@aooth/user 0.1.1

package/dist/user-store-B_l9vqlQ.mjs

@@ -0,0 +1,96 @@
+import { randomBytes } from "node:crypto";
+//#region src/errors.ts
+const defaultMessages = {
+	NOT_FOUND: "User not found",
+	ALREADY_EXISTS: "User already exists",
+	LOCKED: "Account is locked",
+	INACTIVE: "Account is not active",
+	INVALID_CREDENTIALS: "Invalid credentials",
+	POLICY_VIOLATION: "Password does not meet policy requirements",
+	PASSWORDS_MISMATCH: "Passwords do not match",
+	PASSWORD_IN_HISTORY: "Password was recently used",
+	MFA_REQUIRED: "Multi-factor authentication is required",
+	MFA_INVALID: "Invalid MFA code",
+	MFA_NOT_CONFIGURED: "MFA method is not configured"
+};
+var UserAuthError = class extends Error {
+	name = "UserAuthError";
+	constructor(type, message, details) {
+		super(message ?? defaultMessages[type]);
+		this.type = type;
+		this.details = details;
+	}
+};
+//#endregion
+//#region src/utils.ts
+function maskEmail(email) {
+	if (!email) return "";
+	const at = email.indexOf("@");
+	if (at < 0) return mask(email);
+	return mask(email.slice(0, at)) + email.slice(at);
+}
+function maskPhone(phone) {
+	return mask(phone);
+}
+function maskMfaValue(method) {
+	switch (method.name) {
+		case "email": return maskEmail(method.value);
+		case "sms": return maskPhone(method.value);
+		default: return "";
+	}
+}
+function mask(s) {
+	if (!s) return "";
+	if (s.length <= 2) return "***";
+	const show = Math.max(1, Math.floor(s.length / 4));
+	return s.slice(0, show) + "***" + s.slice(-show);
+}
+const DEFAULT_CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+";
+function generateSecureRandom(length, charset = DEFAULT_CHARSET) {
+	const bytes = randomBytes(length);
+	const result = Array.from({ length });
+	for (let i = 0; i < length; i++) result[i] = charset[bytes[i] % charset.length];
+	return result.join("");
+}
+function deepMerge(target, source) {
+	const t = target;
+	for (const key of Object.keys(source)) {
+		const sv = source[key];
+		const tv = t[key];
+		if (sv !== null && typeof sv === "object" && !Array.isArray(sv) && tv !== null && typeof tv === "object" && !Array.isArray(tv)) deepMerge(tv, sv);
+		else t[key] = sv;
+	}
+}
+function setAtPath(obj, path, value) {
+	const parts = path.split(".");
+	let current = obj;
+	for (let i = 0; i < parts.length - 1; i++) {
+		let next = current[parts[i]];
+		if (next === void 0 || next === null || typeof next !== "object") {
+			next = {};
+			current[parts[i]] = next;
+		}
+		current = next;
+	}
+	current[parts[parts.length - 1]] = value;
+}
+function incrementAtPath(obj, path, amount) {
+	const parts = path.split(".");
+	let current = obj;
+	for (let i = 0; i < parts.length - 1; i++) {
+		let next = current[parts[i]];
+		if (next === void 0 || next === null || typeof next !== "object") {
+			next = {};
+			current[parts[i]] = next;
+		}
+		current = next;
+	}
+	const leaf = parts[parts.length - 1];
+	const existing = current[leaf];
+	current[leaf] = (typeof existing === "number" ? existing : 0) + amount;
+}
+//#endregion
+//#region src/store/user-store.ts
+var UserStore = class {};
+//#endregion
+export { maskEmail as a, setAtPath as c, incrementAtPath as i, UserAuthError as l, deepMerge as n, maskMfaValue as o, generateSecureRandom as r, maskPhone as s, UserStore as t };

package/dist/user-store-CdWrTeqR.cjs

@@ -0,0 +1,149 @@
+let node_crypto = require("node:crypto");
+//#region src/errors.ts
+const defaultMessages = {
+	NOT_FOUND: "User not found",
+	ALREADY_EXISTS: "User already exists",
+	LOCKED: "Account is locked",
+	INACTIVE: "Account is not active",
+	INVALID_CREDENTIALS: "Invalid credentials",
+	POLICY_VIOLATION: "Password does not meet policy requirements",
+	PASSWORDS_MISMATCH: "Passwords do not match",
+	PASSWORD_IN_HISTORY: "Password was recently used",
+	MFA_REQUIRED: "Multi-factor authentication is required",
+	MFA_INVALID: "Invalid MFA code",
+	MFA_NOT_CONFIGURED: "MFA method is not configured"
+};
+var UserAuthError = class extends Error {
