A Node.js client for doing requests to yggdrasil, the Mojang authentication system, used for Minecraft and Scrolls. There's already one other client out there (at the time of writing) but I don't like it, so I wrote this one.
node-yggdrasil was originally made because I was messing around with trying to make a Minecraft server in JS. Never really got anywhere with it. However, the folks over at PrismarineJS have gotten quite far with it, and use this library in their project.
$ npm install yggdrasil
//init
var ygg = require('yggdrasil')({
//Optional settings object
host: 'https://authserver.mojang.com' //Optional custom host. No trailing slash.
});
//Authenticate a user
ygg.auth({
token: '', //Optional. Client token.
agent: '', //Agent name. Defaults to 'Minecraft'
version: 1, //Agent version. Defaults to 1
user: '', //Username
pass: '' //Password
}, function(err, data){});
//Refresh an accessToken
ygg.refresh(oldtoken, clienttoken, function(err, newtoken, response body){});
//Validate an accessToken
ygg.validate(token, function(err){});
//Invalidate all accessTokens
ygg.signout(username, password, function(err));
var yggserver = require('yggdrasil').server({
//Optional settings object
host: 'https://authserver.mojang.com' //Optional custom host. No trailing slash.
});
//Join a server (clientside)
yggserver.join(token, profile, serverid, sharedsecret, serverkey, function(err, response body){});
//Join a server (serverside)
yggserver.hasJoined(username, serverid, sharedsecret, serverkey, function(err, client info){});
/**
* Import Client or Server from 'yggdrasil/es6'.
* Note that the library is stateless when imported this way vs the CommonJS way.
*/
import { Client as ygg, Server as yggServ } from 'yggdrasil/es6'
// Use it like you normally would.
ygg.validate(token, function(err){})
yggServ.join(token, profile, serverid, sharedsecret, serverkey, function(err, response body){});
FAQs
Mojang authentication (Yggdrasil) client
We found that yggdrasil demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.