Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@validatedid/vc-vp-validator
Advanced tools
vc-vp-validator
vc-vp-validator is a library designed to provide validation functionality for JSON Web Tokens (JWTs) and JSON objects representing verifiable credentials and presentations. It exposes four validation functions tailored to validate both JSON and JWT credentials and presentations. This library supports various DID methods including did:key, did:ebsi, and did:web.
[!NOTE]
For@validatedidinternal use.
Features
- Validate JSON Web Tokens (JWTs) and JSON objects representing verifiable credentials (VCs) and presentations (VPs).
- Support for multiple DID methods:
did:key,did:ebsi, anddid:web. - Special handling for EBSI issued credentials and DID:key presentations containing EBSI issued credentials.
- Validate DID-based authentication tokens using
validateDidAuthToken
Installation
You can install vc-vp-validator via npm:
npm install vc-vp-validator
Usage
Importing the library
import {
validateJwtVC,
validateJsonVC,
validateDcqlVp,
validateDidAuthToken,
} from 'vc-vp-validator';
Validating JSON Web Token (JWT) Verifiable Credentials (VCs)
const validationResult = await validateJwtVC(jwtCredential, options);
Validating JSON Verifiable Credentials (VCs)
const validationResult = await validateJsonVC(jsonCredential, options);
Validating DCQL Verifiable Presentations (VPs)
const validationResult = await validateDcqlVp(dcqlPresentation, audience, options);
Validating DID-based Authentication Token
To validate a DID-based authentication token (e.g., id_token), you can use the validateDidAuthIdToken function. This function checks the validity of the token, ensures it contains the correct issuer (iss) and algorithm (alg), and validates the token's signature.
const validationResult = await validateDidAuthToken(id_token);
Optional option parameters
Both credential validation functions (validateJwtVC and validateJsonVC) and presentation validation functions (validateDcqlVP) support optional options parameters.
export interface CredentialValidationOptions {
didRegistry?: string;
ebsiAuthority?: string;
}
export interface PresentationValidationOptions {
dcqlQuery?: DCQLQuery;
didRegistry?: string;
ebsiAuthority?: string;
}
Validation Response
The response object will follow the interface:
export interface ValidationResult {
valid: boolean;
messages?: string[];
}
If the valid property is false, the messages array will include reasons why the credential is not valid.
FAQs
Verifiable Credentials validator library
We found that @validatedid/vc-vp-validator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 30 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026