npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

swish-protocol

v2.5.0

Published

An API Authentication mechanism using Hybrid Cryptography in order to monitor and manage sessions with an API

Downloads

37

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

adonisv79adonisv79

Keywords

adonapihandshake

Readme

swish-protocol

swish protocol banner An API Authentication Mechanism in order to monitor and manage sessions between clients and an API.

Project stats

  • Package: npm npm
  • License: GitHub
  • CICD: Codacy Badge Known Vulnerabilities

    • develop: Build Status Coverage Status

    • master: Build Status Coverage Status

How it works

The API Handshake is basically a Hybrid Encryption system (https://en.wikipedia.org/wiki/Hybrid_cryptosystem) which is built for managing short to medium term Client-Server sessions. This is useful for ensuring that whenever a client needs to connect to an API, the transmitted communication on the network is encrypted e2e (End-to-End). On top of that, when that session is destroyed, the transmitted data are as good as gone! To continue communicating, the client needs to perform a new handshake. To ensure that keys cannot be reused, it also implements the double ratchet algorithm (https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm).

For more details on this project, please see the project wiki at https://github.com/adonisv79/node-swish-protocol/wiki

Installation

The module is released and available in NPMJS (https://www.npmjs.com/package/swish-protocol)

npm install swish-protocol --save

Building source

Just run 'tsc' and it will build the entire distributable Javascript and description files (*.d.ts) into the 'dist/src' folder. This will also build the dev testing output into 'dist/tools'. Note that when this is published ('npm publish .'), only the files in 'dist/src' is included.

Running test server and client

After building, you can run the scripts in package json to test the server and client communications (files found in 'dist/tools')

npm run dist:server
npm run dist:client

History

Simplified headers for keys into a single token (2.5.0)

The previous swishIv, swishKey and swishnextPub is now a dot (.) concatenated base64 string named swishToken.

Fixed CICD and Typescript+AirBnb linting policies (2.4.0)

automated publish and fixed several CICD integrations. Server and Client classes functionalities are now made static

Fixed hybrid decryption response (2.3.0)

Major improvements in code fixing several pending code quality fixes and type definition improvements

Fixed hybrid decryption response (2.0.1)

  • it now uses HybridDecryptResult which returns the decrypted data as buffer and the next public key in the chain.
  • SwishBody's 'enc_body' no longer allows undefined

Major revamp (2.0.0)

  • Just updated several issues from previous versions and made it much simpler to understand the core concepts of the tool.
  • fixed crlf inconsistencies
  • Added snyk for dependency validation.
  • Updated to also use eslint AirBnB with Typescript and removed deprecated tslint.
  • Most functions have been simplified and thus will break any previous implementation so make sure to always lock your versions.

renamed project to swish-protocol (as of 1.2.5)

I just had to rename it as the long name is not that awesome. SWISH stands for "Secured Web Iterating Session Handshake" which pretty much describes what it does. all headers are renamed as such as well.

Migration to TypeScript and CICD (added in 1.2.3)

We have started unit testing and boy it is a mess as we need to validate through several possible ways anyone will mess your code thru invalid parameter injection. We need a standardized way to strict type it and no one comes close to TypeScript such that most projects are moving towards it. Modified the unit tests and code coverage as well to allow for Typescript support. We have also utilized popular open-source quality and CI tools like Codacy, Jest and Travis

*do not use 1.2.0, it pointed to the wrong index.js file and was hotfixed via 1.2.1 *1.2.2 has a minor fix from 1.2.1 and works the same. only the file size changed as we removed the test tool codes

Double Ratchet (added in 1.1.0)

We enhance the algorithm by applying a double ratchet approach similar to most messaging encryption apps. Each communication will basically generate a new private key and pass its new public key. these sets are used for the next request or response chain making it almost crazy to crack unlike in the previous version where getting the current session key allows a hacker to snoop thru ALL messages in the session. now they need to be part of the entire conversation chain or they will be lost.