+	name = "UserAuthError";
+	constructor(type, message, details) {
+		super(message ?? defaultMessages[type]);
+		this.type = type;
+		this.details = details;
+	}
+};
+//#endregion
+//#region src/utils.ts
+function maskEmail(email) {
+	if (!email) return "";
+	const at = email.indexOf("@");
+	if (at < 0) return mask(email);
+	return mask(email.slice(0, at)) + email.slice(at);
+}
+function maskPhone(phone) {
+	return mask(phone);
+}
+function maskMfaValue(method) {
+	switch (method.name) {
+		case "email": return maskEmail(method.value);
+		case "sms": return maskPhone(method.value);
+		default: return "";
+	}
+}
+function mask(s) {
+	if (!s) return "";
+	if (s.length <= 2) return "***";
+	const show = Math.max(1, Math.floor(s.length / 4));
+	return s.slice(0, show) + "***" + s.slice(-show);
+}
+const DEFAULT_CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+";
+function generateSecureRandom(length, charset = DEFAULT_CHARSET) {
+	const bytes = (0, node_crypto.randomBytes)(length);
+	const result = Array.from({ length });
+	for (let i = 0; i < length; i++) result[i] = charset[bytes[i] % charset.length];
+	return result.join("");
+}
+function deepMerge(target, source) {
+	const t = target;
+	for (const key of Object.keys(source)) {
+		const sv = source[key];
+		const tv = t[key];
+		if (sv !== null && typeof sv === "object" && !Array.isArray(sv) && tv !== null && typeof tv === "object" && !Array.isArray(tv)) deepMerge(tv, sv);
+		else t[key] = sv;
+	}
+}
+function setAtPath(obj, path, value) {
+	const parts = path.split(".");
+	let current = obj;
+	for (let i = 0; i < parts.length - 1; i++) {
+		let next = current[parts[i]];
+		if (next === void 0 || next === null || typeof next !== "object") {
+			next = {};
+			current[parts[i]] = next;
+		}
+		current = next;
+	}
+	current[parts[parts.length - 1]] = value;
+}
+function incrementAtPath(obj, path, amount) {
+	const parts = path.split(".");
+	let current = obj;
+	for (let i = 0; i < parts.length - 1; i++) {
+		let next = current[parts[i]];
+		if (next === void 0 || next === null || typeof next !== "object") {
+			next = {};
+			current[parts[i]] = next;
+		}
+		current = next;
+	}
+	const leaf = parts[parts.length - 1];
+	const existing = current[leaf];
+	current[leaf] = (typeof existing === "number" ? existing : 0) + amount;
+}
+//#endregion
+//#region src/store/user-store.ts
+var UserStore = class {};
+//#endregion
+Object.defineProperty(exports, "UserAuthError", {
+	enumerable: true,
+	get: function() {
+		return UserAuthError;
+	}
+});
+Object.defineProperty(exports, "UserStore", {
+	enumerable: true,
+	get: function() {
+		return UserStore;
+	}
+});
+Object.defineProperty(exports, "deepMerge", {
+	enumerable: true,
+	get: function() {
+		return deepMerge;
+	}
+});
+Object.defineProperty(exports, "generateSecureRandom", {
+	enumerable: true,
+	get: function() {
+		return generateSecureRandom;
+	}
+});
+Object.defineProperty(exports, "incrementAtPath", {
+	enumerable: true,
+	get: function() {
+		return incrementAtPath;
+	}
+});
+Object.defineProperty(exports, "maskEmail", {
+	enumerable: true,
+	get: function() {
+		return maskEmail;
+	}
+});
+Object.defineProperty(exports, "maskMfaValue", {
+	enumerable: true,
+	get: function() {
+		return maskMfaValue;
+	}
+});
+Object.defineProperty(exports, "maskPhone", {
+	enumerable: true,
+	get: function() {
+		return maskPhone;
+	}
+});
+Object.defineProperty(exports, "setAtPath", {
+	enumerable: true,
+	get: function() {
+		return setAtPath;
+	}
+});

package/dist/user-store-Dbc9unW3.d.mts

@@ -0,0 +1,187 @@
+//#region src/types.d.ts
+interface UserCredentials {
+  id: string;
+  username: string;
+  password: PasswordData;
+  account: AccountData;
+  mfa: MfaData;
+  /**
+   * Hashed backup codes (SHA-256, hex-encoded). Generated via
+   * `UserService.generateBackupCodes`. Undefined when the user has not
+   * enrolled backup codes; an empty array means all codes were consumed.
