npm - @le-space/orbitdb-identity-provider-webauthn-did - Versions diffs - 0.1.0 → 0.2.1 - Mend

@le-space/orbitdb-identity-provider-webauthn-did 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +132 -410
package/package.json +35 -5
package/src/index.js +58 -503
package/src/keystore/encryption.js +579 -0
package/src/keystore/index.js +6 -0
package/src/keystore/provider.js +555 -0
package/src/keystore-encryption.js +6 -0
package/src/varsig/assertion.js +205 -0
package/src/varsig/credential.js +144 -0
package/src/varsig/domain.js +11 -0
package/src/varsig/identity.js +161 -0
package/src/varsig/index.js +6 -0
package/src/varsig/provider.js +78 -0
package/src/varsig/storage.js +46 -0
package/src/varsig/utils.js +43 -0
package/src/verification.js +33 -33
package/src/webauthn/provider.js +542 -0
package/verification.js +1 -0

package/README.md CHANGED Viewed

@@ -1,451 +1,173 @@
-# OrbitDB WebAuthn DID Identity Provider
+# OrbitDB WebAuthn Identity Providers
 [![Tests](https://github.com/le-space/orbitdb-identity-provider-webauthn-did/workflows/Tests/badge.svg)](https://github.com/le-space/orbitdb-identity-provider-webauthn-did/actions/workflows/test.yml) [![CI/CD](https://github.com/le-space/orbitdb-identity-provider-webauthn-did/workflows/CI%2FCD%20-%20Test%20and%20Publish/badge.svg)](https://github.com/le-space/orbitdb-identity-provider-webauthn-did/actions/workflows/ci-cd.yml)
-🚀 **[Try the Live Demo](https://w3s.link/ipfs/bafybeibrrqn27xgvq6kzxwlyrfdomgfvlsoojfg3odba755f3pezwqpdza)** - Interactive WebAuthn demo with biometric authentication
+⚠️ **Security**: Experimental release. No formal audit. Use only after your own review.
-A hardware-secured identity provider for OrbitDB using WebAuthn authentication. This provider enables hardware -secured database access (Ledger, Yubikey etc.) where private keys never leave the secure hardware element
-and biometric authentication via Passkey.
+Two WebAuthn-based OrbitDB identity providers:
-## Features
+- **WebAuthn-Varsig**: No insecure OrbitDB keystore at all. Each entry is signed by WebAuthn (varsig envelope), so keys never leave the authenticator, one Passkey (WebAuthn) prompt per write.
-- 🔐 **Hardware-secured authentication** - Uses WebAuthn with platform authenticators (Face ID, Touch ID, Windows Hello)
-- 🚫 **Private keys never leave hardware** - Keys are generated and stored in secure elements
-- 🌐 **Cross-platform compatibility** - Works across modern browsers and platforms
-- 📱 **Biometric authentication** - Seamless user experience with fingerprint, face recognition, or PIN
-- 🔒 **Quantum-resistant** - P-256 elliptic curve cryptography with hardware backing
-- 🆔 **DID-based identity** - Generates deterministic `did:key` DIDs based on WebAuthn credentials
+- **Keystore-based DID**: Generates an Ed25519/secp256k1 keystore keypair for OrbitDB signing in browser memory. When `encryptKeystore` is enabled, the private key is encrypted with AES-GCM and only rehydrated in memory after a WebAuthn unlock (PRF, largeBlob, or hmac-secret).
