@naman_deep_singh/security 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +86 -12
  2. package/dist/index.d.ts +14 -3
  3. package/dist/index.js +19 -5
  4. package/package.json +12 -5
  5. package/src/index.ts +22 -4
  6. package/tsconfig.json +6 -5
package/README.md CHANGED
@@ -1,19 +1,25 @@
1
1
  # @naman_deep_singh/security
2
2
 
3
- Security utilities for password hashing and JWT token management.
3
+ Security utilities for password hashing and JWT token management with TypeScript support.
4
4
 
5
5
  ## Installation
6
6
 
7
7
  ```bash
8
8
  npm install @naman_deep_singh/security
9
- or
10
- pnpm add @naman_deep_singh/security
11
- or
12
- yarn add @naman_deep_singh/security
13
9
  ```
14
10
 
11
+ ## Features
12
+
13
+ - ✅ **Password hashing** with bcrypt (salt rounds: 10)
14
+ - ✅ **JWT token management** with configurable expiration
15
+ - ✅ **TypeScript support** with full type safety
16
+ - ✅ **Hybrid exports** - use named imports or namespace imports
17
+ - ✅ **Backward compatibility** with legacy function names
18
+ - ✅ **Async/await support** for all operations
19
+
15
20
  ## Usage
16
21
 
22
+ ### Named Imports (Tree-shakable)
17
23
  ```typescript
18
24
  import { hashPassword, verifyPassword, generateToken, verifyToken } from '@naman_deep_singh/security';
19
25
 
@@ -22,21 +28,89 @@ const hashedPassword = await hashPassword('mypassword');
22
28
  const isValid = await verifyPassword('mypassword', hashedPassword);
23
29
 
24
30
  // JWT tokens
25
- const token = generateToken({ userId: 1 }, 'your-secret-key');
31
+ const token = generateToken({ userId: 1, role: 'admin' }, 'your-secret-key', '24h');
26
32
  const decoded = verifyToken(token, 'your-secret-key');
27
33
  ```
28
34
 
29
- ## API
35
+ ### Namespace Import
36
+ ```typescript
37
+ import SecurityUtils from '@naman_deep_singh/security';
38
+
39
+ const hashedPassword = await SecurityUtils.hashPassword('mypassword');
40
+ const token = SecurityUtils.generateToken({ userId: 1 }, 'secret');
41
+ ```
42
+
43
+ ### Backward Compatibility
44
+ ```typescript
45
+ import { comparePassword, signToken } from '@naman_deep_singh/security';
46
+
47
+ // Legacy function names still work
48
+ const isValid = await comparePassword('password', 'hash');
49
+ const token = signToken({ userId: 1 }, 'secret');
50
+ ```
51
+
52
+ ## API Reference
30
53
 
31
54
  ### Password Functions
32
- - `hashPassword(password: string): Promise<string>` - Hash a password using bcrypt
55
+ - `hashPassword(password: string): Promise<string>` - Hash a password using bcrypt with salt rounds 10
33
56
  - `verifyPassword(password: string, hash: string): Promise<boolean>` - Verify password against hash
57
+ - `comparePassword(password: string, hash: string): Promise<boolean>` - Alias for verifyPassword (backward compatibility)
34
58
 
35
59
  ### JWT Functions
36
- - `generateToken(payload: object, secret: string, expiresIn?: string): string` - Generate JWT token
37
- - `verifyToken(token: string, secret: string): any` - Verify and decode JWT token
60
+ - `generateToken(payload: Record<string, unknown>, secret: Secret, expiresIn?: string): string` - Generate JWT token
61
+ - `verifyToken(token: string, secret: Secret): string | JwtPayload` - Verify and decode JWT token
62
+ - `signToken(payload: Record<string, unknown>, secret: Secret, expiresIn?: string): string` - Alias for generateToken (backward compatibility)
63
+
64
+ ## Examples
65
+
66
+ ### Complete Authentication Flow
67
+ ```typescript
68
+ import { hashPassword, verifyPassword, generateToken, verifyToken } from '@naman_deep_singh/security';
69
+
70
+ // Registration
71
+ async function registerUser(email: string, password: string) {
72
+ const hashedPassword = await hashPassword(password);
73
+ // Save user with hashedPassword to database
74
+ return { email, password: hashedPassword };
75
+ }
76
+
77
+ // Login
78
+ async function loginUser(email: string, password: string, storedHash: string) {
79
+ const isValid = await verifyPassword(password, storedHash);
80
+
81
+ if (!isValid) {
82
+ throw new Error('Invalid credentials');
83
+ }
84
+
85
+ const token = generateToken(
86
+ { email, loginTime: Date.now() },
87
+ process.env.JWT_SECRET!,
88
+ '7d'
89
+ );
90
+
91
+ return { token };
92
+ }
93
+
94
+ // Verify JWT
95
+ function authenticateRequest(token: string) {
96
+ try {
97
+ const decoded = verifyToken(token, process.env.JWT_SECRET!);
98
+ return decoded;
99
+ } catch (error) {
100
+ throw new Error('Invalid token');
101
+ }
102
+ }
103
+ ```
38
104
 
