npmpackage.info

Gathering detailed insights and metrics for koa-encrypted-session

Other packages similar to koa-encrypted-session

koa-crypto-session

1.0.1

use koa-session, but aes encrypted

@brc-dd/iron-session

0.0.6

Node.js stateless session utility using signed and encrypted cookies to store data. Works with Next.js, Express, NestJs, Fastify, and any Node.js HTTP framework.

@distributed/iron-session

6.3.3

Node.js stateless session utility using signed and encrypted cookies to store data. Works with Next.js, Express, NestJs, Fastify, and any Node.js HTTP framework.

crypto-session

1.0.3

use koa-session, but encrypted

Gathering detailed insights and metrics for koa-encrypted-session

koa-encrypted-session - 3.0.7 | npmpackage.info

koa-encrypted-session

Encrypted cookie session middleware extension for koa-session

3.0.7

MIT

JavaScript

7.85 kB

3.4

Installations

npm install koa-encrypted-session

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=16

Node Version

18.12.1

NPM Version

8.19.2 Pull Requests

Open

1

Total

158

Closed

125

Merged

32

Issues

Open

0

Total

1

Closed

1

Releases

v3.0.4

Updated on May 18, 2022

v3.0.3

Updated on Nov 03, 2021

View All 2 releases

Languages

JavaScript

JavaScript (100%)

Developer

nicokaiser

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

5 Stars

95 Commits

2 Watchers

3 Branches

1 Contributors

Updated on Jan 20, 2024

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

3.0.7

Package Id

koa-encrypted-session@3.0.7

Unpacked Size

7.85 kB

Size

3.34 kB

File Count

NPM Version

8.19.2

Node Version

18.12.1

Published on

Feb 10, 2023

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

base64url koa-session sodium-native

Dev Dependencies

eslint eslint-config-prettier eslint-plugin-node eslint-plugin-prettier eslint-plugin-promise koa prettier supertest

koa-encrypted-session

Encrypted session middleware for Koa. Uses cookie-based client sessions with libsodium's Secret key box encrypted cookies.

Using client sessions provides a scalable way to store state information in the client. This eliminates the need of a database on server-side and enables to run stateless server instances.

To avoid tampering (data readout and manipulation of the client-visible cookie), session data is encrypted.

However, as a cost, sessions can not be invalidated other than by the user, scenarios such as "log out all sessions of user" are not possible.

Installation

1npm install koa-encrypted-session

Usage

This library inherits from koa-session, so all of its options can be used. An additional secretKey option is introduced, which must be a high-entropy key. This key can be generated with:

./node_modules/.bin/koa-encrypted-session-gen-key

Alternatively, a secret passphrase and (optional) a salt can be used, which is at startup hashed.

Example

1import Koa from 'koa';
2import encryptedSession from 'koa-encrypted-session';
3
4const app = new Koa();
5
6app.use(encryptedSession({
7    key: 'session',
8    maxAge: 7 * 24 * 3600 * 1000,
9    secretKey: Buffer.from('EsAg64LMvGITBBz1ZGLfDNU/MYqGDpTzJ1u4BsvIfTw=', 'base64')
10    /** Additional options from koa-session can be used */
11}, app));

Acknowledgements

The encryption parts of this code are ported to Koa from fastify-secret-session.

License

MIT

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3.4

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More