-## Installation
+**Recommendation (security-first):**
-```bash
-npm install orbitdb-identity-provider-webauthn-did
-```
-## Basic Usage
-```javascript
-import { createOrbitDB, Identities, IPFSAccessController } from '@orbitdb/core'
-import { createHelia } from 'helia'
-import {
-  WebAuthnDIDProvider,
-  OrbitDBWebAuthnIdentityProviderFunction,
-  registerWebAuthnProvider,
-  checkWebAuthnSupport,
-  storeWebAuthnCredential,
-  loadWebAuthnCredential
-} from 'orbitdb-identity-provider-webauthn-did'
-// Check WebAuthn support
-const support = await checkWebAuthnSupport()
-if (!support.supported) {
-  console.error('WebAuthn not supported:', support.message)
-  return
-}
-// Create or load WebAuthn credential
-let credential = loadWebAuthnCredential()
-if (!credential) {
-  // Create new WebAuthn credential (triggers biometric prompt)
-  credential = await WebAuthnDIDProvider.createCredential({
-    userId: 'alice@example.com',
-    displayName: 'Alice Smith'
-  })
-  // Store credential for future use
-  storeWebAuthnCredential(credential)
-}
-// Register the WebAuthn provider
-registerWebAuthnProvider()
-// Create identities instance
-const identities = await Identities()
-// Create WebAuthn identity
-const identity = await identities.createIdentity({
-  provider: OrbitDBWebAuthnIdentityProviderFunction({ webauthnCredential: credential })
-})
-// Create IPFS instance - see OrbitDB Liftoff example for full libp2p configuration:
-// https://github.com/orbitdb/orbitdb/tree/main/examples/liftoff
-const ipfs = await createHelia()
-// Create OrbitDB instance with WebAuthn identity
-const orbitdb = await createOrbitDB({
-  ipfs,
-  identities,
-  identity
-})
-// Create a database - will require biometric authentication for each write
-const db = await orbitdb.open('my-secure-database', {
-  type: 'keyvalue',
-  accessController: IPFSAccessController({
-    write: [identity.id] // Only this WebAuthn identity can write
-  })
-})
-// Adding data will trigger biometric prompt
-await db.put('greeting', 'Hello, secure world!')
-```
+- **Best security:** Varsig provider (hardware-backed key for every write).
+- **Best balance:** Keystore provider with WebAuthn-encrypted keystore (fewer prompts, faster writes, key material in memory during session).
-## Advanced Configuration
+Note: WebAuthn varsig support in this repo relies on our forked `@le-space/iso-*` packages of [Hugo Dias iso-repo](https://github.com/hugomrdias/iso-repo/) (notably `@le-space/iso-did` and `@le-space/iso-webauthn-varsig`) to align with the updated varsig flow.
-### LibP2P and IPFS Setup
-For an example libp2p configuration. See the [OrbitDB Liftoff example](https://github.com/orbitdb/liftoff) for example libp2p setup including:
+## Install
-### Credential Creation Options
-```javascript
-const credential = await WebAuthnDIDProvider.createCredential({
-  userId: 'unique-user-identifier',
-  displayName: 'User Display Name',
-  domain: 'your-app-domain.com', // Defaults to current hostname
-  timeout: 60000 // Authentication timeout in milliseconds
-})
-```
-### Identity Provider Configuration
-```javascript
-// Manual identity provider setup
-import { OrbitDBWebAuthnIdentityProviderFunction } from 'orbitdb-identity-provider-webauthn-did'
-const identityProvider = OrbitDBWebAuthnIdentityProviderFunction({
-  webauthnCredential: credential
-})
-const orbitdb = await createOrbitDB({
-  identity: {
-    provider: identityProvider
-  }
-})
-```
-## WebAuthn Support Detection
-The library provides utilities to check WebAuthn compatibility:
-```javascript
-import { checkWebAuthnSupport, WebAuthnDIDProvider } from 'orbitdb-identity-provider-webauthn-did'
-// Comprehensive support check
-const support = await checkWebAuthnSupport()
-console.log({
-  supported: support.supported,
-  platformAuthenticator: support.platformAuthenticator,
-  message: support.message
-})
-// Quick checks
-const isSupported = WebAuthnDIDProvider.isSupported()
-const hasBiometric = await WebAuthnDIDProvider.isPlatformAuthenticatorAvailable()
+```bash
+npm install orbitdb-identity-provider-webauthn-did
 ```
-## Browser Compatibility
+Note: `@orbitdb/core` is patched (via `patch-package`) to support Ed25519 keystore keys.
