dignity.js 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -13,10 +13,9 @@
13
13
  <p align="center">
14
14
  <a href="https://www.npmjs.com/package/dignity.js"><img src="https://img.shields.io/npm/v/dignity.js?color=cb3837&label=npm" alt="npm version"></a>
15
15
  <a href="https://www.npmjs.com/package/dignity.js"><img src="https://img.shields.io/npm/dm/dignity.js?color=blue" alt="npm downloads"></a>
16
- <img src="https://img.shields.io/badge/tests-29%20passing-brightgreen" alt="tests passing">
17
- <img src="https://img.shields.io/badge/coverage-88%25-brightgreen" alt="coverage">
18
- <img src="https://img.shields.io/badge/license-MIT-black" alt="license">
19
- <img src="https://img.shields.io/badge/minified-51KB-purple" alt="bundle size">
16
+ <img src="https://img.shields.io/badge/tests-122%20passing-brightgreen" alt="tests passing">
17
+ <img src="https://img.shields.io/badge/coverage-97%25-brightgreen" alt="coverage">
18
+ <img src="https://img.shields.io/badge/license-Apache%202.0-black" alt="license">
20
19
  </p>
21
20
 
22
21
  REST-like P2P object API for decentralized JavaScript applications.
@@ -35,7 +34,7 @@ REST-like P2P object API for decentralized JavaScript applications.
35
34
  - default `powSteps: 22` (calibrated on this machine to about 1000ms)
36
35
  - automatic peer ban on invalid signature/PoW (`48h` default)
37
36
  - Team/subapp scoped broadcast passwords (`broadcastScope` + `broadcastPasswords`)
38
- - Browser-first distribution with minified build (`dist/dignity.min.js`)
37
+ - Browser-first: published npm package includes IIFE, ESM, and CJS builds
39
38
 
40
39
  ## Install
41
40
 
@@ -146,15 +145,9 @@ bob.registerPeerPublicKey('alice', alice.getPublicKey());
146
145
  await alice.sendDirectMessage('bob', 'dm', { text: 'private payload' });
147
146
  ```
148
147
 
149
- ## Browser Builds
148
+ ## Browser Usage
150
149
 
151
- Generated artifacts:
152
-
153
- - `dist/dignity.min.js` (IIFE, global `DignityJS`)
154
- - `dist/dignity.esm.js` (ESM)
155
- - `dist/dignity.cjs.js` (CommonJS)
156
-
157
- Example with CDN:
150
+ The published npm package includes pre-built bundles (IIFE, ESM, CJS) generated at publish time. The `dist/` folder is not checked into the repository.
158
151
 
159
152
  ```html
160
153
  <script src="https://unpkg.com/dignity.js/dist/dignity.min.js"></script>
@@ -163,6 +156,32 @@ Example with CDN:
163
156
  </script>
164
157
  ```
165
158
 
159
+ ## Security Model
160
+
161
+ `dignity.js` provides two encryption modes:
162
+
163
+ - **Direct mode** (`targetId` set): true end-to-end encryption using X25519 key exchange between sender and recipient. Only the intended recipient can decrypt.
164
+ - **Broadcast mode** (no `targetId`): symmetric encryption using a shared password. All peers that know the password can decrypt all broadcast traffic in that scope. This is a **group shared-secret cipher**, not end-to-end encryption.
165
+
166
+ Broadcast encryption uses PBKDF2-SHA256 (default 100,000 iterations) with a random salt per message to derive the symmetric key. This protects against offline brute-force of weak passwords. The iteration count is configurable via `kdfIterations`.
167
+
168
+ Messages from peers running older versions that used the legacy single-hash KDF are still accepted and decrypted automatically (backward compatible).
169
+
170
+ **Important:** if the broadcast password leaks, all past captured traffic for that scope is retroactively decryptable. For sensitive data, use direct mode with per-peer public keys.
171
+
172
+ ## Signaling Servers
173
+
174
+ Default signaling URLs include PeerJS-compatible public endpoints:
175
+
176
+ - `wss://peerjs.92k.de/peerjs?key=peerjs`
177
+ - `wss://0.peerjs.com/peerjs?key=peerjs`
178
+
179
+ You can also deploy your own server with [peerjs-server](https://github.com/peers/peerjs-server) and point `createDefaultSignalingPool` (or `WebSocketSignalingProvider`) to your own `wss://.../peerjs?key=...` URL.
180
+
181
+ Compatibility note:
182
+ - `dignity.js` now includes a dedicated `PeerJSSignalingProvider` backed by the official `peerjs` client for PeerJS protocol compatibility.
183
+ - In non-WebRTC runtimes (for example Node test runners), it automatically falls back to WebSocket transport checks for connectivity testing.
184
+
166
185
  ## Development
167
186
 
168
187
  ```bash
@@ -185,11 +204,11 @@ npm run test:pow-calibrate
185
204
  ## Publish
186
205
 
187
206
  ```bash
188
- npm test
189
- npm run build
190
207
  npm publish --access public
191
208
  ```
192
209
 
210
+ The `prepublishOnly` script runs tests and build automatically.
211
+
193
212
  ## License
194
213
 
195
- Apache 2.0
214
+ Apache 2.0 — see [LICENSE](LICENSE).