npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

password-security-module

v1.1.0

Published

A module inspired by TPM to provide some password security by safely storing and generating passwords.

Downloads

3

Readme

password-security-module

Introduction

This project creates a Javascript library for NodeJS. It aims at securing existing passwords by encrypting them, or generating new passwords on demand. For both usages, the whole process is repeatable: by providing the same input, the library always produces the same output. And the cryptographic secrets necessary to control the library's behavior, never leaves the module itself.

Although similar to another password manager, the library itself is stateless, it outsources any task for permanent storage to the calling code. As such this module supplements, rather than replaces, existing password storage practices of using a password manager: by replacing the stored password with a "password requesting URL" (generated by this module after importing it), one must have access to both the password manager itself, and this module, to have an actual password revealed.

And consider that this module can be used quasi-offline on a computer detached from Internet:

A request or a response is transferred in text-form with predefined format,
and initial secrets for running the module are either stored within hardware
security modules, or decrypted on the computer without going over wire.(*)

Therefore a higher level of security can be achieved as nothing exists online, and from any output one cannot infer the secrets used (given good implementation).

(*) In fact, the module itself does not make assumption on how the secret
is stored, all it requires is a random oracle function with 512 bits output
(preferably a SHA512-HMAC function loaded with a secret). This function
can be implemented in software or hardware, the latter could have better
security.