npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

yubico-node

v1.0.3

Published

A NodeJS implementation of the Yubico OTP API

Downloads

373

Readme

Typescript (Javascript) Yubico API Implementation

This is a JS implementation of the Yubico Validation Protocol as outlined in their documentation. All of the extra security precautions are implemented such as using the client secret to hash the request on its way out, and validate the response on its way in. This library is also incredibly small and has no outside dependencies.

Features

  • Managed request hashing and response verification
  • Typescript types built in
  • Environment Variable Defaults

Environment Variables


YUBICO_CLIENT_ID    = Client ID from Yubico
YUBICO_SECRET       = Secret from Yubico
YUBICO_SL           = The SL to use (0 - 100, fast, or secure)
YUBICO_TIMEOUT      = The timeout for the request (number)
YUBICO_API_SERVERS  = If you run your own compliant verification servers, place the hosts  in a comma separated list (ex. api.yubico.com,api2.yubico.com, etc.)

Yubico

constructor(options?: IYubicoConstructor)

The options parameter contains all of the options you might want to set for the verification requests. Some parameters are requrired, but having an environment variable suffices for the requirement. The options parameter is not required at all of all parameters are met with environment variables.

| option | required | type | default | example | | ------------ | -------- | -------------------------------- | ------------------ | -------------- | | clientId | ✅ | string | N/A | "MyClientID" | | secret | ✅ | string | N/A | "MySecret" | | sl | | number (0-100),"fast","secure" | none | "secure" | | timeout | | number | none | "secure" | | apiServers | | string[] | Yubico API Servers | "secure" |

verify(otp: string): Promise<Response>

Verify the OTP against the verification servers. This will return a Response class that can be picked apart to get the data you need.

Response

getOneTimePassword(): string

Returns the same OTP that was passed into the verify function.

getTimestampUTC(): Date

Returns the UTC timestamp that was given in response from the verification server.

getTimestamp(): Date

Returns the timestamp from when the key was pressed.

getSessionCounter(): number

Returns the internal usage counter provided by the key from when it was pressed.

getSessionUse(): number

Returns the internal session usage counter provided by the key from when it was pressed.

getStatus(): ResponseStatus

Returns the response status of the request. This should always be ResponseStatus.OK as all other responses will throw an error.

getPublicId(): string

Returns the public ID of the key. This is unique to each key, but is encoded in ModHex. If you need the public ID as a number (aka. the serial number), use getSerialNumber().

getSerialNumber():number

Returns the serial number of the key. This is decoded from ModHex and represented as a UIntBE.