generate-api-key - npm Package Compare versions

Comparing version 1.0.0 to 1.0.1

package.json

 {
   "name": "generate-api-key",
   "description": "A library for generating random API key/access tokens",
-  "version": "1.0.0",
-  "main": "./lib/index.js",
+  "version": "1.0.1",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "keywords": [
@@ -11,4 +12,7 @@ "REST",
     "access",
-    "token"
+    "token",
+    "key"
   ],
+  "author": "Paul Proctor <paulproctorjr@gmail.com>",
+  "homepage": "https://github.com/pauldenver/generate-api-key",
   "repository": {
@@ -18,32 +22,57 @@ "type": "git",
   },
-  "author": "Paul Proctor <paulproctorjr@gmail.com>",
+  "bugs": {
+    "url": "https://github.com/pauldenver/generate-api-key/issues"
+  },
+  "files": [
+    "dist"
+  ],
   "scripts": {
-    "lint": "eslint ./lib/**/*.js",
-    "lint:fix": "eslint ./lib/**/*.js --fix",
-    "test": "mocha ./test/index.js",
-    "test:coverage": "nyc --reporter=html --reporter=text mocha ./test/index.js",
+    "build": "run-s build:clean build:main",
+    "build:main": "tsc -p tsconfig.json",
+    "build:clean": "shx rm -rf ./dist ./coverage ./.nyc_output",
+    "build:watch": "tsc -p tsconfig.json -w",
+    "lint:fix": "eslint ./{src,test}/**/*.ts --fix",
+    "test:lint": "eslint ./{src,test}/**/*.ts",
+    "test:unit": "mocha --config .mocharc.json",
+    "test:unit:build": "cross-env TEST_BUILD=true mocha --config .mocharc.json",
+    "test:cov": "nyc mocha --config .mocharc.json",
     "test:coveralls": "nyc report --reporter=text-lcov | coveralls",
-    "test:codecov": "nyc report --reporter=text-lcov | codecov --pipe"
+    "test:spelling": "cspell -c .cspell.json",
+    "test:types": "tsd"
   },
   "dependencies": {
-    "base-x": "^3.0.8",
-    "chance": "^1.1.7",
-    "rfc4648": "^1.4.0",
+    "base-x": "^4.0.0",
+    "chance": "^1.1.8",
+    "rfc4648": "^1.5.2",
     "uuid": "^8.3.2"
   },
   "devDependencies": {
-    "chai": "^4.2.0",
-    "codecov": "^3.7.2",
-    "coveralls": "^3.1.0",
-    "eslint": "^7.10.0",
-    "eslint-config-google": "^0.14.0",
-    "eslint-plugin-import": "^2.22.1",
-    "mocha": "^8.1.3",
+    "@types/chai": "^4.3.1",
+    "@types/chance": "^1.1.3",
+    "@types/mocha": "^9.1.1",
+    "@types/node": "^18.0.6",
+    "@types/uuid": "^8.3.4",
+    "@typescript-eslint/eslint-plugin": "^5.30.6",
+    "@typescript-eslint/parser": "^5.30.6",
+    "chai": "^4.3.6",
+    "coveralls": "^3.1.1",
+    "cross-env": "^7.0.3",
+    "cspell": "^6.3.0",
+    "eslint": "^8.20.0",
+    "eslint-plugin-import": "^2.26.0",
+    "mocha": "^10.0.0",
+    "npm-run-all": "^4.1.5",
     "nyc": "^15.1.0",
-    "rewire": "^5.0.0"
+    "shx": "^0.3.4",
+    "ts-node": "^10.9.1",
+    "tsd": "^0.22.0",
+    "typescript": "^4.7.4"
   },
+  "tsd": {
+    "directory": "test/types"
+  },
   "engines": {
-    "node": ">=10.0.0"
+    "node": ">=14"
   },
   "license": "Apache-2.0"
-}
+}

README.md

@@ -1,6 +0,17 @@
-# generate-api-key  ![GitHub package.json version (branch)](https://img.shields.io/github/package-json/v/pauldenver/generate-api-key/main)  [![Build Status](https://travis-ci.com/pauldenver/generate-api-key.svg?branch=main)](https://travis-ci.com/pauldenver/generate-api-key) [![Coverage Status](https://coveralls.io/repos/github/pauldenver/generate-api-key/badge.svg?branch=main)](https://coveralls.io/github/pauldenver/generate-api-key?branch=main)  [![codecov](https://codecov.io/gh/pauldenver/generate-api-key/branch/main/graph/badge.svg)](https://codecov.io/gh/pauldenver/generate-api-key)
+# generate-api-key  
 
