Supply Chain Security
Vulnerability
Quality
Maintenance
License
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Socket optimized override available
The keytar npm package is a native module for Node.js that allows you to securely store and retrieve credentials using the operating system's native credential storage mechanisms. It supports macOS, Windows, and Linux, providing a cross-platform solution for managing sensitive information.
Store a password
This feature allows you to store a password securely in the operating system's credential storage. The `setPassword` method takes three arguments: the service name, the account name, and the password.
const keytar = require('keytar');
async function storePassword() {
await keytar.setPassword('service', 'account', 'password');
console.log('Password stored successfully');
}
storePassword();Retrieve a password
This feature allows you to retrieve a stored password from the operating system's credential storage. The `getPassword` method takes two arguments: the service name and the account name.
const keytar = require('keytar');
async function getPassword() {
const password = await keytar.getPassword('service', 'account');
console.log('Retrieved password:', password);
}
getPassword();Delete a password
This feature allows you to delete a stored password from the operating system's credential storage. The `deletePassword` method takes two arguments: the service name and the account name.
const keytar = require('keytar');
async function deletePassword() {
const result = await keytar.deletePassword('service', 'account');
console.log('Password deleted:', result);
}
deletePassword();Find credentials
This feature allows you to find all credentials associated with a specific service. The `findCredentials` method takes one argument: the service name.
const keytar = require('keytar');
async function findCredentials() {
const credentials = await keytar.findCredentials('service');
console.log('Found credentials:', credentials);
}
findCredentials();The osx-keychain package is another macOS-specific package that allows you to interact with the macOS Keychain. It provides methods to add, find, and delete keychain items. It is similar to keytar but limited to macOS.
The wincred package is a Windows-specific package that allows you to store and retrieve credentials using the Windows Credential Manager. It provides similar functionality to keytar but is limited to the Windows platform.
A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault.
npm install keytar
Currently this library uses libsecret so you may need to install it before running npm install.
Depending on your distribution, you will need to run the following command:
sudo apt-get install libsecret-1-devsudo yum install libsecret-develsudo pacman -S libsecretnpm installnpm test to run the testsEach release of keytar includes prebuilt binaries for the versions of Node and Electron that are actively supported by these projects. Please refer to the release documentation for Node and Electron to see what is supported currently.
const keytar = require('keytar')
Every function in keytar is asynchronous and returns a promise. The promise will be rejected with any error that occurs or will be resolved with the function's "yields" value.
Get the stored password for the service and account.
service - The string service name.
account - The string account name.
Yields the string password or null if an entry for the given service and account was not found.
Save the password for the service and account to the keychain. Adds a new entry if necessary, or updates an existing entry if one exists.
service - The string service name.
account - The string account name.
password - The string password.
Yields nothing.
Delete the stored password for the service and account.
service - The string service name.
account - The string account name.
Yields true if a password was deleted, or false if an entry with the given service and account was not found.
Find all accounts and password for the service in the keychain.
service - The string service name.
Yields an array of { account: 'foo', password: 'bar' }.
Find a password for the service in the keychain. This is ideal for scenarios where an account is not required.
service - The string service name.
Yields the string password, or null if an entry for the given service was not found.
FAQs
Bindings to native Mac/Linux/Windows password APIs
The npm package keytar receives a total of 557,341 weekly downloads. As such, keytar popularity was classified as popular.
We found that keytar demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
Security News
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.
Product
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.