@verdaccio/signature
Version:
Verdaccio Signature Utilities
117 lines (78 loc) • 7.26 kB
Markdown
# @verdaccio/signature - Verdaccio Signature Utilities
[](https://verdaccio.org)
[](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
[](https://github.com/verdaccio/verdaccio)
[](https://npmjs.com/package/@verdaccio/signature)
[](https://verdaccio.org/docs)
[](https://discord.com/channels/388674437219745793)
[](https://bsky.app/profile/verdaccio.org)
[](https://opencollective.com/verdaccio/contribute)
[](https://opencollective.com/verdaccio/contribute)
[](https://www.npmjs.com/package/verdaccio)
[](https://hub.docker.com/r/verdaccio/verdaccio)
[](https://github.com/verdaccio/verdaccio/stargazers)
> **Note:** This package is mostly for internal use by Verdaccio and is only intended to be used with Verdaccio 6.x.
## Overview
The `@verdaccio/signature` package handles cryptographic signing and verification of JWT tokens, as well as legacy AES encryption/decryption for Verdaccio authentication tokens.
## Installation
```bash
npm install @verdaccio/signature
```
## Usage
```typescript
import { aesDecrypt, aesEncrypt, signPayload, verifyPayload } from '@verdaccio/signature';
// Sign a JWT token
const token = await signPayload(remoteUser, secret, { expiresIn: '7d' });
// Verify a JWT token
const payload = verifyPayload(token, secret);
// AES encryption/decryption
const encrypted = aesEncrypt(Buffer.from('value'), 'secret-key');
const decrypted = aesDecrypt(encrypted, 'secret-key');
```
### API
- **`signPayload(payload, secret, options)`** - Signs a `RemoteUser` payload into a JWT token
- **`verifyPayload(token, secret)`** - Verifies and decodes a JWT token
- **`aesEncrypt(value, key)`** - Encrypts strings using AES-256-CTR
- **`aesDecrypt(value, key)`** - Decrypts AES-encrypted strings
- **`parseBasicPayload(credentials)`** - Parses basic auth credentials
## Donations
Verdaccio is run by **volunteers**; nobody is working full-time on it. If you find this project to be useful and would like to support its development, consider making a donation - **your logo might end up in this readme.** 😉
**[Donate](https://opencollective.com/verdaccio)** 💵👍🏻 starting from _\$1/month_ or just one single contribution.
## Report a vulnerability
If you want to report a security vulnerability, please follow the steps which we have defined for you in our [security policy](https://github.com/verdaccio/verdaccio/security/policy).
## Open Collective Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/verdaccio/contribute)]
[](https://opencollective.com/verdaccio/sponsor/0/website)
[](https://opencollective.com/verdaccio/sponsor/1/website)
[](https://opencollective.com/verdaccio/sponsor/2/website)
[](https://opencollective.com/verdaccio/sponsor/3/website)
[](https://opencollective.com/verdaccio/sponsor/4/website)
[](https://opencollective.com/verdaccio/sponsor/5/website)
[](https://opencollective.com/verdaccio/sponsor/6/website)
[](https://opencollective.com/verdaccio/sponsor/7/website)
[](https://opencollective.com/verdaccio/sponsor/8/website)
[](https://opencollective.com/verdaccio/sponsor/9/website)
## Open Collective Backers
Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/verdaccio/contribute)]
[](https://opencollective.com/verdaccio/contributes)
## Special Thanks
Thanks to the following companies to help us to achieve our goals providing free open source licenses.
[](https://www.jetbrains.com/)
[](https://crowdin.com/)
## Contributors
This project exists thanks to all the people who contribute. [[Contribute](https://github.com/verdaccio/verdaccio/blob/master/CONTRIBUTING.md)].
[](https://github.com/verdaccio/verdaccio/graphs/contributors)
## FAQ / Contact / Troubleshoot
If you have any issue you can try the following options. Do not hesitate to ask or check our issues database. Perhaps someone has asked already what you are looking for.
- [Blog](https://verdaccio.org/blog/)
- [Donations](https://opencollective.com/verdaccio)
- [Reporting an issue](https://github.com/verdaccio/verdaccio/blob/master/CONTRIBUTING.md#reporting-a-bug)
- [Running discussions](https://github.com/orgs/verdaccio/discussions)
- [Chat](https://discord.com/channels/388674437219745793)
- [Logos](https://verdaccio.org/docs/logo)
- [Docker Examples](https://github.com/verdaccio/verdaccio/tree/master/docker-examples)
- [FAQ](https://github.com/verdaccio/verdaccio/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Aquestion%20)
## License
Verdaccio is [MIT licensed](https://github.com/verdaccio/verdaccio/blob/master/LICENSE)
The Verdaccio documentation and logos (excluding /thanks, e.g., .md, .png, .sketch files within the /assets folder) are
[Creative Commons licensed](https://creativecommons.org/licenses/by/4.0/).