Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
virgil-passwordless
Advanced tools
Passwordless auth for node applications
This module provides simple passwordless auth service using Virgil Public Keys infrastructure.
Installation
npm install virgil-passwordless
Usage
Initialize service
var VirgilPasswordless = require('virgil-passwordless');
var appToken = '1b79865e30978ec2ec9a83a44916b0a5';
var passwordless = new VirgilPasswordless(appToken);
Generate encrypted auth handshake token for email
var userEmail = 'user@example.com';
passwordless.generateToken(userEmail, function afterTokenGenerated (err, payload) {
// payload = {
// encrypted_token: '91v2j39182jd39182jd1323c8j23c49...',
// public_key_id: 'vj32r-23e3ev-cece3-23gvc-423v'
// }
});
What's inside
- Using given email retrive public key from Virgil public keys service
- Generate random token token and encrypt it using retrived public key
- Store token in local storage (memory or custom storage passed to constructor)
- Schedule token expiration (default timeout is 120 seconds)
Possible errors
| Error | Code |
|---|---|
| Public key lookup error | 1 |
| Storage set error | 2 |
Verify decrypted token retrieved from the client
passwordless.verifyToken(userEmail, decryptedToken, function afterVerification (err) {
// if err is null then verification was successfully passed
});
What's inside
- Pick original token from storage
- Compare origin token and
decryptedTokenpassed to function - Remove token from storage (even in case if compare failure)
Possible errors
| Error | Code |
|---|---|
| Storage get error | 3 |
| Token not found | 4 |
| Tokens not match | 5 |
| Storage unset error | 6 |
Custom store for tokens
You can use custom store for tokens
new VirgilPasswordless(appToken, {
store: customStore
});
Store should implement node-style callbacks based interface, example of implementation:
var store = {
cache: {},
get: function get (key, cb) {
cb(null, cache[key]);
},
set: function set (key, value, cb) {
this.cache[key] = value;
cb(null);
},
unset: function unset (key, cb) {
delete this.cache[key];
cb(null);
}
};
Token expire time
You can specify token expire time in ms
new VirgilPasswordless(appToken, {
expireTimeout: 60000 // ms
});
License
BSD 3-Clause. See LICENSE for details.
Contacts
Email: support@virgilsecurity.com
FAQs
Passwordless auth utils using Virgil public keys service
We found that virgil-passwordless demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Nov 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025