-`generate-api-key` is a library for generating random API key/access tokens.
+[![GitHub package.json version (branch)][version-image]][npm-url]
+[![unit tests][tests-image]][tests-url]
+[![Build Status][travis-image]][travis-url]
+[![coverage][coverage-image]][coverage-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+[![CodeFactor][codefactor-image]][codefactor-url]  
 
 
+`generate-api-key` is a library for generating random API (Application Programming Interface) 
+keys or access tokens. By using this library, a Node.js backend service can generate API keys 
+or access tokens, then issue them to users and/or other services that require access to the 
+capabilities and resources provided by the API service.  
+
+
 ## Table of contents
@@ -18,4 +29,6 @@
   - [`uuidv5` Method](#uuidv5-method)
+- [Security](#security)
 - [Change Log](#change-log)
-- [License](#license)
+- [License](#license)  
+<br />
 
@@ -35,2 +48,3 @@ ## Installation
 ```
+<br />
 
@@ -44,6 +58,20 @@ ## Usage
 
+Importing:  
+
+```javascript
+// CommonJS Import
+const { generateApiKey } = require('generate-api-key');
+// OR
+const generateApiKey = require('generate-api-key').default;
+
+// ES6 Import
+import { generateApiKey } from 'generate-api-key';
+// OR
+import generateApiKey from 'generate-api-key';
+```
+
 Example:
 
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -87,3 +115,3 @@ // Generate the API key.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -140,3 +168,3 @@ // Generate the API key. The 'string' method is used by default.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -182,3 +210,3 @@ // Provide the generation method.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -220,3 +248,3 @@ // Provide the generation method.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -256,3 +284,3 @@ // Provide the generation method.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -297,3 +325,3 @@ // Provide the generation method.
 ```javascript
-const generateApiKey = require('generate-api-key');
+import generateApiKey from 'generate-api-key';
 
@@ -343,8 +371,40 @@ // Provide the generation method with the name and namespace.
 
+## Security  
+
+When generating and storing API keys and access tokens please be mindful of secure 
+database storage best practices. The reason API keys or access tokens are stored is to 
+confirm the key/token that is provided (ex. HTTP request) is valid and issued by your 
+organization or application (the same as a password). Just like a password, an API key 
+or access token can provide direct access to data or services that require authentication.
+
+To authenticate an API key or access token, it is not necessary to know the raw 
+key/token value, the key/token just needs to validated to be correct. API keys and 
+access tokens should not be stored in plain text in your database, they should be 
+stored as a hashed value. Consider using database storage concepts such as salting 
+or peppering during the hashing process. 
+
+Lastly, if you suspect the API credentials for your organization or application have 
+been compromised, please revoke the keys and regenerate new keys.  
+<br />
+
 ## Change Log
 
-The [CHANGELOG](./CHANGELOG.md) contains descriptions of notable changes.
+The [CHANGELOG](./CHANGELOG.md) contains descriptions of notable changes.  
+<br />
 
 ## License
 
-This software is licensed under the [Apache 2 license](./LICENSE).
+This software is licensed under the [Apache 2 license](./LICENSE).  
+
+[npm-url]: https://www.npmjs.com/package/generate-api-key
+[version-image]: https://img.shields.io/github/package-json/v/pauldenver/generate-api-key/main?label=version&style=flat-square
+[tests-url]: https://github.com/pauldenver/generate-api-key/actions/workflows/test.yml
+[tests-image]: https://github.com/pauldenver/generate-api-key/actions/workflows/test.yml/badge.svg?branch=main
+[coverage-url]: https://github.com/pauldenver/generate-api-key/actions/workflows/coverage.yml
+[coverage-image]: https://github.com/pauldenver/generate-api-key/actions/workflows/coverage.yml/badge.svg?branch=main
+[travis-url]: https://travis-ci.com/pauldenver/generate-api-key
+[travis-image]: https://travis-ci.com/pauldenver/generate-api-key.svg?branch=main
+[coveralls-url]: https://coveralls.io/github/pauldenver/generate-api-key
+[coveralls-image]: https://coveralls.io/repos/github/pauldenver/generate-api-key/badge.svg?branch=main
+[codefactor-url]: https://www.codefactor.io/repository/github/pauldenver/generate-api-key/overview/main
+[codefactor-image]: https://www.codefactor.io/repository/github/pauldenver/generate-api-key/badge/main

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

55601

increased by24.3%

Number of package files

23

increased by109.09%

Number of low maintenance alerts

0

decreased by-100%

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

400

increased by17.65%

Worsened metrics

Dev dependency count

20

increased by122.22%

Lines of code

478

decreased by-12.13%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedbase-x@4.0.0(transitive)

• - Removedbase-x@3.0.10(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• Updatedbase-x@^4.0.0

• Updatedchance@^1.1.8

• Updatedrfc4648@^1.5.2