npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

secure-time-token

v1.0.5

Published

A lightweight package for generating and validating time-based secure tokens.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

vibhavyvibhavy

Keywords

tokensecurityHMACTTLvalidation

Readme

Token Generator and Validator

This project provides a lightweight module to generate and validate time-based secure tokens. The tokens are signed using HMAC for integrity and support a configurable time-to-live (TTL) mechanism to ensure tokens expire after a defined duration.

Features

  • Generate secure, time-based tokens with customizable TTL.
  • Validate tokens and verify their expiration.
  • Simple and lightweight implementation using Node.js.

Installation

To install this module, clone the repository or include it in your project directly:

npm install secure-time-token

Usage

Import the Module

const { generateToken, validateToken } = require('secure-time-token');

Generate a Token

Use the generateToken function to create a secure token with a specified TTL (in seconds).

const secretKey = 'your-secure-secret-key'; // Replace with your secure secret key
const ttlInSeconds = 60; // Token will expire in 60 seconds

const token = generateToken(ttlInSeconds, secretKey);
console.log('Generated Token:', token);

Validate a Token

Use the validateToken function to verify the token's signature and expiration.

try {
    const isValid = validateToken(token, secretKey);
    console.log('Token is valid:', isValid);
} catch (error) {
    console.error('Token validation failed:', error.message);
}

Example Workflow

const { generateToken, validateToken, getDecodedPayload } = require('secure-time-token');

// Step 1: Generate a token
const secretKey = 'your-secure-secret-key';
const ttl = 120; // Token valid for 120 seconds
const token = generateToken(ttl, secretKey);
console.log('Generated Token:', token);

// Step 2: Validate the token
setTimeout(() => {
    try {
        const isValid = validateToken(token, secretKey);
        console.log('Token is valid:', isValid);

        const decodedPayload = getDecodedPayload();
        console.log('decoded payload:', decodedPayload);

    } catch (error) {
        console.error('Token validation failed:', error.message);
    }
}, 100000); // Validate after 100 seconds

// Step 3: Attempt to validate after token expiration
setTimeout(() => {
    try {
        const isValid = validateToken(token, secretKey);
        console.log('Token is valid:', isValid);
    } catch (error) {
        console.error('Token validation failed:', error.message);
    }
}, 130000); // Validate after 130 seconds (token expired)

Notes

  1. Secret Key Security:

    • Use a strong, unique secret key to ensure the integrity of the tokens.
    • Never expose the secret key in client-side code or public repositories.

  2. Time Synchronization:

    • Ensure the server's clock is synchronized to avoid discrepancies in token validation.

  3. Performance:

    • The module is lightweight and suitable for applications where token security and expiration are critical.

License

This project is licensed under the MIT License. See the LICENSE file for details.