cybertoken 1.0.1

package/.github/FUNDING.yml

@@ -0,0 +1 @@
+github: nikeee

package/.github/dependabot.yaml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

package/.github/workflows/CI.yaml

@@ -0,0 +1,66 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x, 18.x, 19.x]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - run: npm ci
+      - run: npm run test:coverage
+
+  docs-build:
+    name: Build Docs
+    runs-on: ubuntu-latest
+    needs:
+      - test
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 19.x
+          cache: npm
+
+      - run: npm ci
+      - run: npm run docs
+
+      - uses: actions/upload-pages-artifact@v1
+        with:
+          path: ./docs
+
+  docs-deploy:
+    name: Deploy Docs
+    runs-on: ubuntu-latest
+    if: ${{ github.ref == 'refs/heads/master' }}
+
+    permissions:
+      pages: write
+      id-token: write
+
+    needs:
+      - docs-build
+
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v1

package/.prettierrc.json

@@ -0,0 +1,3 @@
+{
+  "arrowParens": "avoid"
+}

package/README.md

@@ -0,0 +1,94 @@
+# cybertoken [![CI](https://github.com/nikeee/cybertoken/actions/workflows/CI.yaml/badge.svg)](https://github.com/nikeee/cybertoken/actions/workflows/CI.yaml) [![npm badge](https://img.shields.io/npm/v/cybertoken)](https://www.npmjs.com/package/cybertoken)
+
+A token format for APIs inspired by the GitHub's API token format. Think of it as a standardized password format with some handy properties. Intended for API token and password generation.
+
+## What is this?
+
+GitHub changed their token format a while back and explained the reasons in an insightful blog post[^1].
+
+tl;dr:
+
+1. Having a defined format for secrets is good for **automated secret scanning**.
+2. Putting some prefix to a secret makes **debugging easier** when looking at some random token.
+3. Using `_` instead of `-` is better for double-click **text selection**: `abc_def` vs `abc-def`.
+4. Using Base62[^2] instead of Base64 results in **less encoding errors** when passing the token somewhere.
+5. **CRC32 checksum** at the end of the token for faster offline syntactic check of a token (used as a heuristic, not for security).
+
+These properties make this token format suitable for things like API tokens, which is what cybertoken is.
+
+## Usage
+
+Install:
+
+```sh
+npm install cybertoken
+```
+
+```js
+import { createTokenGenerator } from "cybertoken";
+
+const apiTokenGenerator = createTokenGenerator({
+  prefixWithoutUnderscore: "contoso",
+});
+
+const token = apiTokenGenerator.generateToken();
+// Securely hash `token` and save it in your database. Return `token` to the user once.
+
+console.log(token);
+// contoso_IvN2xEuHUDjQ3PNQgZkILWc7GUxpmThDD410NQxJalD5GjY
+```
+
+### Bonus
+
+You can also use cybertokens as passwords. If you use GitHub, you can set up a [custom secret scanning pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning) that will prevent anyone from pushing anything that looks like a cybertoken that your org uses.
+
+For example, use this pattern for Cybertokens with the prefix `contosopass`:
+
+```regex
+contosopass_[0-9A-Za-z]{10,}
+```
+
+#### CLI Usage
+The npm package also offers a command-line utility to generate tokens.
+```sh
+npm install -g cybertoken
+```
+Usage:
+```
+cybertoken <prefix>
+
+# example:
+cybertoken test
+test_KOK5QxQr4GBGk97X8Ij5ZnyZO24kMIEiW1LdUYIqEj7A5Nv
+```
+
+You can also provide the token prefix via an env variable:
+```sh
+CYBERTOKEN_PREFIX=foo cybertoken
+```
+
+To make thing easier, you can put this in your `.bashrc`:
+```sh
+echo "export CYBERTOKEN_PREFIX=foo" >> ~/.bashrc
+```
+...and now you can just use `cybertoken`!
+
+## Anatomy
+
+This is what a cybertoken consists of:
+
+```
+  prefix      base62(n-bytes + v + crc32(n-bytes + v))
+┌────────┐ ┌──────────────────────────────────────────────┐
+myapitoken_161YNJQOaoFoWLaoXeMVHYyrSLhGPOjSBYBtxY6V3GqFFZKV
+```
+
+Explanation:
+
+- `n-bytes` are `n` random bytes, but at least 21 (default: 30), generated by a cryptographically secure random source
+- `v` is a single byte containing the version of the cybertoken format used (currently, only `0x00`)
+- The bytes are concatenated with the version and their CRC32 sum before base62 encoding
+- base62 alphabet used: `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`
+
+[^1]: GitHub's blog post covering this: https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats
+[^2]: More info in Base62: https://en.wikipedia.org/wiki/Base62

