npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

secure-identifier

v1.0.1

Published

secure identifer for usernames

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

commentholcommenthol

Keywords

RFC2142TC39identifiermechanismsecuresecurityunicodeusername

Readme

secure-identifier

secure identifier for usernames

NPM version Build Status

Generates a unique and secure identifier for usernames, login-IDs, public-IDs and accounts by:

  1. Normalizing confusable chars from Unicode Security Mechanisms TR39
  2. Perform case-folding according to 5.18 Case Mappings - Unicode 10.0
  3. Check for allowed symbols in accordance with Unicode Security Mechanisms TR39
  4. Check length of input - default is (min: 2 chars, max: 60 chars)
  5. Check the sanitized string against a list of reserved words
  6. Only if all checks pass, the secured identifier is returned

This secure identifier shall be stored alongside the username/ loginId to ensure uniqueness amongst the whole set.

Further reading...

For the complexity of a valid usernames I recommend Let’s talk about usernames which also inspired me for this project. To read about where to use such identifier check The Tripartite Identity Pattern.

Usage

For use in your project:

npm i -S secure-identifier

Then:

const {secureIdentifier} = require('secure-identifier')

const username = '\u{1D5A2}\u{1D5C2}\u{1D5CB}\u{1D5BC}\u{1D5C5}\u{1D5BE}'
//> 𝖢𝗂𝗋𝖼𝗅𝖾 - looks like Circle but isn`t
const secure = secureIdentifier(username)
//> secure === 'circle'

API

Apart from the simple secureIdentifier you can use Identifier for mor advanced use-cases.

const {Identifier} = require('secure-identifier')

const username = ' Аᖯ𝗎𝗌е'
const opts = {minLength: 3, maxLength: 20}
const ident = new Identifier(username, opts)
  ident.confusables().trim()
    //> 'Abuse'
    .caseFolding()
    //> 'abuse'

  ident.status() // get list of offending chars
  //> []
  ident.isReserved() // 'abuse' is in the list of reserved names
  //> true
  ident.isValid()
  //> false
  ident.isMinLength() // check for minLength >= 3
  //> true
  ident.isMaxLength() // check for maxLength <= 20
  //> true
  ident.toString() // get current string
  //> 'abuse'
  ident.valid() // get valid string
  //> undefined

Please check out ./src/Identifier.js and ./src/IdentifierBase.js for further methods.

It is also possible to use your own list of reserved words. See ./test/Identifier.spec.js

License

MIT licensed

References

Reserved-names-lists are from:

  • https://ldpreload.com/blog/names-to-reserve
  • https://zimbatm.github.io/hostnames-and-usernames-to-reserve/ (CC0)
  • http://blog.postbit.com/reserved-username-list.html
  • http://www.bannedwordlist.com/lists/swearWords.txt (Free)