+   */
+  backupCodes?: string[];
+  /**
+   * Persisted device-trust records ("remember this device, skip MFA next
+   * time"). Managed by `UserService.{issue,add,verify,revoke,list}TrustedDevice`.
+   * Absent when the user has never opted in.
+   */
+  trustedDevices?: TrustedDeviceRecord[];
+}
+interface TrustedDeviceRecord {
+  /** `<raw>.<sig>` — what we hand back to the consumer and what they round-trip. */
+  token: string;
+  /** Bound IP — set when `deviceTrust.bindsTo === 'cookie+ip'`. */
+  ip?: string;
+  issuedAt: number;
+  expiresAt: number;
+  /** Optional human-readable label (e.g. user-agent summary). */
+  name?: string;
+}
+interface PasswordData {
+  /** Self-describing scrypt hash: $scrypt$N=...,r=...,p=...,l=...$salt$hash */
+  hash: string;
+  /** Previous password hashes (self-describing strings) */
+  history: string[];
+  lastChanged: number;
+  /** True when password was system-generated and user hasn't set their own */
+  isInitial: boolean;
+}
+interface AccountData {
+  active: boolean;
+  locked: boolean;
+  lockReason: string;
+  /** 0 = permanent lock, >0 = timestamp (ms) when lock expires */
+  lockEnds: number;
+  failedLoginAttempts: number;
+  lastLogin: number;
+  /**
+   * True while the user record exists from an admin-issued invite but the
+   * invitee has not yet accepted (set password + activate). Used by
+   * `InviteWorkflow` to gate the accept tail, reject duplicate invites, and
+   * power `auth.reInvite` / `auth.cancelInvite`. Absent / `false` once the
+   * invite has been accepted.
+   */
+  pendingInvitation?: boolean;
+}
+interface MfaData {
+  /** Registered MFA methods */
+  methods: MfaMethod[];
+  /** Name of the default MFA method */
+  defaultMethod: string;
+  /** Auto-send MFA challenge on login */
+  autoSend: boolean;
+}
+interface MfaMethod {
+  /** Method name: 'email', 'sms', 'totp' */
+  name: string;
+  /** Whether this method has been verified/confirmed */
+  confirmed: boolean;
+  /** The method's value: email address, phone number, or TOTP secret */
+  value: string;
+}
+interface UserServiceConfig {
+  password?: PasswordConfig;
+  lockout?: LockoutConfig;
+  /** Injectable clock for testability. Defaults to Date.now */
+  clock?: () => number;
+  /**
+   * Device-trust config. Required (with a non-empty `secret`) when any
+   * `issueTrustedDevice` / `verifyTrustedDevice` API is called; the methods
+   * throw clearly when invoked without it.
+   */
+  deviceTrust?: {
+    /** HMAC-SHA256 signing secret for trust-device tokens. */secret: string;
+  };
+}
+interface PasswordConfig {
+  /** Pepper string prepended to password before hashing */
+  pepper?: string;
+  /** Number of historical hashes to retain (0 = disabled) */
+  historyLength?: number;
+  /** scrypt cost parameter N (default 16384) */
+  scryptN?: number;
+  /** scrypt block size r (default 8) */
+  scryptR?: number;
+  /** scrypt parallelism p (default 1) */
+  scryptP?: number;
+  /** Hash output length in bytes (default 64) */
+  keyLength?: number;
+  /** Password policy rules */
+  policies?: (PasswordPolicyDef | PasswordPolicyInstance)[];
+}
+interface LockoutConfig {
+  /** Lock after this many failed attempts (0 = disabled) */
+  threshold?: number;
+  /** Lock duration in ms (0 = permanent) */
+  duration?: number;
+}
+interface PasswordPolicyDef {
+  rule: string | PasswordPolicyEvalFn;
+  description?: string;
+  errorMessage?: string;
+}
+type PasswordPolicyEvalFn = (password: string, context?: PasswordPolicyContext) => boolean | Promise<boolean>;
+interface PasswordPolicyContext {
+  passwordData?: PasswordData;
+  passwordConfig?: PasswordConfig;
+}
