Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@vonage/auth
Advanced tools
Vonage Auth Package adds the correct authentication headers to requests to Vonage API's
This is the Vonage Auth SDK for Node.js for creating authentication headers and signature for use with Vonage APIs. To use it you will need a Vonage account. Sign up for free at vonage.com.
We recommend using this package as part of the overall @vonage/server-sdk
package.
For full API documentation refer to developer.vonage.com.
We recommend using this SDK as part of the overall @vonage/server-sdk
package. Please see the main package for installation.
You can also use this SDK standalone if you only need access to just the Auth SDK.
npm install @vonage/auth
yarn add @vonage/auth
If you are using this SDK as part of the Vonage Server SDK, you can access it as the auth
property off of the client that you instantiate.
The SDK can be used standalone from the main Vonage Server SDK for Node.js if you only need to use the Auth API. All you need to do is require('@vonage/auth')
, and use the returned object to create your own client.
const { Auth } = require('@vonage/server-sdk');
// Or if standalone
const { Auth } = require('@vonage/auth');
const vonageAuth = new Auth({
apiKey: API_KEY,
apiSecret: API_SECRET,
applicationId: APP_ID,
privateKey: PRIVATE_KEY_PATH,
});
(async () => {
const basicHeader = vonageAuth.createBasicHeader();
console.log(basicHeader);
})()
Options is an object with the following properties:
apiKey
- API Key from Vonage API. If applicationId
and privateKey
are present, apiKey
is optional.apiSecret
- API Secret from Vonage API. If applicationId
and privateKey
are present, apiSecret
is optional.applicationId
- (optional) The Vonage API Application ID to be used when creating JWTs.privateKey
- (optional) The Private Key to be used when creating JWTs. You can specify the key as any of the following:
Run:
npm run test
FAQs
Vonage Auth Package adds the correct authentication headers to requests to Vonage API's
The npm package @vonage/auth receives a total of 49,051 weekly downloads. As such, @vonage/auth popularity was classified as popular.
We found that @vonage/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 43 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.