Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@trace4eu/verifiable-presentation
Advanced tools
verifiable-presentation library
It is a library designed to provide validation functionality for JSON Web Tokens (JWTs) verifiable presentations.
It exposes a method to validate verifiable presentations.
This library supports did:ebsi method and it makes use of the EBSI library https://www.npmjs.com/package/@cef-ebsi/verifiable-presentation
Features
- Designed for validating DID:key presentations containing EBSI issued credentials.
- Validate presentation submission and presentation definition.
- Extract the vp_token data.
Installation
You can install @trace4eu/verifiable-presentation via npm:
npm install @trace4eu/verifiable-presentation
Usage
Importing the library
import {
validateJwtVP,
} from '@trace4eu/verifiable-presentation';
Validating JSON Web Token (JWT) Verifiable Presentations (VPs)
const validationResult = await validateJwtVP(jwtPresentation, audience, options);
Optional option parameters
interface PresentationValidationOptions {
presentationSubmission?: PresentationSubmission;
presentationDefinition?: PresentationDefinition;
didRegistry?: string;
ebsiAuthority?: string;
}
Validation Response
The response object will follow the interface:
interface ValidationResult {
valid: boolean;
messages?: string[];
vpData?: VPTokenData;
}
- If the valid property is false, the messages array will include reasons why the credential is not valid.
- vpData contains the decoded Verifiable Presentation with the following data:
{
"decodedVerifiablePresentation": {
...
},
"descriptorMapIds": [
"urn:did:123456"
],
"verifiableCredentials": [
{
"format": "jwt",
"verifiableCredential": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpX..."
}
],
"verifiableCredentialsDecoded": [
{
...
}
],
"vpToken": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZ...",
"vpTokenIssuer": "did:key:z2dmzD81cgPx..."
}
FAQs
Verifiable Presentation validator library
We found that @trace4eu/verifiable-presentation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 21 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026