+/** Interface satisfied by the PasswordPolicy class (avoids circular import) */
+interface PasswordPolicyInstance extends PasswordPolicyDef {
+  evaluate(password: string, context?: PasswordPolicyContext): boolean | Promise<boolean>;
+  transferable: boolean;
+}
+type DeepPartial<T> = { [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P] };
+interface UserStoreUpdate {
+  /** Partial object with fields to set (deep-merged) */
+  set?: DeepPartial<UserCredentials>;
+  /** Dot-paths to atomically increment: e.g. {'account.failedLoginAttempts': 1} */
+  inc?: Record<string, number>;
+}
+type UserAuthErrorType = "NOT_FOUND" | "ALREADY_EXISTS" | "LOCKED" | "INACTIVE" | "INVALID_CREDENTIALS" | "POLICY_VIOLATION" | "PASSWORDS_MISMATCH" | "PASSWORD_IN_HISTORY" | "MFA_REQUIRED" | "MFA_INVALID" | "MFA_NOT_CONFIGURED";
+interface LoginResult<T extends object = object> {
+  user: UserCredentials & T;
+  /** Whether MFA verification is required before granting full access */
+  mfaRequired: boolean;
+}
+interface LockStatus {
+  locked: boolean;
+  /** True when lock has a non-zero lockEnds that is in the past */
+  expired: boolean;
+  reason: string;
+  lockEnds: number;
+}
+interface PolicyCheckResult {
+  passed: boolean;
+  policies: {
+    description: string;
+    passed: boolean;
+  }[];
+  errors: string[];
+}
+interface TransferablePolicy {
+  rule: string;
+  description?: string;
+  errorMessage?: string;
+}
+interface MfaMethodInfo {
+  name: string;
+  isDefault: boolean;
+  masked: string;
+}
+interface TotpConfig {
+  /** Time step in seconds (default 30) */
+  period?: number;
+  /** Number of digits in the code (default 6) */
+  digits?: number;
+  /** Verification window — number of steps to check on each side (default 1) */
+  window?: number;
+  /** Injectable clock for testability */
+  clock?: () => number;
+}
+//#endregion
+//#region src/store/user-store.d.ts
+declare abstract class UserStore<T extends object = object> {
+  abstract exists(username: string): Promise<boolean>;
+  abstract findByUsername(username: string): Promise<(UserCredentials & T) | null>;
+  abstract create(data: UserCredentials & T): Promise<void>;
+  abstract update(username: string, update: UserStoreUpdate): Promise<boolean>;
+  /**
+   * Hard-delete the row. Returns `true` when a row was removed, `false` when
+   * the username was not found. Used by `UserService.deleteUser` (and in turn
+   * by the invite workflow's `auth.cancelInvite` step).
+   */
+  abstract delete(username: string): Promise<boolean>;
+}
+//#endregion
+export { UserStoreUpdate as C, UserServiceConfig as S, TotpConfig as _, LockoutConfig as a, UserAuthErrorType as b, MfaMethod as c, PasswordData as d, PasswordPolicyContext as f, PolicyCheckResult as g, PasswordPolicyInstance as h, LockStatus as i, MfaMethodInfo as l, PasswordPolicyEvalFn as m, AccountData as n, LoginResult as o, PasswordPolicyDef as p, DeepPartial as r, MfaData as s, UserStore as t, PasswordConfig as u, TransferablePolicy as v, UserCredentials as x, TrustedDeviceRecord as y };

package/dist/user-store-VJPWNgdp.d.cts

@@ -0,0 +1,187 @@
+//#region src/types.d.ts
+interface UserCredentials {
+  id: string;
+  username: string;
+  password: PasswordData;
+  account: AccountData;
+  mfa: MfaData;
+  /**
+   * Hashed backup codes (SHA-256, hex-encoded). Generated via
+   * `UserService.generateBackupCodes`. Undefined when the user has not
+   * enrolled backup codes; an empty array means all codes were consumed.
+   */
+  backupCodes?: string[];
+  /**
+   * Persisted device-trust records ("remember this device, skip MFA next
+   * time"). Managed by `UserService.{issue,add,verify,revoke,list}TrustedDevice`.
+   * Absent when the user has never opted in.
