Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

dpop

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dpop

DPoP (RFC9449) for JavaScript Runtimes

latest
Source
npmnpm
Version
2.1.1
Version published
Weekly downloads
851K
-8.63%
Maintainers
1
Weekly downloads
 
Created
Source

dpop

OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for JavaScript Runtimes

💗 Help the project

Dependencies: 0

API Reference

dpop is distributed via npmjs.com, jsdelivr.com, and github.com.

Example

ESM import1

import * as DPoP from 'dpop'

DPoP Key Pair generation

const keypair = await DPoP.generateKeyPair('ES256', { extractable: false })

AS proof generation

let nonce!: string | undefined
const proof = await DPoP.generateProof(keypair, 'https://as.example.com/token', 'POST', nonce)

AS Authorization Code Binding via dpop_jkt

const dpop_jkt = await DPoP.calculateThumbprint(keyPair.publicKey)

AS proof generation

let nonce!: string | undefined
let accessToken!: string

const proof = await DPoP.generateProof(
  keypair,
  'https://rs.example.com/api',
  'GET',
  nonce,
  accessToken,
)

Supported Runtimes

The supported JavaScript runtimes include those that support the utilized Web API globals and standard built-in objects. These are (but are not limited to):

  • Browsers
  • Bun
  • Cloudflare Workers
  • Deno
  • Electron
  • Node.js2
  • Vercel's Edge Runtime

Supported Versions

VersionSecurity Fixes 🔑Other Bug Fixes 🐞New Features ⭐
v2.xSecurity Policy

Footnotes

  • CJS style let dpop = require('dpop') is possible in Node.js versions where the require(esm) feature is enabled by default (^20.19.0 || ^22.12.0 || >= 23.0.0).

  • Node.js v20.x as baseline is required

Keywords

dpop
rfc9449

FAQs

Package last updated on 02 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket for Jira Is Now Available

Product

Socket for Jira Is Now Available

Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.

By Jeppe Hasseriis  -  Apr 20, 2026
Socket Named Top Sales Organization by RepVue

Company News

Socket Named Top Sales Organization by RepVue

Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.

By Sarah Gooding  -  Apr 17, 2026