npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cyyynthia/tokenize

v1.1.3

Published

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

Downloads

93

Readme

Tokenize

ko-fi License

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

Implementation

This repository contains the reference Tokenize implementation, in NodeJS. You can find out how to install and use it in USAGE.md.

Here is a list of other implementations:

  • Java (1.8+): https://github.com/vinceh121/tokenize4j
  • ...your implementation! Feel free to shoot a PR if you made an implementation. I'd love to list it!

Security

Here are some basic guidelines implementations should follow to ensure they have a safe piece of software. It isn't a magic formula and doesn't include everything, so make sure you give extra attention not introducing vulnerabilities.

  • Check absolutely everything Tokens are pieces of data you can trust as much as the Chinese government. You will receive invalid ones, and some people will attempt to tamper tokens. Make sure to check absolutely everything, and only perform operations on it when you know it's safe.

  • Be aware of timing attacks When checking for the token signature, ensure you are using a safe equality check. A safe check is one that takes the exact same time, whether the two values match or not.

Reporting a vulnerability

For security vulnerabilities within the reference implementation, please shoot me an email at [email protected] so I can give it a look, and issue appropriated fixes and security advisories.

For other implementation, refer to the security policies established by implementation maintainers.

Specification

The Tokenize Token Format specification can be found in SPEC.md.