npm - bro-auth - Versions diffs - 0.1.0 - Mend

bro-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,33 @@
+┌──────────────────────────────────────────────────────────────┐
+│  █▄▄ █▀█ █▀█   ▄▀█ █░█ ▀█▀ █░█      bro-auth                │
+│  █▄█ █▀▄ █▄█   █▀█ █▀█ ░█░ █▀█                              │
+├──────────────────────────────────────────────────────────────┤
+│     Stateless JWT · Device Fingerprinting · Zero Replay      │
+└──────────────────────────────────────────────────────────────┘
+# bro-auth
+A lightweight, **stateless**, and **high-security** authentication layer using:
+✅ JWT access tokens
+✅ Refresh tokens
+✅ Device fingerprint binding (prevents stolen-token replay)
+✅ No database required
+bro-auth aims to provide **DPoP-inspired protection** without the complexity.
+---
+## 🚀 Features
+- 🔐 **Stateless JWT authentication**
+- 🆔 **Device fingerprint binding** (SHA-256 hashed)
+- 🚫 **Replay attack protection** (tokens tied to a specific browser)
+- ⚡ Lightweight, zero dependencies except `jsonwebtoken` + `crypto-es`
+- 🧩 Works with ANY backend (Next.js, Express, Node HTTP)
+- 🌐 Browser module provided for fingerprint extraction
+- 📦 Ready for NPM consumption
+---
+## 📦 Installation

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,76 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/browser/index.js
+var index_exports = {};
+__export(index_exports, {
+  getFingerprint: () => getFingerprint
+});
+module.exports = __toCommonJS(index_exports);
+// src/browser/fingerprint.js
+var import_crypto_es = require("crypto-es");
+async function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const ctx = canvas.getContext("2d");
+    ctx.textBaseline = "top";
+    ctx.font = "14px 'Arial'";
+    ctx.fillStyle = "#f60";
+    ctx.fillRect(0, 0, 100, 20);
+    ctx.fillStyle = "#000";
+    ctx.fillText("bro-auth-fingerprint", 2, 15);
+    return canvas.toDataURL();
+  } catch {
+    return "no-canvas";
+  }
+}
+function getGPUFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+    if (!gl) return "no-webgl";
+    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
+  } catch {
+    return "no-webgl";
+  }
+}
+async function getFingerprint() {
+  const components = {
+    userAgent: navigator.userAgent,
+    platform: navigator.platform,
+    language: navigator.language,
+    languages: navigator.languages.join(","),
+    screen: `${screen.width}x${screen.height}`,
+    colorDepth: screen.colorDepth,
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    cpuCores: navigator.hardwareConcurrency || "unknown",
+    deviceMemory: navigator.deviceMemory || "unknown",
+    gpu: getGPUFingerprint(),
+    canvas: await getCanvasFingerprint()
+  };
+  const rawString = Object.values(components).join("|");
+  const fpHash = (0, import_crypto_es.SHA256)(rawString).toString();
+  return {
+    raw: rawString,
+    hash: fpHash,
+    components
+  };
+}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,54 @@
+// src/browser/fingerprint.js
+import { SHA256 } from "crypto-es";
+async function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const ctx = canvas.getContext("2d");
+    ctx.textBaseline = "top";
+    ctx.font = "14px 'Arial'";
+    ctx.fillStyle = "#f60";
+    ctx.fillRect(0, 0, 100, 20);
+    ctx.fillStyle = "#000";
+    ctx.fillText("bro-auth-fingerprint", 2, 15);
+    return canvas.toDataURL();
+  } catch {
+    return "no-canvas";
+  }
+}
+function getGPUFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+    if (!gl) return "no-webgl";
+    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
+  } catch {
+    return "no-webgl";
+  }
+}
+async function getFingerprint() {
+  const components = {
+    userAgent: navigator.userAgent,
+    platform: navigator.platform,
+    language: navigator.language,
+    languages: navigator.languages.join(","),
+    screen: `${screen.width}x${screen.height}`,
+    colorDepth: screen.colorDepth,
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    cpuCores: navigator.hardwareConcurrency || "unknown",
+    deviceMemory: navigator.deviceMemory || "unknown",
+    gpu: getGPUFingerprint(),
+    canvas: await getCanvasFingerprint()
+  };
+  const rawString = Object.values(components).join("|");
+  const fpHash = SHA256(rawString).toString();
+  return {
+    raw: rawString,
+    hash: fpHash,
+    components
+  };
+}
+export {
+  getFingerprint
+};

package/package.json ADDED Viewed

@@ -0,0 +1,53 @@
+{
+  "name": "bro-auth",
+  "version": "0.1.0",
+  "description": "bro-auth — Stateless, fingerprint-bound JWT authentication. Server utilities + browser fingerprinting module.",
+  "type": "module",
+  "main": "dist/index.cjs",
+  "module": "dist/index.mjs",
+  "browser": "dist/browser.mjs",
+  "exports": {
+  ".": {
+    "import": "./dist/index.js",
+    "require": "./dist/index.cjs"
+  },
+  "./browser": {
+    "import": "./dist/browser.js",
+    "require": "./dist/browser.cjs"
+  }
+}
+,
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+  "clean": "rimraf dist",
+  "build:server": "tsup src/core/index.js --format cjs,esm --no-dts --out-dir dist",
+  "build:browser": "tsup src/browser/index.js --format cjs,esm --no-dts --out-dir dist --platform browser",
+  "build": "npm run clean && npm run build:server && npm run build:browser",
+  "prepack": "npm run build",
+  "test": "node --input-type=module -e \"import * as core from './dist/index.js'; console.log('core exports:', Object.keys(core));\""
+},
+  "keywords": [
+    "jwt",
+    "authentication",
+    "browser fingerprint",
+    "token binding",
+    "security",
+    "bro-auth",
+    "auth"
+  ],
+  "author": "Vaishnav",
+  "license": "MIT",
+  "dependencies": {
+    "crypto-es": "^3.1.2",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "rimraf": "^5.0.10",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3"
+  }
+}