npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sakshsky-auth

v1.0.2

Published

A Node.js package for passwordless email verification authentication with device fingerprinting and tamper detection

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

susheelhbtisusheelhbti

Keywords

authenticationpasswordlessemailfingerprintingsecurity

Readme

sakshsky-auth

A Node.js package for implementing passwordless email-based authentication with device fingerprinting and tamper detection. It generates verification codes, binds them to user device info via hashing, and verifies incoming emails using IMAP/POP3 monitoring.

Features

  • Passwordless login via email verification codes.
  • Device fingerprinting (IP, user-agent, browser, etc.) for added security.
  • Tamper detection using salted SHA-256 hashes.
  • Built-in IMAP/POP3 for email monitoring.
  • Customizable code generation.
  • MongoDB storage for verification records (via Mongoose).

Installation

npm install sakshsky-auth

Usage

Setup

  1. Install required dependencies in your project:

    npm install express socket.io mongoose

  2. Define Mongoose schemas in your app (e.g., in server.js):

    const verificationSchema = new mongoose.Schema({
  email: String,
  code: String,
  expiry: Date,
  socketId: String,
  hashedFingerprint: String,
  salt: String
});
const Verification = mongoose.model("Verification", verificationSchema);

  3. Integrate into your Express app:

    const { sakshskyInitLoginHandler, sakshskyStartAuthMonitor } = require('sakshsky-auth');

// Route for initiating login
app.post('/api/init-login', async (req, res) => {
  const serverEmail = '[email protected]';
  await sakshskyInitLoginHandler(req, res, serverEmail);
});

// Start monitor (e.g., on server startup)
const emailConfig = { host: 'imap.example.com', port: 993, user: 'user', pass: 'pass' };
sakshskyStartAuthMonitor(emailConfig, (verification) => {
  // Handle successful verification, e.g., emit via Socket.IO
  io.to(verification.socketId).emit('verified', { email: verification.email });
});

Custom Code Generation

Pass a callback as the fourth parameter to sakshskyInitLoginHandler:

const customGenerator = (req) => Math.random().toString(36).substring(2, 8).toUpperCase();
await sakshskyInitLoginHandler(req, res, serverEmail, customGenerator);

Frontend Example (public/index.html)

Place this file in a public folder and serve it statically (e.g., via app.use(express.static('public'))).

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Email Auth Example</title>
  <script src="/socket.io/socket.io.js"></script> <!-- Socket.IO client -->
</head>
<body>
  <h1>Passwordless Email Login</h1>
  <p>Enter your email and click Login. This will open your email client with a pre-filled message containing a verification code. Send it to the server's email, and you'll be logged in automatically.</p>
  
  <input type="email" id="email" placeholder="Your Email" required>
  <button onclick="initLogin()">Login</button>

  <script>
    // Connect to Socket.IO
    const socket = io();

    // Function to initiate login
    function initLogin() {
      const email = document.getElementById('email').value;
      if (!email) {
        return alert('Please enter your email');
      }

      // Send request to server to get pre-filled email details
      fetch('/api/init-login', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ email, socketId: socket.id })
      })
      .then(res => res.json())
      .then(data => {
        // Open the user's email client with pre-filled details
        const mailtoLink = `mailto:${data.toEmail}?subject=${encodeURIComponent(data.subject)}&body=${encodeURIComponent(data.body)}`;
        window.location.href = mailtoLink;

        // Listen for verification confirmation via Socket.IO
        socket.on('verified', (data) => {
          alert(`Login successful! Welcome, ${data.email}`);
          // Redirect to dashboard or update UI
          window.location.href = '/dashboard';
        });
      })
      .catch(err => {
        console.error('Error initiating login:', err);
        alert('Error starting login process');
      });
    }
  </script>
</body>
</html>

Configuration

  • emailConfig: Object with IMAP/POP3 details (host, port, user, pass). Protocol auto-detected by port.
  • Expiry: Hardcoded to 10 minutes; customize by modifying the code if needed.
  • Database: Uses Mongoose; ensure models are defined as shown.

Security Notes

  • Uses SHA-256 for hashing with random salts.
  • Fingerprint bound to verification to prevent cross-device tampering.
  • Short expiry and one-time use mitigate replays.
  • For production: Add rate limiting, HTTPS, and monitor for anomalies.

Dependencies

  • mongoose: For MongoDB storage.
  • uuid: Default code generation.
  • ua-parser-js: User-agent parsing.
  • imapflow, node-pop3, mailparser: For email monitoring (built-in).

License

MIT

Contributing

Pull requests welcome. For major changes, open an issue first.