package/a.mjs

@@ -0,0 +1,8 @@
+import * as b from "./built/index.js";
+
+const a = b.createTokenGenerator({ prefixWithoutUnderscore: "test" });
+console.log(a.generateToken());
+console.log(a.generateToken());
+console.log(a.generateToken());
+console.log(a.generateToken());
+console.log(a.generateToken());

package/built/cli.d.ts

@@ -0,0 +1 @@
+export {};

package/built/cli.js

@@ -0,0 +1,20 @@
+var _a;
+import { createTokenGenerator } from "./index.js";
+const prefixWithoutUnderscore = (_a = process.argv[2]) !== null && _a !== void 0 ? _a : process.env.CYBERTOKEN_PREFIX;
+if (!prefixWithoutUnderscore) {
+    console.error("Please specify a prefix for the token.");
+    console.error("A prefix must be a non-empty string.");
+    console.error();
+    console.error("Usage:");
+    console.error("  cybertoken <prefix>");
+    console.error();
+    console.error("You can also provide the prefix via the CYBERTOKEN_PREFIX environment variable.");
+    console.error("For example:");
+    console.error("  CYBERTOKEN_PREFIX=foo cybertoken");
+    process.exit(1);
+}
+const tokenGenerator = createTokenGenerator({
+    prefixWithoutUnderscore,
+});
+const token = tokenGenerator.generateToken();
+console.log(token);

package/built/constants.d.ts

@@ -0,0 +1,4 @@
+import baseX from "base-x";
+export declare const alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+export declare const version = 0;
+export declare const base62: baseX.BaseConverter;

package/built/constants.js

@@ -0,0 +1,4 @@
+import baseX from "base-x";
+export const alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+export const version = 0;
+export const base62 = baseX(alphabet);

package/built/crc32.d.ts

@@ -0,0 +1 @@
+export default function crc32(inputBuffer: Uint8Array): Uint8Array;

package/built/crc32.js

@@ -0,0 +1,56 @@
+const table = new Uint32Array([
+    0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
+    0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+    0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
+    0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+    0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+    0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
+    0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+    0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
+    0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
+    0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+    0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
+    0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+    0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+    0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
+    0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+    0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
+    0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
+    0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+    0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
+    0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+    0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+    0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
+    0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+    0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
+    0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
+    0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+    0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
+    0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+    0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+    0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
+    0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+    0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
+    0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
+    0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+    0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
+]);
+export default function crc32(inputBuffer) {
+    const ds = new Uint8Array(inputBuffer);
+    let crc = 0 ^ -1;
+    for (var i = 0; i < ds.length; i++) {
+        crc = (crc >>> 8) ^ table[(crc ^ ds[i]) & 0xff];
+    }
+    const result = new Uint8Array(4);
+    const dv = new DataView(result.buffer);
+    dv.setUint32(0, (crc ^ -1) >>> 0);
+    return result;
+}

package/built/index.d.ts

@@ -0,0 +1,8 @@
+export interface TokenGeneratorOptions {
+    prefixWithoutUnderscore: string;
+    entropyBytes?: number;
+}
+export declare function createTokenGenerator(options: TokenGeneratorOptions): {
+    generateToken: () => string;
+    isTokenString: (value: unknown) => boolean;
+};

package/built/index.js

@@ -0,0 +1,47 @@
+var _a;
+import crc32 from "./crc32.js";
+import { base62, version } from "./constants.js";
+import { getTokenPattern, parseTokenData } from "./parse.js";
+const cryptoServices = (_a = globalThis.crypto) !== null && _a !== void 0 ? _a : require("node:crypto").webcrypto;
+export function createTokenGenerator(options) {
+    var _a;
+    if (!options.prefixWithoutUnderscore) {
+        throw new Error("The `prefixWithoutUnderscore` option is required and must not be an empty string.");
+    }
+    const prefixWithUnderscore = options.prefixWithoutUnderscore + "_";
+    const tokenPattern = getTokenPattern(prefixWithUnderscore);
+    const tokenSecretByteCount = (_a = options.entropyBytes) !== null && _a !== void 0 ? _a : 30;
+    if (tokenSecretByteCount <= 20) {
+        throw new Error("The token secret byte count (`entropyBytes`) must be greater than 20.");
+    }
+    return {
+        generateToken,
+        isTokenString,
+    };
+    function generateToken() {
+        const tokenData = generateTokenData();
+        const encodedData = base62.encode(tokenData);
+        return prefixWithUnderscore + encodedData;
+    }
+    function generateTokenData() {
+        const entropyWithVersion = cryptoServices.getRandomValues(new Uint8Array(tokenSecretByteCount + 1));
+        entropyWithVersion[entropyWithVersion.length - 1] = version;
+        const checksum = crc32(entropyWithVersion);
+        console.assert(checksum.byteLength === 4);
+        const payloadWithChecksum = new Uint8Array(entropyWithVersion.byteLength + checksum.byteLength);
+        payloadWithChecksum.set(entropyWithVersion, 0);
+        payloadWithChecksum.set(checksum, entropyWithVersion.byteLength);
+        console.assert(payloadWithChecksum.length === tokenSecretByteCount + 4 + 1);
+        return payloadWithChecksum;
+    }
+    function isTokenString(value) {
+        if (!value ||
+            typeof value !== "string" ||
+            !value.startsWith(prefixWithUnderscore) ||
+            !tokenPattern.test(value)) {
+            return false;
+        }
+        const tokenData = parseTokenData(value);
+        return !!tokenData && tokenData.isSyntacticallyValid;
+    }
+}

