Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@relaycorp/dnssec
Advanced tools
@relaycorp/dnssec
Resolver-agnostic DNSSEC library for Node.js.
As surprising as it may sound, there's no (reliable) way to do DNSSEC verification in Node.js in 2022, so when you see a JS app or library that claims DNSSEC support, chances are they're just blindly trusting a resolver like Cloudflare or Google -- which, admittedly, is sufficient in many cases and even desirable for performance reasons.
The Node.js team considered adding DNSSEC support but ruled it out due to lack of support in their upstream DNS library. As a consequence, two libraries have tried to fill the vacuum:
Although this is a general-purpose DNSSEC library, some key design decisions stem from our need to build the library for the sole purpose of using it in Vera.
DNS resolution is a problem solved in Node.js -- there's just no shortage of reliable UDP-, TLS- or HTTPS-based resolvers on NPM. So we didn't want to create a new resolver or tie our DNSSEC implementation to any particular resolver.
As this is primarily a DNSSEC library, we treat DNS and DNSSEC errors differently:
However, errors are thrown upon attempting to parse malformed RDATA values for DNSSEC records -- we use a third-party library that parses the DNS message eagerly.
We don't need DoE records in Vera, so we won't be implementing that functionality ourselves, but PRs are welcomed.
This library supports producing RRSig records simply for testing purposes: It makes it very easy to test valid and invalid signatures both internally and from any software using this library, without mocking anything.
We support all the Zone Signing DNSSEC algorithms as of 2022, except for:
3
) because it's too insecure and hardly used.6
and 7
) because we don't currently support Denial of Existence records.12
) due to lack of support in Node.js, and its lack of popularity and security doesn't seem to justify integrating a third party NPM package supporting it (assuming a suitable one exists).253
and 254
) because we have no use for those, but we'd welcome PRs to implement them.FAQs
Resolver-agnostic DNSSEC library
The npm package @relaycorp/dnssec receives a total of 64 weekly downloads. As such, @relaycorp/dnssec popularity was classified as not popular.
We found that @relaycorp/dnssec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.