UNPKG

@zaeniahmad/kpwgen

Version:

Deterministic password generation core logic

116 lines (82 loc) โ€ข 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# @zaeniahmad/kpwgen Generate **secure, reproducible passwords** with absolute consistency. As long as your inputs remain the same, the result is **bit-identical**. Works **100% offline**, no telemetry, no network calls. ## โœจ Features * **Deterministic**: Same input โ‡’ same output, always. * **Cryptographically secure**: HMAC-based derivation (SHA-2). * **Offline**: No external requests. * **Configurable**: Prefix, suffix, target length, normalization. * **Isomorphic**: Works in Node.js and Browser. * **No storage**: Does not save secrets or passwords. ## ๐Ÿ“ฆ Installation ```bash npm install @zaeniahmad/kpwgen # or yarn add @zaeniahmad/kpwgen # or pnpm add @zaeniahmad/kpwgen ``` ## โšก๏ธ Quick Start **ESM (Node.js / Browser)** ```ts import { generatePassword } from "@zaeniahmad/kpwgen"; const pwd = await generatePassword({ masterSecret: process.env.MASTER_SECRET!, platform: "google", version: 1, lengthTarget: 18, prefix: "Qx9", suffix: "K7", normalize: true, }); console.log(pwd); ``` ## ๐Ÿง  How It Works 1. **Normalize**: Clean `platform` input. 2. **Derive**: Create message from `{platform, version}`. 3. **HMAC**: Compute SHA-256 HMAC with `masterSecret`. 4. **Encode**: Convert digest to base32/charset. 5. **Shape**: Apply length, prefix, suffix. ## ๐Ÿงฉ API ### `generatePassword(options: GenOptions): Promise<string>` **Options** * `masterSecret: string` โ€“ Required. * `platform: string` โ€“ Required. * `version?: number` โ€“ Default `1`. * `prefix?: string` * `suffix?: string` * `lengthTarget?: number` โ€“ Default `18`. * `normalize?: boolean` โ€“ Default `true`. **Utilities** * `normalizePlatform(raw: string): string` * `toBase32(buf: Uint8Array): string` ## ๐Ÿ”’ Security Best Practices * Never hardcode `masterSecret`. * Use `version` for rotation. * Add policy rules for site-specific requirements. * Avoid storing secrets in local storage. ## ๐Ÿงช Testing ```bash npm run lint npm test ``` Example: ```ts import { generatePassword } from "@zaeniahmad/kpwgen"; import { describe, it, expect } from "vitest"; describe("deterministic", () => { it("same input, same output", async () => { const a = await generatePassword({ masterSecret: "a", platform: "github", version: 1 }); const b = await generatePassword({ masterSecret: "a", platform: "github", version: 1 }); expect(a).toBe(b); }); }); ``` ## ๐Ÿ“š FAQ **Why not use a normal password manager?** > Stateless & reproducible. No sync needed. **Does it work offline?** > Yes. **Can I enforce special characters?** > Yes, via prefix/suffix or post-processing. ## ๐Ÿ“ License ISC