package/built/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/built/index.test.js

@@ -0,0 +1,64 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { test, expect } from "vitest";
+import { createTokenGenerator } from "./index.js";
+test("Instance creation smoke test", () => {
+    createTokenGenerator({
+        prefixWithoutUnderscore: "test",
+    });
+});
+test("Instance creation expect prefix", () => {
+    expect(() => createTokenGenerator({})).toThrowError("The `prefixWithoutUnderscore` option is required and must not be an empty string.");
+});
+test("Instance creation expect proper byte count", () => {
+    expect(() => createTokenGenerator({
+        prefixWithoutUnderscore: "a",
+        entropyBytes: -1,
+    })).toThrowError("The token secret byte count (`entropyBytes`) must be greater than 20.");
+    expect(() => createTokenGenerator({
+        prefixWithoutUnderscore: "a",
+        entropyBytes: 0,
+    })).toThrowError("The token secret byte count (`entropyBytes`) must be greater than 20.");
+    expect(() => createTokenGenerator({
+        prefixWithoutUnderscore: "a",
+        entropyBytes: 19,
+    })).toThrowError("The token secret byte count (`entropyBytes`) must be greater than 20.");
+    expect(() => createTokenGenerator({
+        prefixWithoutUnderscore: "a",
+        entropyBytes: 20,
+    })).toThrowError("The token secret byte count (`entropyBytes`) must be greater than 20.");
+    createTokenGenerator({
+        prefixWithoutUnderscore: "a",
+        entropyBytes: 21,
+    });
+});
+test("Roundtrip syntax check", () => __awaiter(void 0, void 0, void 0, function* () {
+    const g = createTokenGenerator({ prefixWithoutUnderscore: "test" });
+    const token = yield g.generateToken();
+    expect(g.isTokenString(token)).toBe(true);
+}));
+test("Non-happy paths in isTokenString", () => __awaiter(void 0, void 0, void 0, function* () {
+    const g = createTokenGenerator({ prefixWithoutUnderscore: "test" });
+    expect(g.isTokenString()).toBe(false);
+    expect(g.isTokenString(null)).toBe(false);
+    expect(g.isTokenString(undefined)).toBe(false);
+    expect(g.isTokenString("")).toBe(false);
+    expect(g.isTokenString("a")).toBe(false);
+    expect(g.isTokenString("a_")).toBe(false);
+    expect(g.isTokenString("a_1234")).toBe(false);
+    expect(g.isTokenString("test_")).toBe(false);
+    expect(g.isTokenString("test_1234")).toBe(false);
+    expect(g.isTokenString("test_")).toBe(false);
+    expect(g.isTokenString("test_AAAABBBB")).toBe(false);
+    expect(g.isTokenString("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbN")).toBe(false);
+    expect(g.isTokenString("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHd")).toBe(false);
+    expect(g.isTokenString("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHdKNhiyW")).toBe(false);
+    expect(g.isTokenString("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHdKNhiyw")).toBe(true);
+}));

package/built/parse.d.ts

@@ -0,0 +1,10 @@
+export declare function getTokenPattern(prefixWithUnderscore: string): RegExp;
+export interface TokenContents {
+    prefixWithoutUnderscore: string;
+    secret: Uint8Array;
+    version: number;
+    suppliedChecksum: Uint8Array;
+    actualChecksum: Uint8Array;
+    isSyntacticallyValid: boolean;
+}
+export declare function parseTokenData(token: string): TokenContents | undefined;