-| Browser | Version | Face ID | Touch ID | Windows Hello |
-|---------|---------|---------|----------|---------------|
-| Chrome  | 67+     | ✅      | ✅       | ✅            |
-| Firefox | 60+     | ✅      | ✅       | ✅            |
-| Safari  | 14+     | ✅      | ✅       | ✅            |
-| Edge    | 18+     | ✅      | ✅       | ✅            |
-## Platform Support
-- **macOS**: Face ID, Touch ID
-- **iOS**: Face ID, Touch ID
-- **Windows**: Windows Hello (face, fingerprint, PIN)
-- **Android**: Fingerprint, face unlock, screen lock
-- **Linux**: FIDO2 security keys, fingerprint readers
-## Credential Storage Utilities
-The library provides utility functions for properly storing and loading WebAuthn credentials:
-### Using the Built-in Utilities:
+## Memory Keystore Quick Start
 ```javascript
-import {
-  storeWebAuthnCredential,
-  loadWebAuthnCredential,
-  clearWebAuthnCredential
-} from 'orbitdb-identity-provider-webauthn-did'
-// Store credential (handles Uint8Array serialization automatically)
-storeWebAuthnCredential(credential)
+import { WebAuthnDIDProvider, OrbitDBWebAuthnIdentityProviderFunction } from 'orbitdb-identity-provider-webauthn-did';
-// Load credential (handles Uint8Array deserialization automatically)
-const credential = loadWebAuthnCredential()
-// Clear stored credential
-clearWebAuthnCredential()
+const credential = await WebAuthnDIDProvider.createCredential({
+  userId: 'alice@example.com',
+  displayName: 'Alice'
+});
-// Use custom storage keys
-storeWebAuthnCredential(credential, 'my-custom-key')
-const credential = loadWebAuthnCredential('my-custom-key')
+const identity = await identities.createIdentity({
+  provider: OrbitDBWebAuthnIdentityProviderFunction({ webauthnCredential: credential })
+});
 ```
-**Why we provide these utilities**: WebAuthn credentials contain `Uint8Array` objects that don't serialize properly with `JSON.stringify()`. Without proper serialization, the public key coordinates become empty arrays after loading from localStorage, causing DID generation to fail. Our utility functions handle this complexity automatically and ensure proper `did:key` format generation.
-## Verification Utilities
-The library provides comprehensive verification utilities to validate database operations and identity storage without relying on external network calls:
+### Hardware Secured - Varsig Quick Start
 ```javascript
-import {
-  verifyDatabaseUpdate,
-  verifyIdentityStorage,
-  verifyDataEntries,
-  isValidWebAuthnDID
-} from 'orbitdb-identity-provider-webauthn-did'
-// Verify database update events
-const updateResult = await verifyDatabaseUpdate(database, identityHash, expectedWebAuthnDID)
-if (updateResult.success) {
-  console.log('✅ Database update verified')
-} else {
-  console.log('❌ Verification failed:', updateResult.error)
-}
-// Verify identity is properly stored
-const storageResult = await verifyIdentityStorage(identities, identity)
-console.log('Identity stored correctly:', storageResult.success)
-// Verify generic data entries with custom matching
-const dataResults = await verifyDataEntries(database, dataItems, expectedWebAuthnDID, {
-  matchFn: (dbItem, expectedItem) => dbItem.id === expectedItem.id,
-  checkLog: true
-})
-// DID format validation
-if (isValidWebAuthnDID(identity.id)) {
-  console.log('Valid WebAuthn DID format')
-}
-```
-### Verification Features
-- **Database-centric verification**: Uses local database state instead of unreliable IPFS gateway calls
-- **Access control validation**: Verifies write permissions and database ownership
-- **Identity storage checking**: Confirms identities are properly stored in OrbitDB's identity store
-- **Generic data verification**: Flexible verification system that works with any data structure
-- **DID format validation**: Utility functions for WebAuthn DID validation and parsing
-- **Pragmatic fallback**: Provides fallback verification when network resources are unavailable
-## Security Considerations
-### Private Key Security
-- Private keys are generated within the secure hardware element
-- Keys cannot be extracted, cloned, or compromised through software attacks
