npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@dobuki/payload-validator

v1.0.7

Published

A simple mechanism for ensuring that a particular JSON payload is legit, using an extra field as signature.

Downloads

108

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vincentlequangvincentlequang

Keywords

shasignaturejsonpayloadsecurity

Readme

payload-validator

npm version

License

payload-validator is a simple and efficient library for signing and validating payloads using a secret. It ensures the integrity of your data by generating and checking signatures based on the content of the payload and a provided secret.

icon

Github Source

https://github.com/jacklehamster/payload-validator/

Installation

Install the package using npm:

npm install payload-validator

Or using bun:

bun add payload-validator

Usage

Importing

import { signedPayload, validatePayload } from 'payload-validator';

Signing a Payload

Use the signedPayload function to sign a payload with a secret:

const payload = { data: 'example' };
const options = { secret: 'mysecret' }; // You can name the secret key anything you want for security
const signed = signedPayload(payload, options);

console.log(signed);
// Output: { data: 'example', signature: 'generated-signature' }

Validating a Payload

Use the validatePayload function to validate a signed payload with a secret:

const isValid = validatePayload(signed, options);

console.log(isValid);
// Output: true

Time Window Mechanism

The library uses a time window mechanism to enhance security. The time window changes every 42 seconds by default, ensuring that the signature is only valid within the current and the previous time window. This adds an additional layer of protection against replay attacks. The time window duration can be customized through the options parameter.

Example with Time Window

import { signedPayload, validatePayload } from 'payload-validator';

const payload = { data: 'test' };
const options = { secret: 'mysecret', timeWindow: 1000 * 42 };

// Signing the payload
const signed = signedPayload(payload, options);
console.log(signed); // { data: 'test', signature: '...' }

// Validating the payload
const isValid = validatePayload(signed, options);
console.log(isValid); // true

// Invalid validation with a wrong secret
 const wrongOptions = { secret: 'wrongsecret', timeWindow: 1000 * 42 };
 const isValidWrongSecret = validatePayload(signed, wrongOptions);
 console.log(isValidWrongSecret); // false

API

signedPayload(payload: SignedPayload, secret: string = ""): SignedPayload

Signs the given payload using the provided secret and returns a new payload with the added signature.

  • payload: The payload object to be signed.
  • secret: The secret string used for signing the payload.

Returns the signed payload object.

validatePayload(payload: SignedPayload, secret: string = ""): boolean

Validates the given signed payload using the provided secret.

  • payload: The signed payload object to be validated.
  • secret: The secret string used for validating the payload.

Returns true if the payload is valid, otherwise false.

Example

https://jacklehamster.github.io/payload-validator/example/

import { signedPayload, validatePayload } from 'payload-validator';

const payload = { data: 'test' };

const options = { secret: 'mysecret' }; // You can name the secret key anything you want for security
const signed = signedPayload(payload, options);

console.log(signed); // { data: 'test', signature: '...' }

// Validating the payload
const isValid = validatePayload(signed, options);
console.log(isValid); // true

// Invalid validation with a wrong secret
const isValidWrongSecret = validatePayload(signed, { secret: 'wrongsecret' });
console.log(isValidWrongSecret); // false

License

This project is licensed under the MIT License.