Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
nkeys.js
Advanced tools
Readme
A public-key signature system based on Ed25519 for the NATS ecosystem system for JavaScript.
The nkeys.js library works in Deno, Node.js, and the browser!
For your Deno projects:
import {
createUser,
fromPublic,
fromSeed,
} from "https://deno.land/x/nkeys.js/modules/esm/mod.ts";
On node, and browsers you can get a build from npm:
npm install nkeys.js
In your node projects:
const { createUser, fromSeed, fromPublic } = require("nkeys.js");
On your browser projects, make available the node/nkeys.js/nkeys.mjs
, and then
import { createUser, fromPublic, fromSeed } from "https://host/path/nkeys.mjs";
// create an user nkey KeyPair (can also create accounts, operators, etc).
const user = createUser();
// A seed is the public and private keys together.
const seed: Uint8Array = user.getSeed();
// Seeds are encoded into Uint8Array, and start with
// the letter 'S'. Seeds need to be kept safe and never shared
console.log(`seeds start with s: ${seed[0] === "S".charCodeAt(0)}`);
// A seed's second letter encodes it's type:
// `U` for user,
// `A` for account,
// `O` for operators
console.log(`nkey is for a user? ${seed[1] === "U".charCodeAt(0)}`);
// To view a seed, simply decode it:
console.log(new TextDecoder().decode(seed));
// you can recreate the keypair with its seed:
const priv = fromSeed(seed);
// Using the KeyPair, you can cryptographically sign content:
const data = new TextEncoder().encode("Hello World!");
const sig = priv.sign(data);
// and verify a signature:
const valid = user.verify(data, sig);
if (!valid) {
console.error("couldn't validate the data/signature against my key");
} else {
console.error("data was verified by my key");
}
// others can validate using your public key:
const publicKey = user.getPublicKey();
const pub = fromPublic(publicKey);
if (!pub.verify(data, sig)) {
console.error(`couldn't validate the data/signature with ${publicKey}`);
} else {
console.info(`data was verified by ${publicKey}`);
}
// when extracting with seeds or private keys
// you should clear them when done:
seed.fill(0);
// you should also clear the keypairs:
user.clear();
priv.clear();
Our support policy for Nodejs versions follows Nodejs release support. We will support and build nkeys.js on even-numbered Nodejs versions that are current or in LTS.
Unless otherwise noted, the NATS source files are distributed under the Apache Version 2.0 license found in the LICENSE file.
FAQs
A public-key signature system based on Ed25519 for the NATS ecosystem in javascript
The npm package nkeys.js receives a total of 183,305 weekly downloads. As such, nkeys.js popularity was classified as popular.
We found that nkeys.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.