-- Each authentication requires user presence and verification
-### DID Generation
-- DIDs are deterministically generated from the WebAuthn public key
-- Same credential always produces the same DID
-- Format: `did:key:{base58btc-encoded-multikey}` (compliant with DID key specification)
-### Authentication Flow
-1. User attempts database operation
-2. WebAuthn prompt appears
-3. User provides authentication
-4. Hardware element signs the operation
-5. OrbitDB verifies the signature
-## Error Handling
+import { WebAuthnVarsigProvider, createWebAuthnVarsigIdentity } from 'orbitdb-identity-provider-webauthn-did';
-The library provides detailed error handling for common WebAuthn scenarios:
+const credential = await WebAuthnVarsigProvider.createCredential({
+  userId: 'alice@example.com',
+  displayName: 'Alice'
+});
-```javascript
-try {
-  const credential = await WebAuthnDIDProvider.createCredential()
-} catch (error) {
-  switch (error.message) {
-    case 'Biometric authentication was cancelled or failed':
-      // User cancelled or biometric failed
-      break
-    case 'WebAuthn is not supported on this device':
-      // Device/browser doesn't support WebAuthn
-      break
-    case 'A credential with this ID already exists':
-      // Credential already registered for this user
-      break
-    default:
-      console.error('WebAuthn error:', error.message)
-  }
-}
+const identity = await createWebAuthnVarsigIdentity({ credential });
 ```
-## Development
-### Building
-```bash
-npm run build
+### Keystore-based DID (WebAuthn + OrbitDB keystore)
+```mermaid
+sequenceDiagram
+  autonumber
+  participant User
+  participant App
+  participant WebAuthn
+  participant Auth as Authenticator
+  participant KS as OrbitDB Keystore
+  participant Enc as KeystoreEncryption
+  participant DB as OrbitDB
+  User->>App: Create credential
+  App->>WebAuthn: create()
+  WebAuthn->>Auth: Create passkey
+  Auth-->>WebAuthn: Attestation
+  WebAuthn-->>App: Credential
+  App->>KS: getKey()/createKey(Ed25519)
+  KS-->>App: Keystore keypair
+  opt encryptKeystore=true
+    App->>Enc: generateSecretKey()
+    Enc-->>App: sk
+    App->>Enc: encrypt keystore private key (AES-GCM)
+    alt prf
+      App->>WebAuthn: get() with PRF
+      WebAuthn->>Auth: User verification
+      Auth-->>WebAuthn: PRF output
+      WebAuthn-->>App: PRF bytes
+      App->>Enc: wrap sk with PRF
+    else largeBlob
+      App->>WebAuthn: get() with largeBlob write
+      WebAuthn->>Auth: User verification
+      Auth-->>WebAuthn: Store sk in largeBlob
+      WebAuthn-->>App: largeBlob stored
+    else hmac-secret
+      App->>WebAuthn: get() with hmac-secret
+      WebAuthn->>Auth: User verification
+      Auth-->>WebAuthn: HMAC output
+      WebAuthn-->>App: HMAC bytes
+      App->>Enc: wrap sk with HMAC
+    end
+  end
+  App->>DB: db.put()
+  DB->>KS: sign entry with keystore key
+  KS-->>DB: Entry signature
+  Note over App,KS: Keystore private key is stored encrypted at rest.
 ```
-### Testing
-```bash
-npm test
+### Varsig (no keystore)
+```mermaid
+sequenceDiagram
+  autonumber
+  participant User
+  participant App
+  participant WebAuthn
+  participant Auth as Authenticator
+  participant Var as Varsig Provider
+  participant DB as OrbitDB
+  User->>App: Create credential
+  App->>WebAuthn: create()
+  WebAuthn->>Auth: Create passkey
+  Auth-->>WebAuthn: Attestation
+  WebAuthn-->>App: Credential
+  User->>App: Create varsig identity
+  App->>Var: createIdentity()
+  Var->>WebAuthn: get()
+  WebAuthn->>Auth: User verification
+  Auth-->>WebAuthn: Assertion
+  WebAuthn-->>Var: Assertion
+  Var->>Var: encode varsig envelope
+  Var-->>App: Identity
+  User->>App: Add entry
+  App->>DB: db.put()
+  DB->>Var: signIdentity(payload)
+  Var->>WebAuthn: get()
+  WebAuthn->>Auth: User verification
+  Auth-->>WebAuthn: Assertion
+  WebAuthn-->>Var: Assertion
+  Var->>Var: encode varsig envelope
+  Var-->>DB: Varsig signature
 ```
-The test suite includes both unit tests and browser integration tests that verify WebAuthn functionality across different platforms.
