@p47h/vault-js 0.9.5 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -3
- package/dist/index.d.ts +404 -188
- package/dist/index.js +616 -418
- package/dist/index.js.map +1 -1
- package/dist/plugins/webpack.d.ts +2 -1
- package/dist/plugins/webpack.d.ts.map +1 -1
- package/dist/plugins/webpack.js +3 -1
- package/dist/plugins/webpack.js.map +1 -1
- package/package.json +11 -7
- package/plugins/webpack.ts +8 -4
package/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# P47H Vault JS
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
Local-first encrypted vault for browser applications.
|
|
4
|
+
Client-side key derivation, encryption, and signing via Rust/WASM.
|
|
5
5
|
|
|
6
6
|
[](./LICENSE)
|
|
7
7
|
[](https://www.npmjs.com/package/@p47h/vault-js)
|
|
@@ -12,15 +12,29 @@ P47H Vault JS addresses the insecurity of storing sensitive user secrets (API ke
|
|
|
12
12
|
|
|
13
13
|
It provides an encrypted enclave within the client application, leveraging the P47H Core Rust implementation compiled to WebAssembly. This ensures that cryptographic operations are consistent across platforms and resistant to common JavaScript-based attack vectors.
|
|
14
14
|
|
|
15
|
+
P47H Vault JS is designed for applications that require strong client-side guarantees.
|
|
16
|
+
It is not a password manager, nor a replacement for server-side HSMs.
|
|
17
|
+
|
|
15
18
|
## Key Features
|
|
16
19
|
|
|
17
20
|
* **WASM-Backed Cryptography:** Core logic resides in a compiled Rust binary, not interpreted JavaScript.
|
|
18
|
-
* **Memory Isolation:** Private keys are generated
|
|
21
|
+
* **Memory Isolation:** Private keys are generated and used inside WASM linear memory and are never exposed to the JavaScript heap in plaintext.
|
|
19
22
|
* **Authenticated Encryption:** Data is persisted using XChaCha20Poly1305.
|
|
20
23
|
* **Key Derivation:** Master keys are derived using Argon2id (OWASP recommendation) to resist brute-force attacks.
|
|
21
24
|
* **Framework Agnostic:** Pure TypeScript implementation suitable for React, Vue, Angular, or vanilla JS.
|
|
22
25
|
* **Apache 2.0 License:** Free for commercial and private use. No copyleft restrictions.
|
|
23
26
|
|
|
27
|
+
## When should I use this?
|
|
28
|
+
|
|
29
|
+
Use P47H Vault JS if you need to:
|
|
30
|
+
|
|
31
|
+
* Store API keys, tokens, or credentials in the browser
|
|
32
|
+
* Encrypt user data before it reaches your backend
|
|
33
|
+
* Generate and use cryptographic identities client-side
|
|
34
|
+
* Reduce compliance risk (GDPR, SOC2) by minimizing server-side exposure
|
|
35
|
+
|
|
36
|
+
Do not use this library if your threat model requires server-side key custody.
|
|
37
|
+
|
|
24
38
|
## Architecture
|
|
25
39
|
|
|
26
40
|
This library adheres to Clean Architecture principles. It exposes a strict interface (`IVault`) and allows for dependency injection of storage adapters, ensuring testability and modularity.
|