package/built/parse.js

@@ -0,0 +1,52 @@
+import crc32 from "./crc32.js";
+import { alphabet, base62, version } from "./constants.js";
+export function getTokenPattern(prefixWithUnderscore) {
+    return new RegExp(`^${prefixWithUnderscore}[${alphabet}]+$`);
+}
+export function parseTokenData(token) {
+    if (!token.includes("_")) {
+        return undefined;
+    }
+    const splitData = token.split("_");
+    if (splitData.length !== 2) {
+        return undefined;
+    }
+    const [prefix, encodedTokenData] = splitData;
+    const secretWithVersionAndChecksum = base62.decode(encodedTokenData);
+    if (!secretWithVersionAndChecksum ||
+        secretWithVersionAndChecksum.length <= 4) {
+        return undefined;
+    }
+    const suppliedChecksum = secretWithVersionAndChecksum.slice(secretWithVersionAndChecksum.length - 4);
+    if (suppliedChecksum.length !== 4) {
+        return undefined;
+    }
+    const secretAndVersionBuffer = secretWithVersionAndChecksum.slice(0, secretWithVersionAndChecksum.length - 4);
+    const actualChecksum = crc32(secretAndVersionBuffer);
+    const isSyntacticallyValid = secretAndVersionBuffer.length > 0 &&
+        buffersEqual(suppliedChecksum, actualChecksum);
+    const suppliedVersion = secretAndVersionBuffer[secretAndVersionBuffer.length - 1];
+    if (suppliedVersion !== version) {
+        return undefined;
+    }
+    const secretPayload = secretAndVersionBuffer.slice(0, secretAndVersionBuffer.length - 1);
+    return {
+        version: suppliedVersion,
+        prefixWithoutUnderscore: prefix,
+        secret: secretPayload,
+        suppliedChecksum,
+        actualChecksum,
+        isSyntacticallyValid,
+    };
+}
+function buffersEqual(a, b) {
+    if (a.byteLength !== b.byteLength) {
+        return false;
+    }
+    for (let i = 0; i < a.byteLength; ++i) {
+        if (a[i] !== b[i]) {
+            return false;
+        }
+    }
+    return true;
+}

package/built/parse.test.d.ts

@@ -0,0 +1 @@
+export {};

package/built/parse.test.js

@@ -0,0 +1,35 @@
+import { test, expect } from "vitest";
+import { parseTokenData } from "./parse.js";
+test("Parse token contents", () => {
+    let contents;
+    contents = parseTokenData("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHd");
+    expect(contents).toBeUndefined();
+    contents = parseTokenData("test_");
+    expect(contents).toBeUndefined();
+    contents = parseTokenData("test_abc_def");
+    expect(contents).toBeUndefined();
+    contents = parseTokenData("test_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHdKNhiyw");
+    expect(contents).toEqual({
+        prefixWithoutUnderscore: "test",
+        actualChecksum: new Uint8Array([94, 199, 163, 74]),
+        isSyntacticallyValid: true,
+        secret: new Uint8Array([
+            100, 166, 3, 29, 89, 224, 104, 216, 82, 241, 34, 139, 193, 245, 62, 254,
+            71, 254, 26, 57, 131, 99, 11, 222, 170, 63, 150, 82, 53, 165,
+        ]),
+        suppliedChecksum: new Uint8Array([94, 199, 163, 74]),
+        version: 0,
+    });
+    contents = parseTokenData("randomToken_R67NJs98Lvg5o42CanYRTirswpki3SAsJYbNiDwHdKNhiyw");
+    expect(contents).toEqual({
+        prefixWithoutUnderscore: "randomToken",
+        actualChecksum: new Uint8Array([94, 199, 163, 74]),
+        isSyntacticallyValid: true,
+        secret: new Uint8Array([
+            100, 166, 3, 29, 89, 224, 104, 216, 82, 241, 34, 139, 193, 245, 62, 254,
+            71, 254, 26, 57, 131, 99, 11, 222, 170, 63, 150, 82, 53, 165,
+        ]),
+        suppliedChecksum: new Uint8Array([94, 199, 163, 74]),
+        version: 0,
+    });
+});

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "cybertoken",
+  "version": "1.0.1",
+  "description": "A token format for APIs inspired by the GitHub's API token format.",
+  "author": "Niklas Mollenhauer",
+  "license": "ISC",
+  "type": "module",
+  "main": "built/index.js",
+  "bin": "built/cli.js",
+  "scripts": {
+    "compile": "tsc",
+    "clean": "rimraf built",
+    "docs": "typedoc",
+    "test": "tsc --noEmit && vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest watch --coverage",
+    "prepare": "npm run clean && npm run compile"
+  },
+  "keywords": [
+    "token",
+    "api",
+    "format",
+    "secret",
+    "generator"
+  ],
+  "dependencies": {
+    "base-x": "^4.0.0"
+  },
+  "devDependencies": {
+    "@vitest/coverage-c8": "^0.26.3",
+    "rimraf": "^3.0.2",
+    "typedoc": "^0.23.23",
+    "vitest": "^0.26.3"
+  }
+}