cybertoken 4.0.4 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/cli.mjs +2 -1
  2. package/dist/index.mjs +52 -1
  3. package/dist/{src-C7ZtxMag.mjs → parse-B28-mi8z.mjs} +1 -51
  4. package/package.json +4 -4
package/dist/cli.mjs CHANGED
@@ -1,5 +1,6 @@
1
1
  #!/usr/bin/env node
2
- import { t as createTokenGenerator } from "./src-C7ZtxMag.mjs";
2
+ import "./parse-B28-mi8z.mjs";
3
+ import { createTokenGenerator } from "./index.mjs";
3
4
 
4
5
  //#region src/cli.ts
5
6
  const prefixWithoutUnderscore = process.argv[2] ?? process.env.CYBERTOKEN_PREFIX;
package/dist/index.mjs CHANGED
@@ -1,3 +1,54 @@
1
- import { t as createTokenGenerator } from "./src-C7ZtxMag.mjs";
1
+ import { a as encode, i as crc32, n as parseTokenData, r as version, t as getTokenPattern } from "./parse-B28-mi8z.mjs";
2
2
 
3
+ //#region src/index.ts
4
+ const prefixCheck = /^[a-zA-Z0-9]+$/;
5
+ /**
6
+ * Creates a new {@link TokenGenerator}.
7
+ * @param {TokenGeneratorOptions} options Options bag.
8
+ */
9
+ function createTokenGenerator(options) {
10
+ if (!options.prefixWithoutUnderscore) throw new Error("The `prefixWithoutUnderscore` option is required and must not be an empty string.");
11
+ if (!prefixCheck.test(options.prefixWithoutUnderscore)) throw new Error("The `prefixWithoutUnderscore` option must only contain alphanumeric characters and underscores.");
12
+ const prefixWithUnderscore = `${options.prefixWithoutUnderscore}_`;
13
+ const tokenPattern = getTokenPattern(prefixWithUnderscore);
14
+ const tokenSecretByteCount = options.entropyBytes ?? 22;
15
+ if (tokenSecretByteCount <= 20) throw new Error("The token secret byte count (`entropyBytes`) must be greater than 20.");
16
+ return {
17
+ generateToken,
18
+ isTokenString
19
+ };
20
+ function generateToken() {
21
+ const tokenData = generateTokenData();
22
+ return prefixWithUnderscore + encode(tokenData);
23
+ }
24
+ /**
25
+ * @remarks As the token generation uses cryptographically secure random numbers, keep in mind that generating a large amount of tokens will block the entire application for a short amount of time (until the entropy pool is filled again).
26
+ * This can lead to a Denial of Service (DoS) attack, so you might want to limit the amount of tokens that can be generated in a short amount of time.
27
+ */
28
+ function generateTokenData() {
29
+ const entropyWithVersion = globalThis.crypto.getRandomValues(new Uint8Array(tokenSecretByteCount + 1));
30
+ entropyWithVersion[entropyWithVersion.length - 1] = version;
31
+ const checksum = crc32(entropyWithVersion);
32
+ console.assert(checksum.byteLength === 4);
33
+ const payloadWithChecksum = new Uint8Array(entropyWithVersion.byteLength + checksum.byteLength);
34
+ payloadWithChecksum.set(entropyWithVersion, 0);
35
+ payloadWithChecksum.set(checksum, entropyWithVersion.byteLength);
36
+ console.assert(payloadWithChecksum.length === tokenSecretByteCount + 4 + 1);
37
+ return payloadWithChecksum;
38
+ }
39
+ /**
40
+ * Function to check if a token is syntactically valid. **Not** used for token validation.
41
+ * You can use this for secret scanning or as a heuristic/optimization before asking some backend whether the token is valid.
42
+ *
43
+ * @param {boolean} value The token candidate to check.
44
+ * @returns `true` if the token is syntactically valid, `false` otherwise.
45
+ */
46
+ function isTokenString(value) {
47
+ if (!value || typeof value !== "string" || !value.startsWith(prefixWithUnderscore) || !tokenPattern.test(value)) return false;
48
+ const tokenData = parseTokenData(value);
49
+ return !!tokenData && tokenData.isSyntacticallyValid;
50
+ }
51
+ }
52
+
53
+ //#endregion
3
54
  export { createTokenGenerator };
package/dist/{src-C7ZtxMag.mjs → parse-B28-mi8z.mjs} RENAMED
@@ -644,54 +644,4 @@ function buffersEqual(a, b) {
644
644
  }
645
645
 
