npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

signature-module

v0.5.9

Published

Signature Module

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

pantaflixpantaflix

Keywords

Readme

What is this repository for?

This JavaScript module provides tools to make the process of signing a request between servers easier. It consist on two services:

SignatureMiddleware: Node.js Express middleware in charge of checking whether a signed request is valid.

SignedRequest: Service to send signed http requests. It appends the necessary parameters to it.

How do I get set up?

1-

npm install signature-module --save

2- Include it once in your project with the sequelize instance (It is used for creating the necessary migrations)

const signature = require('signature-module')({
    appId: 'appId',
    signatureKey: 'signatureKey'
});

3- Initialize the service desired

const signatureMiddleware = signature.signatureMiddleware();

const signedRequest = signature.signedRequest('targetSecretKey');

How do I use the signatureMiddleware

Use the signatureMiddleware with your Express server to validate any incomming request.

server.use(signatureMiddleware());

How do I use the signedRequest module

Use the signed request module like you would do with the request-promise module: https://github.com/request/request-promise. The module will append the necessary values to the request (signature, appId, timestamp)

GET:

signedRequest.get({
    baseUrl: 'https://some.url.com',
    uri: `/some/uri`,
    json: true,
    qs: {
        param: 'value'
    }
})
.then(data => {})
.catch(error => {})

POST:

signedRequest.post({
    baseUrl: 'https://some.url.com',
    uri: `/some/uri`,
    json: true,
    qs: {
        param: 'value'
    },
    body: {
        param1: 'value',
        param2: 'value'
    }
})
.then(data => {})
.catch(error => {})

How does the communication between services work

Service A AppId: 'ServiceA'; IncomingSignatureKey: 'IncomingSignatureA';

Service B AppId: 'ServiceB'; IncomingSignatureKey: 'IncomingSignatureB';

To make a request from A to B Service A needs to add three extra query parameters to the request:

  • appId: App Id of the sender service, in this case service A: 'ServiceA'.
  • timestamp: Unix timestamp of the moment of the request
  • signature: Hash containing all the request parameters signed with the Service B incomming signature key. Structure: 'stringifiedQueryParams;stringifiedBody'; Query params and body should be ordered alphabetically.
signedRequest.post('ServiceB', {
    appId: 'ServiceA',
    signature: 'SignatureHashedWithServiceBSignatureKey'
});

For Service B to validate a request coming from service A:

  • Signature must have been hashed with service B incomming signature key.
  • In order to validate the signature, this one (the signature) should be removed from the query string.
  • The content of the request (body and query parameters) should be sorted alphabetically before stringifying it.
  • AppId should be the right appId from service A.
  • Timestamp should be valid (in a range of time). You can configure it initializin the signature service with the 'validOffset' option:
const signature = require('signature-module')({
    validOffset: {
        amount: 20,
        time: 'minutes'
    }
});