Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
vault-storage
Advanced tools
vault-storage - npm Package Compare versions
Comparing version 1.3.3 to 1.3.4
| { | ||
| "name": "vault-storage", | ||
| "description": "Vault, a micro yet robust browser storage library", | ||
| "version": "1.3.3", | ||
| "version": "1.3.4", | ||
| "author": "ManiarTech®️ - Mohamed Aamir Maniar", | ||
@@ -6,0 +6,0 @@ "license": "MIT", |
@@ -94,3 +94,5 @@ # Vault Storage | ||
| // Secured storage using fixed credentials (password and salt). | ||
| const authStorage = new SecuredVault("secured-storage", { | ||
| // Remember, this method is not secure as the credentials are hardcoded in the code. | ||
| // For production, you must use dynamic credentials. | ||
| const authStorage = new SecuredVault("auth-storage", { | ||
| password: "SADF@#$W$ERWESD", | ||
@@ -100,7 +102,6 @@ salt: "SDF@#$%SERWESD", | ||
| authStorage.token = "my-token" | ||
| console.log("token", await authStorage.token) | ||
| // ----- | ||
| // Secured storage using dynamic credentials. | ||
| const securedStorage = new SecuredVault("secured-storage", (key) => { | ||
| const authStorage = new SecuredVault("auth-storage", (key) => { | ||
| const password = key === "token" ? "ASF@#$%QER()SDF" : "SXDFW#$%@#SDF"; | ||
@@ -111,6 +112,10 @@ const salt = key.startsWith("key1") ? "xxx@xxxxxxxxxx" : "yyy@yyyyyyyyyy"; | ||
| // ----- | ||
| // Secured storage using promise based dynamic credentials. | ||
| const sensitiveStorage = new SecuredVault("secured-storage", async (key) => { | ||
| const authStorage = new SecuredVault("auth-storage", async (storageKey) => { | ||
| return new Promise(async (resolve) => { | ||
| const { password, salt } = await fetchOrGenerateCredentialsFor(key) | ||
| const encryptedKey = await encryptKey(storageKey) | ||
| const encryptedResponse = await fetchOrGenerateCredentialsFor(encryptedKey) | ||
| const { password, salt } = await decryptResponse(encryptedResponse) | ||
| resolve({ password, salt }) | ||
@@ -121,13 +126,25 @@ }); | ||
| // Once the secured vault is setup, usage is similar to the regular vault | ||
| // storage. Just start using it! | ||
| ``` | ||
| Once the secured vault is setup, usage is easy and similar to the regular vault storage. To ensure that the data is stored securely, you must follow the best practices for storing the credentials. Such as: | ||
| 1. Use dynamic credentials for the secured storage it takes care of managing the complexity of the credentials. | ||
| 1. Use asymmetric encryption for key transmission. Encrypt sensitive keys using a public key before sending them to the server. Decrypt the keys locally using a private key. | ||
| 1. Generate and store encryption credentials using the Web Crypto API to ensure they are not accessible via JavaScript. | ||
| 1. Fetch encrypted credentials from the server instead of raw passwords and salts. Decrypt credentials locally using a pre-shared or derived key. | ||
| 1. Use CSP headers to mitigate XSS attacks | ||
| 1. Run your application in a secure context (HTTPS) | ||
| 1. Either use periodically rotate the encryption credentials or generate a unique ones for each storage key. | ||
| ```js | ||
| // This is how you can use the enrypted storage, authStorage, created above. | ||
| // Set the values. It stores the encrypted Uint8Array in the storage | ||
| // against the key. If you want to immediately use the value, then | ||
| // you must use await while setting the value. | ||
| await authStorage.setItem("token", "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwNzA2NzgwMywiaWF0IjoxNzA3MDY3ODAzfQ.XmPqTUN3KJeEArX58xVfHIQGGtm291p9ZamBvrflCMo") | ||
| await authStorage.setItem("token", authToken) | ||
| // Get the values. Remember to use await! As it's asynchronous. | ||
| const token = await authStorage.token; // Decrypts the token from the authStorage | ||
| // and returns the original token. | ||
| // Somewhere else in the code, you can get the value using the following code. | ||
| const authToken = await authStorage.token; // Decrypts the token from the authStorage | ||
| // and returns the plain token. | ||
| ``` | ||
@@ -292,3 +309,3 @@ | ||
| | **Meta Data** | Supports storing meta data along with the item value | No support for meta data | | ||
| | **Encrypted Storage** | Supports built-in secured storage | No built-in encryption support | | ||
| | **Encrypted Storage** | Supports built-in encrypted storage | No built-in encryption support | | ||
| | **Data Types** | Supports structured data, including objects and arrays | Only stores strings | | ||
@@ -295,0 +312,0 @@ | **Built-in Data Import/Export** | Supports backup and restore of the vault storage | No built-in support for data import/export | |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.5%
29839
- Number of lines in readme file
- increased by5.18%
345
- Number of medium supply chain risk alerts
- decreased by-100%
0
No dependency changes