646
646
  //#endregion
647
- //#region src/index.ts
648
- const cryptoServices = globalThis.crypto;
649
- /**
650
- * Creates a new {@link TokenGenerator}.
651
- * @param {TokenGeneratorOptions} options Options bag.
652
- */
653
- function createTokenGenerator(options) {
654
- if (!options.prefixWithoutUnderscore) throw new Error("The `prefixWithoutUnderscore` option is required and must not be an empty string.");
655
- const prefixWithUnderscore = `${options.prefixWithoutUnderscore}_`;
656
- const tokenPattern = getTokenPattern(prefixWithUnderscore);
657
- const tokenSecretByteCount = options.entropyBytes ?? 22;
658
- if (tokenSecretByteCount <= 20) throw new Error("The token secret byte count (`entropyBytes`) must be greater than 20.");
659
- return {
660
- generateToken,
661
- isTokenString
662
- };
663
- function generateToken() {
664
- const tokenData = generateTokenData();
665
- return prefixWithUnderscore + encode(tokenData);
666
- }
667
- /**
668
- * @remarks As the token generation uses cryptographically secure random numbers, keep in mind that generating a large amount of tokens will block the entire application for a short amount of time (until the entropy pool is filled again).
669
- * This can lead to a Denial of Service (DoS) attack, so you might want to limit the amount of tokens that can be generated in a short amount of time.
670
- */
671
- function generateTokenData() {
672
- const entropyWithVersion = cryptoServices.getRandomValues(new Uint8Array(tokenSecretByteCount + 1));
673
- entropyWithVersion[entropyWithVersion.length - 1] = version;
674
- const checksum = crc32(entropyWithVersion);
675
- console.assert(checksum.byteLength === 4);
676
- const payloadWithChecksum = new Uint8Array(entropyWithVersion.byteLength + checksum.byteLength);
677
- payloadWithChecksum.set(entropyWithVersion, 0);
678
- payloadWithChecksum.set(checksum, entropyWithVersion.byteLength);
679
- console.assert(payloadWithChecksum.length === tokenSecretByteCount + 4 + 1);
680
- return payloadWithChecksum;
681
- }
682
- /**
683
- * Function to check if a token is syntactically valid. **Not** used for token validation.
684
- * You can use this for secret scanning or as a heuristic/optimization before asking some backend whether the token is valid.
685
- *
686
- * @param {boolean} value The token candidate to check
687
- * @returns `true` if the token is syntactically valid, `false` otherwise.
688
- */
689
- function isTokenString(value) {
690
- if (!value || typeof value !== "string" || !value.startsWith(prefixWithUnderscore) || !tokenPattern.test(value)) return false;
691
- const tokenData = parseTokenData(value);
692
- return !!tokenData && tokenData.isSyntacticallyValid;
693
- }
694
- }
695
-
696
- //#endregion
697
- export { createTokenGenerator as t };
647
+ export { encode as a, crc32 as i, parseTokenData as n, version as r, getTokenPattern as t };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cybertoken",
3
- "version": "4.0.4",
3
+ "version": "5.0.1",
4
4
  "description": "A token format for APIs inspired by the GitHub's API token format.",
5
5
  "author": "Niklas Mollenhauer",
6
6
  "license": "ISC",
@@ -29,10 +29,10 @@
29
29
  "generator"
30
30
  ],
31
31
  "devDependencies": {
32
- "@biomejs/biome": "^2.3.12",
33
- "@types/node": "^25.0.10",
32
+ "@biomejs/biome": "^2.3.14",
33
+ "@types/node": "^25.2.2",
34
34
  "expect": "^30.2.0",
35
- "tsdown": "^0.20.1",
35
+ "tsdown": "^0.20.3",
36
36
  "typedoc": "^0.28.16"
37
37
  },
38
38
  "engines": {