-### Dependencies
-- `@orbitdb/core` - OrbitDB core functionality
-- `cbor-web` - CBOR decoding for WebAuthn attestation objects
-## API Reference
-### WebAuthnDIDProvider
-Core class for WebAuthn DID operations.
-#### Static Methods
-- `isSupported()` - Check if WebAuthn is supported
-- `isPlatformAuthenticatorAvailable()` - Check for biometric authenticators
-- `createCredential(options)` - Create new WebAuthn credential
-- `createDID(credentialInfo)` - Generate DID from credential
-- `extractPublicKey(credential)` - Extract public key from WebAuthn credential
-#### Instance Methods
-- `sign(data)` - Sign data using WebAuthn (triggers biometric prompt)
-- `verify(signature, data, publicKey)` - Verify WebAuthn signature
-### OrbitDBWebAuthnIdentityProvider
-OrbitDB-compatible identity provider.
-#### Methods
-- `getId()` - Get the DID identifier
-- `signIdentity(data, options)` - Sign identity data
-- `verifyIdentity(signature, data, publicKey)` - Verify identity signature
-### Utility Functions
-- `registerWebAuthnProvider()` - Register provider with OrbitDB
-- `checkWebAuthnSupport()` - Comprehensive support detection
-- `OrbitDBWebAuthnIdentityProviderFunction(options)` - Provider factory function
-- `storeWebAuthnCredential(credential, key?)` - Store credential to localStorage with proper serialization
-- `loadWebAuthnCredential(key?)` - Load credential from localStorage with proper deserialization
-- `clearWebAuthnCredential(key?)` - Clear stored credential from localStorage
 ## Examples
-See the `test/` directory for comprehensive usage examples including:
-- Basic credential creation and authentication
-- Multi-platform compatibility testing
-- Error handling scenarios
-- Integration with OrbitDB databases
-## Reference Documentation
+Svelte demos:
+- `examples/webauthn-todo-demo/` - WebAuthn DID (no keystore signing; identity-only).
+- `examples/ed25519-encrypted-keystore-demo/` - Ed25519 keystore DID; keystore encrypted at rest with WebAuthn (PRF when available, otherwise largeBlob/hmac-secret).
+- `examples/webauthn-varsig-demo/` - Varsig provider with passkey signing for each entry. Live demo: https://dweb.link/ipfs/bafybeib6tpwiby7pik67ufb3lxpr3j4by2l7r3ov3zzk6hjbzjzgsvckhy
-### Core Technologies
+Scripted examples:
+- `examples/ed25519-keystore-did-example.js` - Keystore DID flow.
+- `examples/encrypted-keystore-example.js` - Keystore encryption flow.
+- `examples/simple-encryption-integration.js` - Keystore + database content encryption.
-#### OrbitDB
-- [OrbitDB Documentation](https://orbitdb.org/docs/) - Peer-to-peer database for the decentralized web
-- [OrbitDB GitHub](https://github.com/orbitdb/orbitdb) - Source code and examples
-- [OrbitDB Liftoff Example](https://github.com/orbitdb/orbitdb/tree/main/examples/liftoff) - Complete setup guide
+Mermaid sequences for scripts:
+- `docs/EXAMPLE-SEQUENCES.md`
-#### IPFS & Helia
-- [Helia Documentation](https://helia.io/) - Lean, modular, and modern implementation of IPFS for JavaScript
-- [Helia GitHub](https://github.com/ipfs/helia) - Source code and examples
-- [IPFS Documentation](https://docs.ipfs.tech/) - InterPlanetary File System docs
+## Documentation
-#### libp2p
-- [libp2p Documentation](https://docs.libp2p.io/) - Modular network stack for peer-to-peer applications
-- [libp2p JavaScript](https://github.com/libp2p/js-libp2p) - JavaScript implementation
-- [libp2p Browser Examples](https://github.com/libp2p/js-libp2p/tree/main/examples) - Browser-specific configurations
-### WebAuthn & Authentication
-#### WebAuthn Standard
-- [WebAuthn W3C Specification](https://w3c.github.io/webauthn/) - Official WebAuthn standard
-- [WebAuthn Guide](https://webauthn.guide/) - Comprehensive WebAuthn tutorial