+   */
+  trustedDevices?: TrustedDeviceRecord[];
+}
+interface TrustedDeviceRecord {
+  /** `<raw>.<sig>` — what we hand back to the consumer and what they round-trip. */
+  token: string;
+  /** Bound IP — set when `deviceTrust.bindsTo === 'cookie+ip'`. */
+  ip?: string;
+  issuedAt: number;
+  expiresAt: number;
+  /** Optional human-readable label (e.g. user-agent summary). */
+  name?: string;
+}
+interface PasswordData {
+  /** Self-describing scrypt hash: $scrypt$N=...,r=...,p=...,l=...$salt$hash */
+  hash: string;
+  /** Previous password hashes (self-describing strings) */
+  history: string[];
+  lastChanged: number;
+  /** True when password was system-generated and user hasn't set their own */
+  isInitial: boolean;
+}
+interface AccountData {
+  active: boolean;
+  locked: boolean;
+  lockReason: string;
+  /** 0 = permanent lock, >0 = timestamp (ms) when lock expires */
+  lockEnds: number;
+  failedLoginAttempts: number;
+  lastLogin: number;
+  /**
+   * True while the user record exists from an admin-issued invite but the
+   * invitee has not yet accepted (set password + activate). Used by
+   * `InviteWorkflow` to gate the accept tail, reject duplicate invites, and
+   * power `auth.reInvite` / `auth.cancelInvite`. Absent / `false` once the
+   * invite has been accepted.
+   */
+  pendingInvitation?: boolean;
+}
+interface MfaData {
+  /** Registered MFA methods */
+  methods: MfaMethod[];
+  /** Name of the default MFA method */
+  defaultMethod: string;
+  /** Auto-send MFA challenge on login */
+  autoSend: boolean;
+}
+interface MfaMethod {
+  /** Method name: 'email', 'sms', 'totp' */
+  name: string;
+  /** Whether this method has been verified/confirmed */
+  confirmed: boolean;
+  /** The method's value: email address, phone number, or TOTP secret */
+  value: string;
+}
+interface UserServiceConfig {
+  password?: PasswordConfig;
+  lockout?: LockoutConfig;
+  /** Injectable clock for testability. Defaults to Date.now */
+  clock?: () => number;
+  /**
+   * Device-trust config. Required (with a non-empty `secret`) when any
+   * `issueTrustedDevice` / `verifyTrustedDevice` API is called; the methods
+   * throw clearly when invoked without it.
+   */
+  deviceTrust?: {
+    /** HMAC-SHA256 signing secret for trust-device tokens. */secret: string;
+  };
+}
+interface PasswordConfig {
+  /** Pepper string prepended to password before hashing */
+  pepper?: string;
+  /** Number of historical hashes to retain (0 = disabled) */
+  historyLength?: number;
+  /** scrypt cost parameter N (default 16384) */
+  scryptN?: number;
+  /** scrypt block size r (default 8) */
+  scryptR?: number;
+  /** scrypt parallelism p (default 1) */
+  scryptP?: number;
+  /** Hash output length in bytes (default 64) */
+  keyLength?: number;
+  /** Password policy rules */
+  policies?: (PasswordPolicyDef | PasswordPolicyInstance)[];
+}
+interface LockoutConfig {
+  /** Lock after this many failed attempts (0 = disabled) */
+  threshold?: number;
+  /** Lock duration in ms (0 = permanent) */
+  duration?: number;
+}
+interface PasswordPolicyDef {
+  rule: string | PasswordPolicyEvalFn;
+  description?: string;
+  errorMessage?: string;
+}
+type PasswordPolicyEvalFn = (password: string, context?: PasswordPolicyContext) => boolean | Promise<boolean>;
+interface PasswordPolicyContext {
+  passwordData?: PasswordData;
+  passwordConfig?: PasswordConfig;
+}
+/** Interface satisfied by the PasswordPolicy class (avoids circular import) */
+interface PasswordPolicyInstance extends PasswordPolicyDef {
+  evaluate(password: string, context?: PasswordPolicyContext): boolean | Promise<boolean>;
+  transferable: boolean;
+}
+type DeepPartial<T> = { [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P] };
+interface UserStoreUpdate {
+  /** Partial object with fields to set (deep-merged) */
+  set?: DeepPartial<UserCredentials>;
+  /** Dot-paths to atomically increment: e.g. {'account.failedLoginAttempts': 1} */
+  inc?: Record<string, number>;
+}
+type UserAuthErrorType = "NOT_FOUND" | "ALREADY_EXISTS" | "LOCKED" | "INACTIVE" | "INVALID_CREDENTIALS" | "POLICY_VIOLATION" | "PASSWORDS_MISMATCH" | "PASSWORD_IN_HISTORY" | "MFA_REQUIRED" | "MFA_INVALID" | "MFA_NOT_CONFIGURED";
