npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

evrc-verifier

v1.0.2

Published

A custom verifier to verify W3C verifiable credentials.

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

vc-dhruvvc-dhruv

Keywords

credentialsverificationvalidationW3Cverifiable credentials

Readme

EveryCRED Logo

EveryCRED Verifier JS :lock:

Version: 1.0.2 :bookmark_tabs:

EveryCRED Verifier JS is a custom verifier designed to verify EveryCRED credentials according to the W3C credentials standard.

Installation

You can install the library using npm:

npm install everycred-verifier-js

Verifier Steps :clipboard:

The EveryCRED Verifier JS follows the following steps to validate credentials:

  1. Validators :white_check_mark:: Check the authenticity and integrity of the credential.

    • Authenticity checks :closed_lock_with_key:: Verify the authenticity of the credential.
    • Integrity Checks :closed_lock_with_key:: Check the integrity of the credential.
    • Issuer check :passport_control:: Validate the issuer of the credential.
    • Data Validation :abacus:: Perform validation on the credential data.
    • Checksum Match (Hash Comparison) :arrows_clockwise:: Compare hashes to ensure the integrity of the credential.
      • Blockchain Hash Fetch :link:: Fetch the blockchain hash of the credential.
      • Generate Credential Hash :1234:: Generate a hash of the credential.
      • Checksum Integrity :heavy_check_mark:: Compare the generated hash with the blockchain hash.

  2. Status Check :vertical_traffic_light:: Perform checks related to the status of the credential.

    • Credential Revocation check :no_entry_sign:: Check if the credential has been revoked.
    • Credential Expiration check :alarm_clock:: Verify if the credential has expired.

Package Verification Steps :package:

The verifier performs detailed verification steps on the package:

  1. Validator :white_check_mark:: Check the validity of the credential fields.

    • type :heavy_check_mark:: Verify if the "type" field exists and supports the "VerifiableCredential" type.
    • @context :heavy_check_mark:: Check the existence and validity of the "@context" field.
    • ID (Identifier) :heavy_check_mark:: Verify the existence of the "id" field.
    • credentialSubject :heavy_check_mark:: Check the existence of the "credentialSubject" field and validate its information.
    • Issuer :heavy_check_mark:: Verify the existence and validity of the "issuer" field.
      • Fetch Issuer profile information from the issuer link.
      • Check the validity of the "@context" field in the Issuer profile.
      • Validate the Issuer profile type against the supported types.
      • Check if the "id" matches the issuer link fetched from the credential.
      • Verify the existence of the Issuer's name and email.
      • Check if the revocation list exists.
      • Check the existence and format of the public key.
      • Fetch the Revocation List from the issuer profile.
    • ValidUntil (Optional) :heavy_check_mark:: Check the existence and format of the "validUntil" field.
    • Proof :heavy_check_mark:: Check the existence and validity of the "proof" field.
      • Validate the fields within the proof.
      • Verify the support for the current proof type ("MerkleProof2019").
    • DisplayHtml (Optional) :heavy_check_mark:: Check the existence of the "displayHtml" field.
    • IssuanceDate :heavy_check_mark:: Check the existence of the "issuanceDate" field.

  2. Checksum Match (Hash Comparison) :arrows_clockwise:: Compare hashes to ensure the integrity of the credential.

    • Note: For the first version, only "MerkleProof2019" is supported.

    • Decode "proofValue" and extract signature details.

      • There are two algorithms to decode the "proofValue":
        • First, using MerkleProof2019 algorithm. This will be used for the previously issued credentials.
        • Second using Advanced Encryption Standard(AES) algorithm. This will be used for the new credentials.
          • Below is the details for decoding the data for AES algorithm:
            • AES_128_IV and AES_128_KEY will be used to decode the proofValue. You can find this data in the proof field.
            • You'll have to pass the AES encryption KEY and IV parsed into the UTF-8 format to ensure it's in the correct encoding for decryption.
            • The decryption mode used for encryption is Cipher Block Chaining (CBC), which is a common mode for AES encryption.

    • Validate the existence of the "anchors" keyword with valid data.

    • Ensure that the following key fields exist in your credentials:

      • "path"
      • "merkleRoot"
      • "targetHash"
      • "anchors"

    • Separate the transaction ID and blink value.

    • Apply chain condition and call the corresponding API:

      • EthereumMainnet
      • EthereumRopsten
      • EthereumSepolia
      • PolygonMainnet
      • PolygonTestnet

    • Handle API responses:

      • Success: Retrieve the data and get the hash of the credentials from the transaction data.
      • Error: Return the error from the API or indicate transaction lookup errors or transaction not found errors.

  3. Status Check :vertical_traffic_light::

    • Revocation :no_entry_sign:: Check if the "revocationList" exists in the credential and fetch the revocation list details.
      • Validate the "@context" field in the revocation list.
      • Check the validity of the revocation list type against the supported types.
      • Verify the "id" key against the revocation link fetched from the credential.
      • Check if the issuer list exists and match the issuer link from the issuer profile.
      • Verify the existence of "revokedAssertions".
      • Find the credential ID in the revocation list and return a message if revoked.
      • If the ID matches, retrieve the revocation message and indicate that the credential is revoked with the given message.
      • If not matched, consider the credential valid and not revoked.
    • Expiration (ValidUntil) (Optional) :date:: Validate today's date with the "validUntil" date if it exists.

Package Notes :memo:

Version 1.0.2 of the EveryCRED Verifier JS to verify EveryCRED credentials according to the W3C credentials standard.