Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@privyid/nuauth
Advanced tools
@privyid/nuauth
NuAuth
Oauth2 Client for Nuxt
Compabilities
- Nuxt 3
Instalation
yarn add --dev @privyid/nuauth
Then, add into nuxt.config.ts modules
export default defineNuxtConfig({
modules: ['@privyid/nuauth'],
build : { transpile: ['@privyid/nuauth'] },
})
Usage
import { useNuAuth } from '@privyid/nuauth/core'
const {
token,
isAlmostExpired,
login,
logout,
refresh,
} = useNuAuth()
// Get Access-Token
token.value
// Redirect to login page
login()
// Redirect to login page, and redirect to /dashboard after success
login('/dashboard')
// Redirect to logout page
logout()
// Redirect to logout page, and redirect to /dashboard after success re-login
logout('/dashboard')
// Check token is almost expired (15 minutes before Expired Date)
if (isAlmostExpired(15)) {
// Request new token
await refresh()
}
Configuration
This module read enviroment variables directly.
| Env Name | Default | Description |
|---|---|---|
| OAUTH_HOST | - | (Required) Oauth server's host |
| OAUTH_CLIENT_ID | - | (Required) Oauth Client ID |
| OAUTH_CLIENT_SECRET | - | (Required) Oauth Client Secret |
| OAUTH_REDIRECT_URI | /auth/callback | Oauth Callback URI |
| OAUTH_SCOPE | public read | Oauth scope |
| OAUTH_LOGOUT_URI | - | Oauth Logout URI |
| OAUTH_HOME | / | Redirect path after success login |
| OAUTH_REGISTER | false | Add params register to Oauth Server |
| OAUTH_REDIRECT_WHITELIST | - | Redirect path after success login whitelist, for multiple value, use ; as delimeter |
| OAUTH_DENIED_REDIRECT | Same as OAUTH_HOME | Redirect path after user after denying the authorization request |
| OAUTH_AUTHORIZE_PATH | /oauth/authorize | URL path to request an authorization code |
| OAUTH_TOKEN_PATH | /oauth/token | URL path to obtain access tokens |
| OAUTH_REVOKE_PATH | /oauth/revoke | URL path to revoke access tokens |
| OAUTH_REFRESH_PATH | Same as OAUTH_TOKEN_PATH | URL path to refresh access tokens |
👉 See .env.example for example
Cookie Serialize Config
You can change default cookie config. Add this in your nuxt.config.ts
export default defineNuxtConfig({
// ...
nuauth : {
// ...
cookie: {
httpOnly: true,
sameSite: 'none',
path : '/',
secure : true,
},
// ...
}
})
👉 See here for all cookie options.
Multiple Server Profile
Since 0.4.0, you can target more than one oauth server.
- Add new profile in your
nuxt.config.ts
export default defineNuxtConfig({
// ...
nuauth: {
// ...
profile: {
default: 'oauth',
names : [
'oauth', // default profile
'github', // additional profile
]
}
// ...
}
})
-
Your profile's name will become prefix on config env. ex: If your profile's name
github, your env will became:GITHUB_HOSTGITHUB_CLIENT_IDGITHUB_CLIENT_SECRET,GITHUB_REDIRECT_URI- etc.
-
In your component, explicit the profile you want to use.
import { useNuAuth } from '@privyid/nuauth/core'
const {
token,
isAlmostExpired,
login,
logout,
refresh,
} = useNuAuth('github')
Disable redirection page
To prevent displaying the redirection page, you can set the sameSite attribute of the cookie to lax or none.
export default defineNuxtConfig({
// ...
nuauth: {
// ...
cookie: {
sameSite: 'lax', // or 'none' for cross-origin cookies
}
// ...
}
})
Middleware Guard
Since 0.7.0, NuAuth include global middleware which redirect to login page if user not authenticated.
If you want disabled it in some page, you can use set meta page auth to false.
<script setup lang="ts">
import { definePageMeta } from '#imports'
definePageMeta({ auth: false })
</script>
Or you can set auth profile using it
<script setup lang="ts">
import { definePageMeta } from '#imports'
definePageMeta({ auth: 'github' })
</script>
Or if you want disable redirect on every pages:
// nuxt.config.ts
export default defineNuxtConfig({
// ...
nuauth: {
// ...
middleware: false,
// ...
}
})
Contribution
- Clone this repository
- Play Nyan Cat in the background (really important!)
- Enable Corepack using
corepack enable(usenpm i -g corepackfor Node.js < 16.10) - Run
yarn install - Run
yarn dev:prepareto generate type stubs. - Use
yarn devto start playground in development mode.
License
FAQs
Unknown package
The npm package @privyid/nuauth receives a total of 10 weekly downloads. As such, @privyid/nuauth popularity was classified as not popular.
We found that @privyid/nuauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 02 Oct 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025