+interface LoginResult<T extends object = object> {
+  user: UserCredentials & T;
+  /** Whether MFA verification is required before granting full access */
+  mfaRequired: boolean;
+}
+interface LockStatus {
+  locked: boolean;
+  /** True when lock has a non-zero lockEnds that is in the past */
+  expired: boolean;
+  reason: string;
+  lockEnds: number;
+}
+interface PolicyCheckResult {
+  passed: boolean;
+  policies: {
+    description: string;
+    passed: boolean;
+  }[];
+  errors: string[];
+}
+interface TransferablePolicy {
+  rule: string;
+  description?: string;
+  errorMessage?: string;
+}
+interface MfaMethodInfo {
+  name: string;
+  isDefault: boolean;
+  masked: string;
+}
+interface TotpConfig {
+  /** Time step in seconds (default 30) */
+  period?: number;
+  /** Number of digits in the code (default 6) */
+  digits?: number;
+  /** Verification window — number of steps to check on each side (default 1) */
+  window?: number;
+  /** Injectable clock for testability */
+  clock?: () => number;
+}
+//#endregion
+//#region src/store/user-store.d.ts
+declare abstract class UserStore<T extends object = object> {
+  abstract exists(username: string): Promise<boolean>;
+  abstract findByUsername(username: string): Promise<(UserCredentials & T) | null>;
+  abstract create(data: UserCredentials & T): Promise<void>;
+  abstract update(username: string, update: UserStoreUpdate): Promise<boolean>;
+  /**
+   * Hard-delete the row. Returns `true` when a row was removed, `false` when
+   * the username was not found. Used by `UserService.deleteUser` (and in turn
+   * by the invite workflow's `auth.cancelInvite` step).
+   */
+  abstract delete(username: string): Promise<boolean>;
+}
+//#endregion
+export { UserStoreUpdate as C, UserServiceConfig as S, TotpConfig as _, LockoutConfig as a, UserAuthErrorType as b, MfaMethod as c, PasswordData as d, PasswordPolicyContext as f, PolicyCheckResult as g, PasswordPolicyInstance as h, LockStatus as i, MfaMethodInfo as l, PasswordPolicyEvalFn as m, AccountData as n, LoginResult as o, PasswordPolicyDef as p, DeepPartial as r, MfaData as s, UserStore as t, PasswordConfig as u, TransferablePolicy as v, UserCredentials as x, TrustedDeviceRecord as y };

package/package.json

@@ -0,0 +1,75 @@
+{
+  "name": "@aooth/user",
+  "version": "0.1.1",
+  "description": "User credential primitives for aoothjs",
+  "keywords": [
+    "aoothjs",
+    "auth",
+    "authentication",
+    "user"
+  ],
+  "homepage": "https://github.com/moostjs/aoothjs/tree/main/packages/user#readme",
+  "bugs": {
+    "url": "https://github.com/moostjs/aoothjs/issues"
+  },
+  "license": "MIT",
+  "author": "Artem Maltsev",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/moostjs/aoothjs.git",
+    "directory": "packages/user"
+  },
+  "files": [
+    "dist",
+    "src/atscript-db/user-credentials.as"
+  ],
+  "type": "module",
+  "sideEffects": false,
+  "main": "dist/index.mjs",
+  "module": "./dist/index.mjs",
+  "types": "dist/index.d.mts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    },
+    "./atscript-db": {
+      "types": "./dist/atscript-db.d.mts",
+      "import": "./dist/atscript-db.mjs",
+      "require": "./dist/atscript-db.cjs"
+    },
+    "./atscript-db/model.as": "./src/atscript-db/user-credentials.as",
+    "./package.json": "./package.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@prostojs/ftring": "^0.0.3"
+  },
+  "devDependencies": {
+    "@atscript/core": "^0.1.56",
+    "@atscript/db": "^0.1.80",
+    "@atscript/db-sql-tools": "^0.1.80",
+    "@atscript/db-sqlite": "^0.1.80",
+    "@atscript/typescript": "^0.1.56",
+    "@types/better-sqlite3": "^7.6.13",
+    "better-sqlite3": "^12.6.2",
+    "unplugin-atscript": "^0.1.56"
+  },
+  "peerDependencies": {
+    "@atscript/db": ">=0.1.79"
+  },
+  "peerDependenciesMeta": {
+    "@atscript/db": {
+      "optional": true
+    }
+  },
+  "scripts": {
+    "build": "vp pack",
+    "dev": "vp pack --watch",
+    "test": "vp test",
+    "check": "vp check"
+  }
+}