Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
By Trevor Norris - Jan 09, 2025
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@simplewebauthn/server
Advanced tools
@simplewebauthn/server
Installation
This package can be installed from NPM and JSR:
Node LTS 20.x and higher
npm install @simplewebauthn/server
Deno v1.43 and higher
deno add jsr:@simplewebauthn/server
Documentation
You can find in-depth documentation on this package here: https://simplewebauthn.dev/docs/packages/server
Supported Attestation Formats
SimpleWebAuthn supports all current WebAuthn attestation formats, including:
- Android Key
- Android SafetyNet
- Apple
- FIDO U2F
- Packed
- TPM
- None
v13.0.0 - The one where they share a type
Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @simplewebauthn/types.
Changes:
- [server] A new
preferredAuthenticatorTypeargument can be set when callinggenerateRegistrationOptions()to generate options that encourage the browser to direct the user to register one of three types of authenticators:'securityKey','localDevice', or'remoteDevice'(a.k.a. opinionated WebAuthn hints support) (#653) - [browser]
startRegistration()will recognizehintsif specified inoptionsJSON(#652) - [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
- [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)
Breaking Changes
@typescript/types is being retired. Its types will now be included directly in @simplewebauthn/browser and @simplewebauthn/server.
To refactor existing imports from /types, simply import them from /browser or /server instead:
Before:
import type {
AuthenticationResponseJSON,
RegistrationResponseJSON,
WebAuthnCredential,
} from '@simplewebauthn/types'; // <--
After:
import type {
AuthenticationResponseJSON,
RegistrationResponseJSON,
WebAuthnCredential,
} from '@simplewebauthn/server'; // <--
FAQs
SimpleWebAuthn for Servers
We found that @simplewebauthn/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 09 Dec 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
By Kirill Boychenko - Jan 08, 2025
Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
By Sarah Gooding - Jan 07, 2025