npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

roughtime

v0.0.2

Published

Secure time synchronisation

Downloads

5

Readme

roughtime

This module implements a Roughtime client for Node.js v6.x and up.

Roughtime?

Roughtime is a project that aims to provide secure time synchronisation.

With NTP, a third party can intercept and modify replies from the server. The reply you get is not necessarily and certainly not provably what the server sent.

Roughtime replies cannot be forged: they are cryptographically signed using Ed25519. Clients can also create audit trails to help weed out misbehaving servers (another common problem with NTP.)

See the Roughtime homepage for more information.

Concepts

  • Midpoint is the server's idea of "now" relative to the UNIX epoch, expressed in microseconds.

  • Radius is the server's uncertainty about the midpoint, also expressed in microseconds.

The server asserts that the true time is within midpoint - radius/2 and midpoint + radius/2.

Return-trip network latency is not accounted for. Expect that to be on the order of several milliseconds.

Leap seconds are smeared out over the course of a day.

Usage

Good ol' callback-style:

const roughtime = require('roughtime')

roughtime('roughtime.cloudflare.com', (err, result) => {
	if (err) throw err
	const {midpoint, radius} = result
	console.log(midpoint, radius) // ex. "1537907399109000 1000000"
})

With promises:

const {promise: roughtime} = require('roughtime')

roughtime('roughtime.cloudflare.com').then(result => {
	const {midpoint, radius} = result
	console.log(midpoint, radius) // ex. "1537907399109000 1000000"
})

Or with async/await:

const {promise: roughtime} = require('roughtime')

async function f() {
	const {midpoint, radius} = await roughtime('roughtime.cloudflare.com')
	console.log(midpoint, radius) // ex. "1537907399109000 1000000"
}

f() // no top-level await yet in Node.js

roughtime currently knows about two public servers:

  1. roughtime.cloudflare.com
  2. roughtime.sandbox.google.com

To query other servers, provide the host name and optionally the port number, and include the server's public key as a Buffer or Uint8Array:

const roughtime = require('roughtime')

const pubkey = Uint8Array.from([0,0,0,0,/*...*/]) // must be 32 bytes

const options = {
	host: 'roughtime.example.com',
	port: 1337, // default is 2002
	pubkey: pubkey,
}

roughtime(options, (err, result) => {
	// ...
})

If you want to plug in your own nonce or UDP socket, you can: the options are called .nonce and .socket respectively. The nonce must be a 64 byte Buffer or Uint8Array:

const roughtime = require('roughtime')
const {randomBytes} = require('crypto')

const host = 'roughtime.cloudflare.com'
const nonce = randomBytes(64)
const options = {host, nonce}

roughtime(options, (err, result) => {
	// ...
})

Known bugs

  • Auditing is not implemented. The ecosystem isn't large enough yet to make it practical.

  • Merkle tree verification has only been lightly tested. I have yet to see a server in the wild return a reply that contains one.