@darkauth/client - npm Package Compare versions

Comparing version 0.1.1 to 0.2.0

dist/dek.js

 import { compactDecrypt, importJWK } from "jose";
-import { deriveDek, unwrapPrivateKey } from "./crypto";
-import { getHooks } from "./hooks";
+import { deriveDek, unwrapPrivateKey } from "./crypto.js";
+import { getHooks } from "./hooks.js";
 let cachedPrivKey = null;
@@ -5,0 +5,0 @@ let cachedPrivKeyPromise = null;

dist/index.d.ts

@@ -1,4 +0,4 @@
-export * from "./crypto";
-export * from "./dek";
-export { setHooks } from "./hooks";
+export * from "./crypto.js";
+export * from "./dek.js";
+export { setHooks } from "./hooks.js";
 type Config = {
@@ -5,0 +5,0 @@ issuer: string;

dist/index.js

 import { compactDecrypt } from "jose";
-export * from "./crypto";
-export * from "./dek";
-export { setHooks } from "./hooks";
+export * from "./crypto.js";
+export * from "./dek.js";
+export { setHooks } from "./hooks.js";
 function viteEnvGet(key) {
@@ -28,3 +28,2 @@ try {
             : "http://localhost:5173/callback"),
-    zk: true,
 };
@@ -97,10 +96,14 @@ const OBFUSCATION_KEY = "DarkAuth-Storage-Protection-2025";
 export async function initiateLogin() {
-    const keyPair = await crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, [
-        "deriveKey",
-        "deriveBits",
-    ]);
-    const publicJwk = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
-    const privateJwk = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
-    sessionStorage.setItem("zk_eph_priv_jwk", JSON.stringify(privateJwk));
-    const zkPubParam = bytesToBase64Url(new TextEncoder().encode(JSON.stringify(publicJwk)));
+    const zkEnabled = cfg.zk === true;
+    let zkPubParam;
+    if (zkEnabled) {
+        const keyPair = await crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, [
+            "deriveKey",
+            "deriveBits",
+        ]);
+        const publicJwk = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
+        const privateJwk = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
+        sessionStorage.setItem("zk_eph_priv_jwk", JSON.stringify(privateJwk));
+        zkPubParam = bytesToBase64Url(new TextEncoder().encode(JSON.stringify(publicJwk)));
+    }
     const state = crypto.randomUUID();
@@ -118,3 +121,3 @@ const verifier = bytesToBase64Url(crypto.getRandomValues(new Uint8Array(32)));
     authUrl.searchParams.set("code_challenge_method", "S256");
-    if (cfg.zk !== false)
+    if (zkEnabled && zkPubParam)
         authUrl.searchParams.set("zk_pub", zkPubParam);
@@ -208,3 +211,5 @@ location.assign(authUrl.toString());
     if (!response.ok) {
-        localStorage.removeItem("refresh_token");
+        if (response.status === 401) {
+            localStorage.removeItem("refresh_token");
+        }
         return null;
@@ -211,0 +216,0 @@ }

package.json

 {
   "name": "@darkauth/client",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "license": "MIT",
@@ -15,2 +15,3 @@ "type": "module",
     "build": "tsc",
+    "test": "npm run build && node --test --test-reporter=dot --experimental-specifier-resolution=node",
     "prepack": "npm run build",
@@ -17,0 +18,0 @@ "typecheck": "tsc --noEmit",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

26561

1.09%

Lines of code

452

1.12%

No dependency changes