discord-verify - npm Package Compare versions

Comparing version 0.0.2-beta.31 to 1.0.0

dist/node.d.ts

@@ -1,7 +0,10 @@
-import { R as Request, S as SubtleCryptoImportKeyAlgorithm } from './verify-4bd1dcd2.js';
-export { P as PlatformAlgorithm, h as hexStringToBinary, v as verify } from './verify-4bd1dcd2.js';
+import { R as Request, S as SubtleCryptoImportKeyAlgorithm } from './verify-83c4cc43.js';
+export { P as PlatformAlgorithm, h as hexStringToBinary, v as verify } from './verify-83c4cc43.js';
 
 /**
- * Validates a request from Discord. If you are not on the latest version 16 or 18 of Node, you should pass a specific value in for the algorithm.
- * @param request Request to verify
+ * Validates a request from Discord. If you are not on the latest
+ * version 16 or 18 of Node, you should pass a specific value in for
+ * the algorithm. The request should not be consumed prior
+ * to calling this function.
+ * @param request Request to verify. This should not have been consumed yet.
  * @param publicKey The application's public key
@@ -8,0 +11,0 @@ * @param algorithm The name of the crypto algorithm to use

dist/web.d.ts

@@ -1,7 +0,8 @@
-import { R as Request, S as SubtleCryptoImportKeyAlgorithm } from './verify-4bd1dcd2.js';
-export { P as PlatformAlgorithm, h as hexStringToBinary, v as verify } from './verify-4bd1dcd2.js';
+import { R as Request, S as SubtleCryptoImportKeyAlgorithm } from './verify-83c4cc43.js';
+export { P as PlatformAlgorithm, h as hexStringToBinary, v as verify } from './verify-83c4cc43.js';
 
 /**
- * Validates a request from Discord
- * @param request Request to verify
+ * Validates a request from Discord. The request should not be consumed prior
+ * to calling this function.
+ * @param request Request to verify. This should not have been consumed yet.
  * @param publicKey The application's public key
@@ -8,0 +9,0 @@ * @param algorithm The name of the crypto algorithm to use

package.json

 {
 	"name": "discord-verify",
-	"version": "0.0.2-beta.31",
+	"version": "1.0.0",
 	"author": "Ian Mitchell",
@@ -57,6 +57,3 @@ "description": "A library for verifying the authenticity of requests coming from the Discord Interactions API",
 		"node": ">=16"
-	},
-	"volta": {
-		"node": "17.9.1"
 	}
 }

