npmpackage.info

Gathering detailed insights and metrics for @libp2p/keychain

Other packages similar to @libp2p/keychain

@libp2p/interface-keychain

2.0.5

Keychain interface for libp2p

libp2p-keychain

0.6.1

Key management and cryptographically protected messages

@libp2p/cms

2.0.2

Cryptographically protected messages using the libp2p keychain

@xstorage/xs-js-libp2p-keychain

0.1.0

xStorage impletion of ipfs js-libp2p-keychain

Gathering detailed insights and metrics for @libp2p/keychain

@libp2p/keychain - 5.2.8 | npmpackage.info

@libp2p/keychain

The JavaScript Implementation of libp2p networking stack.

5.2.8

2,456

Apache-2.0

TypeScript

1.14 MB

5.1

Installations

npm install @libp2p/keychain

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Node Version

22.16.0

NPM Version

10.9.2 Pull Requests

Open

26

Total

2,304

Closed

557

Merged

1,721

Issues

Open

63

Total

840

Closed

777

Releases

3,173

webtransport: v5.0.50

webtransport-v5.0.50

Updated on Jul 08, 2025

webrtc: v5.2.23

webrtc-v5.2.23

Updated on Jul 08, 2025

circuit-relay-v2: v3.2.23

circuit-relay-v2-v3.2.23

Updated on Jul 08, 2025

mplex: v11.0.46

mplex-v11.0.46

Updated on Jul 08, 2025

floodsub: v10.1.45

floodsub-v10.1.45

Updated on Jul 08, 2025

perf: v4.0.46

perf-v4.0.46

Updated on Jul 08, 2025

View All 3,173 releases

Languages

TypeScript

JavaScript

Makefile

Dockerfile

TypeScript (98.72%)

JavaScript (1.16%)

Go (0.07%)

Makefile (0.03%)

Dockerfile (0.01%)

Developer

libp2p

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

2,456 Stars

6,790 Commits

485 Forks

68 Watchers

59 Branches

227 Contributors

Updated on Jul 13, 2025

Maintainers

View All 227 Contributors

Package Meta Information

Latest Version

5.2.8

Package Id

@libp2p/keychain@5.2.8

Unpacked Size

1.14 MB

Size

292.64 kB

File Count

NPM Version

10.9.2

Node Version

22.16.0

Published on

Jun 25, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@libp2p/crypto @libp2p/interface @libp2p/utils @noble/hashes asn1js interface-datastore multiformats sanitize-filename uint8arrays

Dev Dependencies

@libp2p/logger aegir datastore-core

@libp2p/keychain

Key management and cryptographically protected messages

About

Manages the life cycle of a key
Keys are encrypted at rest
Enforces the use of safe key names
Uses encrypted PKCS 8 for key storage
Uses PBKDF2 for a "stretched" key encryption key
Enforces NIST SP 800-131A and NIST SP 800-132
Delays reporting errors to slow down brute force attacks

KeyInfo

The key management and naming service API all return a KeyInfo object. The id is a universally unique identifier for the key. The name is local to the key chain.

1{
2  "name": "rsa-key",
3  "id": "QmYWYSUZ4PV6MRFYpdtEDJBiGs4UrmE6g8wmAWSePekXVW"
4}

The key id is the SHA-256 multihash of its public key.

The public key is a protobuf encoding containing a type and the DER encoding of the PKCS SubjectPublicKeyInfo.

Private key storage

A private key is stored as an encrypted PKCS 8 structure in the PEM format. It is protected by a key generated from the key chain's pass phrase using PBKDF2.

The default options for generating the derived encryption key are in the dek object. This, along with the pass phrase, is the input to a PBKDF2 function.

1const defaultOptions = {
2  // See https://cryptosense.com/parameter-choice-for-pbkdf2/
3  dek: {
4    keyLength: 512 / 8,
5    iterationCount: 1000,
6    salt: 'at least 16 characters long',
7    hash: 'sha2-512'
8  }
9}

key storage

Physical storage

The actual physical storage of an encrypted key is left to implementations of interface-datastore.

A key benefit is that now the key chain can be used in browser with the js-datastore-level implementation.

Install

1$ npm i @libp2p/keychain

Browser `<script>` tag

Loading this module through a script tag will make its exports available as Libp2pKeychain in the global namespace.

1<script src="https://unpkg.com/@libp2p/keychain/dist/index.min.js"></script>

API Docs

https://libp2p.github.io/js-libp2p/modules/_libp2p_keychain.html

License

Licensed under either of

Apache 2.0, (LICENSE-APACHE / http://www.apache.org/licenses/LICENSE-2.0)
MIT (LICENSE-MIT / http://opensource.org/licenses/MIT)

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/automerge.yml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/automerge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/examples.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generated-pr.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/generated-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/semantic-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/js-libp2p/stale.yml/main?enable=pin
Warn: containerImage not pinned by hash: interop/BrowserDockerfile:3
Warn: containerImage not pinned by hash: interop/Dockerfile:2: pin your Docker image by updating mcr.microsoft.com/playwright:v1.50.1 to mcr.microsoft.com/playwright:v1.50.1@sha256:ac7053180325ef75d31774c458d0bb9b55ac153ae1be3d104b80c6c1bb6a067c
Info: 0 out of 31 GitHub-owned GitHubAction dependencies pinned
Info: 8 out of 30 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 1 out of 1 npmCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

5.1

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @libp2p/keychain

Other packages similar to @libp2p/keychain

@libp2p/keychain

Installations

Developer Guide

Yes

ESM

22.16.0

10.9.2

Pull Requests

26

2,304

557

1,721

Issues

63

840

777

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

@libp2p/keychain

About

KeyInfo

Private key storage

Physical storage

Install

Browser <script> tag

API Docs

License

Contribution

10

10

10

10

10

10

2

0

0

0

0

0

0

5.1

/10

Browser `<script>` tag