npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@lorhansohaky/itsdangerous

v1.0.0

Published

Safely pass trusted data to untrusted environments and back.

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lorhansohakylorhansohaky

Keywords

hmacitsdangerouspalletssigningsecurityserializationdigest

Readme

itsdangerous

... so better sign this.

Note: This is an unofficial JavaScript port of the Python library itsdangerous.

@lorhansohaky/itsdangerous provides various helpers for securely serializing data and passing it through untrusted environments. The data is cryptographically signed to ensure that it hasn't been tampered with during transmission or storage.

Key features include customizable serialization, optional compression, timestamp support for expiring signatures, and compatibility with various cryptographic algorithms.

Features | Installation | Usage | License | Contributing

Status

Features

  • Secure Serialization: Convert JavaScript objects to safe, URL-friendly strings that can be signed to protect against tampering.
  • Timed Signatures: Add timestamps to signatures, enabling support for expiring tokens.
  • Secret Key Rotation: Manage multiple keys for signing, supporting key rotation for enhanced security.
  • Flexible Algorithms: Supports different cryptographic algorithms like HMAC with SHA1, SHA256, SHA512, etc.
  • Payload Compression: Automatically compress and decompress payloads to optimize storage and transmission.
  • URL-Safe Formats: Encodes data into URL-safe strings, perfect for embedding in URLs or cookies.

Installation

npm install @lorhansohaky/itsdangerous

Usage

Below are some practical use cases and basic examples. For more examples, see the examples directory.

Use Cases

  • Tokenized URLs: Sign user IDs or other data in URLs (e.g., unsubscribe links) to eliminate the need for storing one-time tokens in the database.

  • Stateless Sessions: Store signed objects in cookies or other untrusted sources, removing the need for server-side session storage.

  • Round-Trip Data: Safely pass server-side state to the client and back, verifying its integrity upon return.

Basic Serialization and Signing

URL-Safe Serialization

import {URLSafeSerializer} from '@lorhansohaky/itsdangerous';

const authSerializer = new URLSafeSerializer({secretKey: 'secret key', salt: 'auth'});
const token = await authSerializer.stringify({id: 5, name: 'itsdangerous'});

console.log(token); // eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg

const data = await authSerializer.parse(token);
console.log(data.name); // itsdangerous

Timed Signatures

import {URLSafeTimedSerializer} from '@lorhansohaky/itsdangerous';

const authSerializer = new URLSafeTimedSerializer({secretKey: 'secret key', salt: 'auth'});
const token = await authSerializer.stringify({id: 5, name: 'itsdangerous'});

const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
try {
  await sleep(6000);
  // This will throw an error if the token has expired
  const data = await authSerializer.parse(token, undefined, 5, true);
} catch (err) {
  console.log(err.name); // SignatureExpiredError
  console.log(err.message); // Signature age 6 > 5 seconds
}

License

This project is licensed under the MIT license.

Contributing

We welcome contributions! Please read CONTRIBUTING.md for details on how to get involved and submit your changes.