-- [MDN WebAuthn API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API) - Browser API documentation
-#### Passkeys
-- [Passkeys.dev](https://passkeys.dev/) - Complete guide to implementing passkeys
-- [Apple Passkeys](https://developer.apple.com/passkeys/) - iOS/macOS passkey implementation
-- [Google Passkeys](https://developers.google.com/identity/passkeys) - Android/Chrome passkey support
-- [Microsoft Passkeys](https://docs.microsoft.com/en-us/microsoft-edge/web-platform/passkeys) - Windows Hello integration
-#### Hardware Security Keys
-##### Ledger WebAuthn
-- [Ledger WebAuthn Support](https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F) - FIDO U2F and WebAuthn on Ledger devices
-- [Ledger Developer Portal](https://developers.ledger.com/) - Building apps for Ledger hardware wallets
-- [Ledger WebAuthn Example](https://github.com/LedgerHQ/ledger-live/tree/develop/apps/ledger-live-desktop/src/renderer/families/ethereum/WebAuthnModal) - Implementation examples
-##### YubiKey WebAuthn
-- [YubiKey WebAuthn Guide](https://developers.yubico.com/WebAuthn/) - Complete WebAuthn implementation guide
-- [YubiKey Developer Program](https://developers.yubico.com/) - SDKs, libraries, and documentation
-- [YubiKey WebAuthn Examples](https://github.com/Yubico/java-webauthn-server) - Server-side WebAuthn implementation
-- [YubiKey JavaScript Library](https://github.com/Yubico/yubikit-web) - Web integration tools
-#### Browser Compatibility
-- [Can I Use WebAuthn](https://caniuse.com/webauthn) - Browser support matrix
-- [WebAuthn Awesome List](https://github.com/herrjemand/awesome-webauthn) - Curated WebAuthn resources
-- [FIDO Alliance](https://fidoalliance.org/) - Industry standards and certification
-### Cryptography & DIDs
-#### Decentralized Identifiers (DIDs)
-- [DID W3C Specification](https://w3c.github.io/did-core/) - Official DID standard
-- [DID Method Registry](https://w3c.github.io/did-spec-registries/) - Registered DID methods
-- [DID Primer](https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/topics-and-advance-readings/did-primer.md) - Introduction to DIDs
-#### P-256 Elliptic Curve Cryptography
-- [RFC 6090 - ECC Algorithms](https://tools.ietf.org/html/rfc6090) - Fundamental ECC operations
-- [NIST P-256 Curve](https://csrc.nist.gov/csrc/media/events/workshop-on-elliptic-curve-cryptography-standards/documents/papers/session6-adalier-mehmet.pdf) - Technical specifications
-- [WebCrypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) - Browser cryptography APIs
-## Changelog
-### v0.1.0 - DID Key Format Migration (2025-01-10)
-**⚠️ BREAKING CHANGES**
-- **DID Format Change**: Migrated from custom `did:webauthn:` format to standard-compliant `did:key:` format
-- **Ucanto Compatibility**: Now compatible with ucanto's P-256 key support for UCAN delegation
-- **Standard Compliance**: Uses proper multikey encoding with P-256 multicodec prefix (0x1200)
-- **Base58btc Encoding**: Implements correct base58btc encoding for multikey representation
-**Technical Changes**:
-- Fixed varint encoding issues in multiformats integration
-- Updated all tests to validate `did:key:` format instead of `did:webauthn:`
-- Improved error handling and fallback mechanisms for DID generation
-- Enhanced public key compression and encoding
-**Migration Guide**: Existing credentials will generate new DID identifiers. Users will need to recreate their OrbitDB databases or migrate data manually.
-### v0.0.2 - Initial WebAuthn Implementation (2024-12-20)
-- Initial release with WebAuthn DID provider
-- Custom `did:webauthn:` format (deprecated in v0.1.0)
-- Basic OrbitDB integration
-- Platform authenticator support
-## Contributing
-Contributions are welcome! Please ensure all tests pass and follow the existing code style.
