npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

okova

v0.12.8

Published

Advanced DRM inspection toolkit

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vitalygashkovvitalygashkov

Keywords

widevinedrmgooglepsshemeencrypted-media-extensionsmedia

Readme

okova

npm version GitHub Downloads (all assets, latest release) npm downloads

Okova is a set of tools (JavaScript library, command-line utility and browser extension) for diagnosing, researching, and pentesting DRM systems used in playable media content.

Okova is still in the early stages of development, so until version 1.0 is released, performance may be unstable and major changes may be made

Features

  • Logging details from EME events in DevTools console
  • Network-independent interception via browser extension, so it doesn't matter if license request has one-time tokens or a custom request/response body format
  • Remote instance to manage sessions via REST API
  • Custom CDM client support: create *.wvd or *.prd from raw client files and import them into browser extension
  • Runtime agnostic core: works in Node.js, Bun, Deno, browsers and more
  • Encrypted Media Extensions API compatibility via requestMediaKeySystemAccess() method

Browser Extension

Installing Chrome extension

Developer Mode needs to be enabled in chrome://extensions/ page

  1. Download archive from latest release
  2. Go to chrome://extensions/ page
  3. Ensure Developer Mode enabled and then drag and drop downloaded zip file to this page

Read Google's guide

Installing Firefox extension

  1. Download archive from latest release
  2. Go to about:debugging#/runtime/this-firefox page
  3. Click Load Temporary Add-on button and choose downloaded zip file

Temporary add-on is not persistent and will be removed after browser restart

Read Mozilla's guide

Command-line tool

Installation

Command-line tool installation requires pre-installed JavaScript runtime (e.g. Node.js).

npm install -g okova

Usage

See help for all possible arguments and options: okova --help

Convert DRM client files ./drm-files/device_client_id_blob and ./drm-files/device_private_key to single WVD file:

okova client pack ./drm-files ./unknown_android-sdk-built-for-x86.wvd
Client packed: /Users/.../unknown_android-sdk-built-for-x86.wvd

Show DRM client info:

okova client info ./unknown_android-sdk-built-for-x86.wvd
application_name: org.chromium.webview_shell
company_name: unknown
model_name: Android SDK built for x86
architecture_name: x86
device_name: generic_x86
product_name: sdk_phone_x86
build_info: Android/sdk_phone_x86/generic_x86:10/RSR1.410600.002.B3/1792159:userdebug/dev-keys
widevine_cdm_version: 16.0.0
oem_crypto_security_patch_level: 0
oem_crypto_build_information: OEMCrypto Level3 Code 8162 May  9 2018 14:01:12

JavaScript library

Library installation requires pre-installed JavaScript runtime (e.g. Node.js).

Installation

npm install okova

Usage

See examples for more.

Obtain a Widevine license for Bitmovin's video:

import { readFile } from 'node:fs/promises';
import { fromBase64, Widevine, WidevineDeviceCredentials } from 'okova';

async function main() {
  // Prepare init data (PSSH)
  const initData = fromBase64(
    'AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==',
  ).toBuffer();

  // Load device credentials
  const deviceCredentials = await WidevineDeviceCredentials.from({
    wvd: await readFile('client.wvd'),
  });

  const widevine = new Widevine({ deviceCredentials });
  const session = widevine.createSession();

  // Handle generated license challenge (or other session messages like individualization request)
  session.onmessage = async (event) => {
    const { message } = event.detail;
    // Send license request
    const licenseUrl = 'https://cwip-shaka-proxy.appspot.com/no_auth';
    const response = await fetch(licenseUrl, { body: message, method: 'POST' })
      .then((r) => r.arrayBuffer())
      .then((buffer) => new Uint8Array(buffer));
    // Update session with license response
    await session.update(response);
  };

  // Generate license challenge
  await session.generateRequest(initData);

  // Wait for keys
  const keys = await session.waitForKeys();
  for (const [keyId, key] of keys) {
    console.log(`${keyId}:${key}`);
  }

  await session.close(); // Close session to delete of any license(s) and key(s) that have not been explicitly stored.
  await session.remove(); // Destroy the license(s) and/or key(s) associated with the session whether they are in memory, persistent store or both.
}

Disclaimer

  1. This project does not condone piracy or any action against the terms of the DRM systems.
  2. All efforts in this project have been the result of Reverse-Engineering, Publicly available research, and Trial & Error.
  3. Do not use this program to decrypt or access any content for which you do not have the legal rights or explicit permission.
  4. Unauthorized decryption or distribution of copyrighted materials is a violation of applicable laws and intellectual property rights.
  5. This tool must not be used for any illegal activities, including but not limited to piracy, circumventing digital rights management (DRM), or unauthorized access to protected content.
  6. The developers, contributors, and maintainers of this program are not responsible for any misuse or illegal activities performed using this software.
  7. By using this program, you agree to comply with all applicable laws and regulations governing digital rights and copyright protections.