Gathering detailed insights and metrics for @solid/keychain
Gathering detailed insights and metrics for @solid/keychain
Installations
npm install @solid/keychainDeveloper
solid
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
12.19.1
NPM Version
6.14.8
Statistics
5 Stars
234 Commits
2 Forks
12 Watching
9 Branches
11 Contributors
Updated on 13 Jun 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
32,455
Last day
-90.9%
5
Compared to previous day
Last week
-53.2%
1,603
Compared to previous week
Last month
2,216.6%
7,135
Compared to previous month
Last year
571.1%
8,912
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
3
Versions
KeyChain for use with Web Cryptography API in Node.js
Usage
Install the package
1$ npm install https://github.com/anvilresearch/keychain.git
Load the module
1const KeyChain = require('keychain')
Create a new instance by passing a descriptive object to the KeyChain
constructor. This object can have any naming or nesting scheme, as long as the last nested object contains parameters describing key generation. At a bare minimum, this must include an alg property with a JWA algorithm name as its value. Currently, RS256, RS384, and RS512 are supported.
1let keys = new KeyChain({ 2 a: { b: { alg: 'RS256' } }, 3 c: { d: { alg: 'RS256' } }, 4 e: { f: { alg: 'RS256', modulusLength: 2048 } // default is 4096 5})
This initialized a KeyChain instance but didn't generate keys. To generate keys
according to the object passed to the keychain, call rotate(). The rotate()
method returns a promise for the keychain.
1keys.rotate()
Once keys have been generated, they can be accessed as CryptoKey or JWK objects, according to the object structure defined by the caller.
Access CryptoKey objects for Web Crypto API operations:
1keys.a.b.privateKey 2keys.a.b.publicKey
Access JWK objects:
1keys.a.b.privateJwk 2keys.a.b.publicJwk
Key rotation also generates a JWK Set in object and JSON form:
1keys.jwks // JWK Set object 2keys.jwkSet // JWK Set JSON string
Running tests
Nodejs
1$ npm test
MIT License
Copyright (c) 2016 Anvil Research, Inc. Copyright (c) 2017-2019 The Solid Project
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
Reason
Found 0/26 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Score
1.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More