+- `docs/USAGE-GUIDE.md`
+- `docs/ED25519-KEYSTORE-DID.md`
+- `docs/WEBAUTHN-ENCRYPTED-KEYSTORE-INTEGRATION.md`
+- `docs/WEBAUTHN-DID-AND-ORBITDB-IDENTITY.md`
 ## License
-MIT License - see LICENSE file for details.
-## Security Disclosures
-For security vulnerabilities, please email security@le-space.de instead of using the issue tracker.
+MIT. See `LICENSE`.

package/package.json CHANGED Viewed

@@ -1,11 +1,16 @@
 {
   "name": "@le-space/orbitdb-identity-provider-webauthn-did",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "WebAuthn-based DID identity provider for OrbitDB for hardware-secured wallets and biometric Passkey authentication",
   "main": "src/index.js",
   "type": "module",
+  "exports": {
+    ".": "./src/index.js",
+    "./verification": "./verification.js"
+  },
   "scripts": {
-    "test": "playwright test tests/webauthn-focused.test.js --project=chromium",
+    "postinstall": "patch-package",
+    "test": "npm run test:all",
     "test:all": "playwright test",
     "test:headed": "playwright test tests/webauthn-focused.test.js --headed --project=chromium",
     "test:ui": "playwright test --ui",
@@ -14,8 +19,10 @@
     "test:integration": "playwright test tests/webauthn-integration.test.js",
     "test:verification": "playwright test tests/webauthn-verification.test.js --project=chromium",
     "test:ci": "playwright test tests/webauthn-verification.test.js --project=chromium --reporter=github",
-    "test:old": "mocha test/*.test.js",
-    "test:watch": "mocha test/*.test.js --watch",
+    "test:logging": "DEBUG='orbitdb-identity-provider-webauthn-did*' playwright test tests/webauthn-logging-e2e.test.js --project=chromium --reporter=line",
+    "test:varsig-e2e": "playwright test tests/webauthn-varsig-e2e.test.js --project=chromium --reporter=line",
+    "test:encrypted-keystore": "USE_ENCRYPTED_DEMO=true playwright test tests/ed25519-encrypted-keystore-e2e.test.js --project=chromium --reporter=line",
+    "test:encrypted-keystore-headed": "USE_ENCRYPTED_DEMO=true playwright test tests/ed25519-encrypted-keystore-e2e.test.js --headed --project=chromium",
     "test:full-flow": "npm run demo:setup && npm run test:focused",
     "lint": "eslint src/ tests/",
     "lint:fix": "eslint src/ tests/ --fix",
@@ -54,7 +61,16 @@
     "@orbitdb/core": "^3.0.0"
   },
   "dependencies": {
+    "@ipld/dag-cbor": "^9.2.5",
+    "@libp2p/logger": "^5.1.5",
+    "@libp2p/crypto": "^5.1.8",
+    "@simplewebauthn/browser": "^13.0.0",
     "cbor-web": "^9.0.1",
+    "iso-base": "npm:@le-space/iso-base",
+    "iso-did": "npm:@le-space/iso-did@2.1.2",
+    "iso-passkeys": "npm:@le-space/iso-passkeys",
+    "iso-web": "^2.1.0",
+    "iso-webauthn-varsig": "npm:@le-space/iso-webauthn-varsig",
     "multiformats": "^13.0.0",
     "vite-plugin-node-polyfills": "^0.24.0"
   },
@@ -65,7 +81,8 @@
     "eslint": "^9.0.0",
     "helia": "^5.0.0",
     "libp2p": "^2.0.0",
-    "mocha": "^10.0.0"
+    "mocha": "^10.0.0",
+    "patch-package": "^8.0.1"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -75,10 +92,23 @@
   },
   "files": [
     "src/",
+    "verification.js",
     "README.md",
     "LICENSE",
     "package.json"
   ],
+  "pnpm": {
+    "overrides": {
+      "iso-base": "npm:@le-space/iso-base",
+      "iso-did": "npm:@le-space/iso-did@2.1.2",
+      "iso-webauthn-varsig": "npm:@le-space/iso-webauthn-varsig"
+    },
+    "onlyBuiltDependencies": [
+      "@ipshipyard/node-datachannel",
+      "classic-level",
+      "esbuild"
+    ]
+  },
   "publishConfig": {
     "access": "public"
   }