Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@cyyynthia/tokenize

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cyyynthia/tokenize

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

  • 1.1.1
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Tokenize

ko-fi
License

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

Implementation

This repository contains the reference Tokenize implementation, in NodeJS. You can find out how to install and use it in USAGE.md.

Here is a list of other implementations:

Security

Here are some basic guidelines implementations should follow to ensure they have a safe piece of software. It isn't a magic formula and doesn't include everything, so make sure you give extra attention not introducing vulnerabilities.

  • Check absolutely everything
    Tokens are pieces of data you can trust as much as the Chinese government. You will receive invalid ones, and some people will attempt to tamper tokens. Make sure to check absolutely everything, and only perform operations on it when you know it's safe.

  • Be aware of timing attacks
    When checking for the token signature, ensure you are using a safe equality check. A safe check is one that takes the exact same time, whether the two values match or not.

Reporting a vulnerability

For security vulnerabilities within the reference implementation, please shoot me an email at cynthia@cynthia.dev so I can give it a look, and issue appropriated fixes and security advisories.

For other implementation, refer to the security policies established by implementation maintainers.

Specification

The Tokenize Token Format specification can be found in SPEC.md.

FAQs

Package last updated on 25 Nov 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc