)     // bech32 private key (keep secret)

// W3C DID Document
console.log(agent.did.id)   // did:nostr:<pubkey>
console.log(agent.did)      // full DID document

CLI Examples

# Save DID document to file
create-agent > agent-identity.json

# Extract DID identifier
create-agent | jq -r '.id'

# Extract public key
create-agent | jq -r '.verificationMethod[0].publicKeyMultibase'

# Suppress stderr, get only JSON
create-agent 2>/dev/null

Output Reference

Keys

| Field | Format | Description | |-------|--------|-------------| | pubkey | 64 hex chars | Public key (shareable) | | npub | bech32 | Human-readable public key | | privkey | 64 hex chars | Private key — keep secret | | nsec | bech32 | Human-readable private key — keep secret |

DID Document

| Field | Value | |-------|-------| | @context | W3C DID v1 + Nostr context | | id | did:nostr:<pubkey> | | type | DIDNostr | | verificationMethod | Multikey with secp256k1 | | authentication | #key1 reference | | assertionMethod | #key1 reference |

Multibase Encoding

The publicKeyMultibase follows multicodec standards:

fe70102<pubkey>
│└───┘└┘└─────┘
│  │   │   └── 32-byte x-coordinate
│  │   └────── 02 compressed key prefix
│  └────────── e701 secp256k1-pub varint
└───────────── f base16-lower prefix

Use Cases

| Application | Description | |-------------|-------------| | Sign Skills & Agents | Cryptographically sign AI skills with aam | | AI Agents | Verifiable identity for autonomous systems | | Nostr Bots | Generate keypairs for automated accounts | | Testing | Create ephemeral identities for integration tests | | Credentials | Subject identifiers for Verifiable Credentials |

Security

Private keys (privkey, nsec) are cryptographic secrets. Exposure allows:

  • Signing messages as the identity
  • Accessing encrypted communications
  • Full impersonation

The CLI outputs private keys to stderr only, allowing safe piping of the DID document.

Next Steps: Sign Your Agents

Use your identity to sign skills and agents with aam:

# 1. Generate your identity
npm init agent
# Save your privkey (hex format)

# 2. Install aam
npm install -g aam

# 3. Sign a skill you've created
aam skill sign my-skill --privkey <your-privkey> --repo user/repo

# 4. Others can verify your signature
aam skill verify my-skill

This creates a Nostr event (kind 31337) cryptographically linking your identity to the skill. No black boxes. No hidden motives. Trust through transparency.

Learn more at aam.wtf

Specification

This implementation follows the did:nostr Method Specification maintained by the W3C Nostr Community Group.

Related

Development

git clone https://github.com/melvincarvalho/create-agent.git
cd create-agent
npm install
npm test

License

MIT — Agentic Alliance