39
105
  ## Dependencies
40
106
 
41
- - bcryptjs - For password hashing
42
- - jsonwebtoken - For JWT token management
107
+ - **bcryptjs** - For secure password hashing
108
+ - **jsonwebtoken** - For JWT token management
109
+
110
+ ## Security Best Practices
111
+
112
+ 1. **Use strong secrets** for JWT signing (minimum 32 characters)
113
+ 2. **Set appropriate expiration times** for tokens
114
+ 3. **Store JWT secrets in environment variables**
115
+ 4. **Never log or expose hashed passwords**
116
+ 5. **Use HTTPS** in production for token transmission
package/dist/index.d.ts CHANGED
@@ -1,5 +1,16 @@
1
- import { Secret } from "jsonwebtoken";
1
+ import { Secret, JwtPayload } from "jsonwebtoken";
2
2
  export declare const hashPassword: (password: string) => Promise<string>;
3
+ export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
3
4
  export declare const comparePassword: (password: string, hash: string) => Promise<boolean>;
4
- export declare const signToken: (payload: object, secret: Secret, expiresIn?: string) => string;
5
- export declare const verifyToken: (token: string, secret: Secret) => object | string;
5
+ export declare const generateToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
6
+ export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
7
+ export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
8
+ declare const SecurityUtils: {
9
+ hashPassword: (password: string) => Promise<string>;
10
+ verifyPassword: (password: string, hash: string) => Promise<boolean>;
11
+ comparePassword: (password: string, hash: string) => Promise<boolean>;
12
+ generateToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
13
+ verifyToken: (token: string, secret: Secret) => string | JwtPayload;
14
+ signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
15
+ };
16
+ export default SecurityUtils;
package/dist/index.js CHANGED
@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
3
3
  return (mod && mod.__esModule) ? mod : { "default": mod };
4
4
  };
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.verifyToken = exports.signToken = exports.comparePassword = exports.hashPassword = void 0;
6
+ exports.signToken = exports.verifyToken = exports.generateToken = exports.comparePassword = exports.verifyPassword = exports.hashPassword = void 0;
7
7
  const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
8
8
  const bcryptjs_1 = __importDefault(require("bcryptjs"));
9
9
  // 🧱 Password helpers
@@ -12,16 +12,30 @@ const hashPassword = async (password) => {
12
12
  return bcryptjs_1.default.hash(password, salt);
13
13
  };
14
14
  exports.hashPassword = hashPassword;
15
- const comparePassword = async (password, hash) => {
15
+ const verifyPassword = async (password, hash) => {
16
16
  return bcryptjs_1.default.compare(password, hash);
17
17
  };
18
- exports.comparePassword = comparePassword;
18
+ exports.verifyPassword = verifyPassword;
19
+ // For backward compatibility
20
+ exports.comparePassword = exports.verifyPassword;
19
21
  // 🧩 JWT helpers
20
- const signToken = (payload, secret, expiresIn = "1h") => {
22
+ const generateToken = (payload, secret, expiresIn = "1h") => {
21
23
  return jsonwebtoken_1.default.sign(payload, secret, { expiresIn, algorithm: "HS256" });
22
24
  };
23
- exports.signToken = signToken;
25
+ exports.generateToken = generateToken;
24
26
  const verifyToken = (token, secret) => {
25
27
  return jsonwebtoken_1.default.verify(token, secret);
26
28
  };
27
29
  exports.verifyToken = verifyToken;
30
+ // For backward compatibility
31
+ exports.signToken = exports.generateToken;
32
+ // Default export for namespace usage
33
+ const SecurityUtils = {
34
+ hashPassword: exports.hashPassword,
35
+ verifyPassword: exports.verifyPassword,
36
+ comparePassword: exports.comparePassword,
37
+ generateToken: exports.generateToken,
38
+ verifyToken: exports.verifyToken,
39
+ signToken: exports.signToken
40
+ };
41
+ exports.default = SecurityUtils;
package/package.json CHANGED
@@ -1,15 +1,21 @@
1
1
  {
2
2
  "name": "@naman_deep_singh/security",
3
- "version": "1.0.2",
4
- "description": "",
5
- "type": "module",
3
+ "version": "1.0.4",
4
+ "description": "Security utilities for password hashing and JWT token management with TypeScript",
6
5
  "main": "dist/index.js",
7
6
  "types": "dist/index.d.ts",
8
7
  "scripts": {
9
8
  "build": "tsc"
10
9
  },
11
- "keywords": [],
12
- "author": "",
10
+ "keywords": [
11
+ "security",
12
+ "jwt",
13
+ "bcrypt",
14
+ "authentication",
15
+ "password",
16
+ "token"
17
+ ],
18
+ "author": "Naman Deep Singh",
13
19
  "license": "ISC",
14
20
  "packageManager": "pnpm@10.20.0",
15
21
  "dependencies": {
@@ -17,6 +23,7 @@
17
23
  "jsonwebtoken": "^9.0.2"
18
24
  },
19
25
  "devDependencies": {
26
+ "@types/bcryptjs": "^2.4.6",
20
27
  "@types/jsonwebtoken": "^9.0.10",
21
28
  "typescript": "^5.9.3"
22
29
  }
package/src/index.ts CHANGED
@@ -1,4 +1,4 @@
1
- import jwt, { Secret } from "jsonwebtoken";
1
+ import jwt, { Secret, JwtPayload } from "jsonwebtoken";
2
2
  import bcrypt from "bcryptjs";
3
3
 
