Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
auth-component
Advanced tools
A Collection of Authentication Tools for DoneJS.
<token-auth>
componentThe token-auth
component makes it easy to implement JWT-based authentication for your application.
<token-auth {^auth}="session"
key-location="authToken"
login-endpoint="http://localhost:8080/login"
username-field="email"
{(loading)}="loading"
remember-me >
</token-auth>
Available attributes include
key-location
- The name of the location where the token will be stored in either SessionStorage or LocalStorage.login-endpoint
- The url used to POST login data.username-field
- used customize what parameter is sent to the server. default is username
.remember-me
- Determines the longevity of the stored token. If enabled, the token will be stored in LocalStorage instead of SessionStorage.The token-auth
component includes a loading indicator and a basic login form that overlay your application. Future improvements will allow you to customize the template.
<session-auth>
componentComing in a future release.
JWT auth, when executed correctly, is superior to cookie/session auth in a couple of potentially big ways:
One caveat to using token auth is that DoneJS's server-side rendering will not have access to the token. This limits the server-side rendered parts of your app to information that is publicly available. Your templates will still be able to be rendered on the server. Any user-specific data will need to be requested by the browser.
This information isn't a comprehensive guide to security, but hopefully can be helpful in helping you to secure your application. If is other information that you think should be included here, please open an issue or submit a PR.
If you see room for improvement in any of the provided modules, whether in features or in security improvements, please help out the community by opening issues or submitting a PR.
FAQs
Clean authentication components for React
The npm package auth-component receives a total of 2 weekly downloads. As such, auth-component popularity was classified as not popular.
We found that auth-component demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.