README.md

@@ -5,2 +5,10 @@ # discord-verify
 
+## Performance
+
+The following graphs show the real world metrics of [Truth or Dare](https://truthordarebot.xyz/) running [discord-interactions](https://www.npmjs.com/package/discord-interactions) version 3.2.0 on the left and `discord-verify` version 1.0.0 on the right. At the time, Truth or Dare was in 640,000 servers and running on a machine with an Intel Xeon E5-2630 CPU and 16GB of RAM. It averaged 55% CPU usage and 450ms event loop lag. After switching to `discord-verify`, the CPU usage dropped to 5% and the event loop lag dropped to 10ms.
+
+![discord-interactions](https://github.com/IanMitchell/interaction-kit/blob/main/assets/discord-verify-tod.png?raw=true)
+
+By using native WebCrypto instead of `tweetnacl` discord-verify achieves significantly better performance compared to discord-interactions.
+
 ## Installation
@@ -56,3 +64,3 @@
 		this.client.publicKey,
-		crypto.subtle
+		crypto.webcrypto.subtle
 	);
@@ -71,3 +79,2 @@
 ```diff
-+ import { webcrypto } from "node:crypto";
 + import { verify, PlatformAlgorithms } from "discord-verify/node";
@@ -94,4 +101,3 @@
 		this.client.publicKey,
--		crypto.subtle
-+		webcrypto.subtle,
+		crypto.webcrypto.subtle,
 +		PlatformAlgorithms.OldNode
@@ -126,1 +132,8 @@ );
 - CloudFlare
+- Modern Node.js versions (recent experimental WebCrypto support)
+- Old Node.js versions (early experimental WebCrypto support)
+
+## Credits
+
+- [devsnek](https://github.com/devsnek) for the [initial gist](https://gist.github.com/devsnek/77275f6e3f810a9545440931ed314dc1) this package is based on.
+- [kyranet](https://github.com/kyranet) for an improved hex string parser.

src/lib/verify.ts

@@ -5,3 +5,3 @@ import type {
 	SubtleCryptoImportKeyAlgorithm,
-} from "../types";
+} from "../types/index.js";
 
@@ -96,12 +96,23 @@ export declare class TextEncoder {
 	},
-	Vercel: {
-		// TODO: ecdsa?
-		name: "eddsa",
-		namedCurve: "ed25519",
+	/**
+	 * Despite being documented as 	{ name: "eddsa", namedCurve: "ed25519"} or
+	 * { name: "ecdsa", namedCurve: "ed25519" }, Vercel uses the same format as
+	 * Cloudflare in Production (despite Dev using documented formats)
+	 */
+	VercelProd: {
+		name: "NODE-ED25519",
+		namedCurve: "NODE-ED25519",
+		public: true,
 	},
+	/**
+	 * Despite being documented as using this format, Vercel uses the same format
+	 * as Cloudflare in Production and only uses this format in Development.
+	 */
+	VercelDev: { name: "eddsa", namedCurve: "ed25519" },
 };
 
 /**
- * Validates a request from Discord
- * @param request Request to verify
+ * Validates a request from Discord. The request should not be consumed prior
+ * to calling this function.
+ * @param request Request to verify. This should not have been consumed yet.
  * @param publicKey The application's public key
@@ -108,0 +119,0 @@ * @param subtleCrypto The crypto engine to use

src/node.ts

 // eslint-disable-next-line @typescript-eslint/ban-ts-comment, @typescript-eslint/prefer-ts-expect-error
-// @ts-ignore-error Node Crypto types are not well defined yet
+// @ts-ignore-error We can't use Node types since we aren't fully in a Node environment
 import crypto from "node:crypto";
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment, @typescript-eslint/prefer-ts-expect-error
-// @ts-ignore-error Node Process
 import {
 	isValidRequest as verifyRequest,
 	PlatformAlgorithm,
-} from "./lib/verify";
-import type { Request, SubtleCryptoImportKeyAlgorithm } from "./types";
-export { hexStringToBinary, PlatformAlgorithm, verify } from "./lib/verify";
+} from "./lib/verify.js";
+import type { Request, SubtleCryptoImportKeyAlgorithm } from "./types/index.js";
+export { hexStringToBinary, PlatformAlgorithm, verify } from "./lib/verify.js";
 
 /**
- * Validates a request from Discord. If you are not on the latest version 16 or 18 of Node, you should pass a specific value in for the algorithm.
- * @param request Request to verify
+ * Validates a request from Discord. If you are not on the latest
+ * version 16 or 18 of Node, you should pass a specific value in for
+ * the algorithm. The request should not be consumed prior
+ * to calling this function.
+ * @param request Request to verify. This should not have been consumed yet.
  * @param publicKey The application's public key
@@ -17,0 +18,0 @@ * @param algorithm The name of the crypto algorithm to use

src/types/index.ts

@@ -14,3 +14,3 @@ /**
 
-export type { SubtleCrypto, SubtleCryptoImportKeyAlgorithm } from "./crypto";
-export type { Request } from "./request";
+export type { SubtleCrypto, SubtleCryptoImportKeyAlgorithm } from "./crypto.js";
+export type { Request } from "./request.js";

src/web.ts

 import {
 	isValidRequest as verifyRequest,
 	PlatformAlgorithm,
-} from "./lib/verify";
+} from "./lib/verify.js";
 import type {
@@ -9,4 +9,4 @@ Request,
 	SubtleCryptoImportKeyAlgorithm,
-} from "./types";
-export { hexStringToBinary, PlatformAlgorithm, verify } from "./lib/verify";
+} from "./types/index.js";
+export { hexStringToBinary, PlatformAlgorithm, verify } from "./lib/verify.js";
 
@@ -18,4 +18,5 @@ declare const crypto: {
 /**
- * Validates a request from Discord
- * @param request Request to verify
+ * Validates a request from Discord. The request should not be consumed prior
+ * to calling this function.
+ * @param request Request to verify. This should not have been consumed yet.
  * @param publicKey The application's public key
@@ -22,0 +23,0 @@ * @param algorithm The name of the crypto algorithm to use

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

28659

increased by10.68%

Lines of code

712

increased by5.17%

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

135

increased by10.66%

No dependency changes