4
4
  // 🧱 Password helpers
@@ -7,15 +7,33 @@ export const hashPassword = async (password: string): Promise<string> => {
7
7
  return bcrypt.hash(password, salt);
8
8
  };
9
9
 
10
- export const comparePassword = async (password: string, hash: string): Promise<boolean> => {
10
+ export const verifyPassword = async (password: string, hash: string): Promise<boolean> => {
11
11
  return bcrypt.compare(password, hash);
12
12
  };
13
13
 
14
+ // For backward compatibility
15
+ export const comparePassword = verifyPassword;
16
+
14
17
  // 🧩 JWT helpers
15
- export const signToken = (payload: object, secret: Secret, expiresIn = "1h"): string => {
18
+ export const generateToken = (payload: Record<string, unknown>, secret: Secret, expiresIn = "1h"): string => {
16
19
  return jwt.sign(payload, secret, { expiresIn, algorithm: "HS256" } as jwt.SignOptions);
17
20
  };
18
21
 
19
- export const verifyToken = (token: string, secret: Secret): object | string => {
22
+ export const verifyToken = (token: string, secret: Secret): string | JwtPayload => {
20
23
  return jwt.verify(token, secret);
21
24
  };
25
+
26
+ // For backward compatibility
27
+ export const signToken = generateToken;
28
+
29
+ // Default export for namespace usage
30
+ const SecurityUtils = {
31
+ hashPassword,
32
+ verifyPassword,
33
+ comparePassword,
34
+ generateToken,
35
+ verifyToken,
36
+ signToken
37
+ };
38
+
39
+ export default SecurityUtils;
package/tsconfig.json CHANGED
@@ -3,18 +3,19 @@
3
3
  "target": "ES2020",
4
4
  "module": "CommonJS",
5
5
  "moduleResolution": "node",
6
- "rootDir": "src",
7
- "outDir": "dist",
6
+ "rootDir": "./src",
7
+ "outDir": "./dist",
8
8
  "strict": true,
9
9
  "esModuleInterop": true,
10
10
  "allowSyntheticDefaultImports": true,
11
11
  "skipLibCheck": true,
12
12
  "forceConsistentCasingInFileNames": true,
13
+ "declaration": true,
13
14
  "baseUrl": ".",
14
15
  "paths": {
15
16
  "*": ["*", "*.ts", "*.js"]
16
17
  }
17
18
  },
18
- "include": ["src"],
19
- "exclude": ["node_modules"]
20
- }
19
+ "include": ["src/**/*"],
20
+ "exclude": ["node_modules", "dist"]
21
+ }