phrasekit 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -17,6 +17,27 @@ I loved the privacy of **Mullvad VPN** and found their anonymous account system
|
|
|
17
17
|
- **Words are better than numbers:** They are easier to read, remember, and type, especially with autocomplete.
|
|
18
18
|
- **Passphrase is a secret, not an identity:** Unlike Mullvad's static account IDs, here a passphrase is more like a "password without a username". It generates a unique Hash ID for your database, but you can allow users to rotate or reset their phrases if needed.
|
|
19
19
|
- **Privacy by design:** No emails, phone numbers or names. Just words.
|
|
20
|
+
- **No identity, no liability:** If there's nothing personal to store, there's nothing to leak, hand over, or protect.
|
|
21
|
+
|
|
22
|
+
## 🔐 Privacy by Law, Not Just by Design
|
|
23
|
+
|
|
24
|
+
Most auth systems collect personal data by default — emails, names, phone numbers.
|
|
25
|
+
This creates legal obligations under **GDPR** and **152-FZ**: secure storage,
|
|
26
|
+
breach reporting, and government handover on request.
|
|
27
|
+
|
|
28
|
+
**phrasekit** eliminates this at the root. There's nothing to hand over and expose,
|
|
29
|
+
because there's nothing to store.
|
|
30
|
+
|
|
31
|
+
> ⚠️ **This library uses SHA-256 for hashing. This is intentional.
|
|
32
|
+
> phrasekit is not designed for services that store personal data.
|
|
33
|
+
> If your users have no identity — there's nothing sensitive to protect.
|
|
34
|
+
> For traditional auth with personal data, use bcrypt/Argon2.**
|
|
35
|
+
|
|
36
|
+
**Natural fit for:**
|
|
37
|
+
|
|
38
|
+
- VPN and proxy services
|
|
39
|
+
- Anonymous social platforms
|
|
40
|
+
- Any service where privacy is a legal requirement
|
|
20
41
|
|
|
21
42
|
## 📦 Installation
|
|
22
43
|
|
|
@@ -43,10 +64,7 @@ const phraseHash = await phrase.hash("your-app-salt");
|
|
|
43
64
|
// 3. Authenticate user input
|
|
44
65
|
// Use .suggest() for your UI autocomplete
|
|
45
66
|
const search = "app";
|
|
46
|
-
const suggestions = phrasekit.suggest(search);
|
|
47
|
-
// ['apple', 'apply', 'appoint', ...]
|
|
48
|
-
|
|
49
|
-
// 4. Authenticate user input
|
|
67
|
+
const suggestions = phrasekit.suggest(search); // ['apple', 'apply', 'appoint', ...]
|
|
50
68
|
try {
|
|
51
69
|
const userPhrase = phrasekit.from(
|
|
52
70
|
"glider confirm armhole swoop lacing lemon",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "phrasekit",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"description": "A lightweight, zero-dependency TypeScript library for generating and managing secure word-based keys. Inspired by Mullvad VPN, but made more human.",
|
|
5
5
|
"author": "Aria Lume <thearialume@gmail.com> (https://github.com/thearialume)",
|
|
6
6
|
"license": "MIT",
|