Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@turnkey/indexed-db-stamper

Package Overview
Dependencies
Maintainers
8
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@turnkey/indexed-db-stamper

IndexedDB-based stamper for @turnkey/http

latest
Source
npmnpm
Version
1.1.1
Version published
Weekly downloads
11K
34.59%
Maintainers
8
Weekly downloads
 
Created
Source

@turnkey/indexed-db-stamper

npm

The @turnkey/indexed-db-stamper package enables secure request stamping using an unextractable P-256 keypair stored in the browser’s IndexedDB. It serves the same purpose as @turnkey/api-key-stamper, allowing you to sign and approve requests to Turnkey’s API, but without exposing the private key. This is ideal for long-lived browser sessions in progressive web apps (PWAs), wallet extensions, or any context where the key must remain secure and persistent across reloads.

The IndexedDbStamper generates the private key using SubtleCrypto and stores it in a non-exportable format, ensuring that it cannot be extracted or exfiltrated by application code. The keypair is stored in IndexedDB so that it can be reused in subsequent sessions.

Usage:

The IndexedDbStamper class implements the TStamper interface used by the TurnkeyClient in the @turnkey/http module. It encapsulates the logic necessary to sign activity requests and generates the appropriate HTTP headers for authentication.

import { IndexedDbStamper } from "@turnkey/indexed-db-stamper";

// Initialize the stamper and generate or load the keypair
const stamper = new IndexedDbStamper();
await stamper.init();

// Once initialized, the stamper is ready to be passed into the TurnkeyClient.
const httpClient = new TurnkeyClient(
  { baseUrl: "https://api.turnkey.com" },
  stamper,
);

Keywords

Turnkey
http
stamper

FAQs

Package last updated on 27 Jun 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Introducing Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Product

Introducing Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.

By Martin Torp  -  Sep 09, 2025
DuckDB npm Account Compromised in Continuing Supply Chain Attack

Research

/

Security News

DuckDB npm Account Compromised in Continuing Supply Chain Attack

Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.

By Peter van der Zee, Sarah Gooding  -  Sep 09, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.