@getanthill/sec

Anthill project security package

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
@getanthill/sec
0.4.04 months ago2 years agoMinified + gzip package size for @getanthill/sec in KB

Readme

getanthill Security Layer
pipeline Quality Gate Status
Coverage Vulnerabilities Security Rating

Getting Started

First, you need install the package:
npm install -S @getanthill/sec

Then, your client can follow the steps to register or signin a user to your app, then activate MFA validation.
// 1. Signin part:
const tokens = auth.getTokens(email, password);

// 2. MFA Setup part: (only on registration)
// Master key generation #keep-it-secret-keep-it-safe
const masterKey = otp.generateMasterKey();
// Secret key generation from Master key
const secretKey = otp.generateSecretFromMaster(masterKey);

// Validate MFA:
const isValid = otp.verify('123456', secretKey);

// Create the store:
const store = new Store(tokens.encryption, secretKey);

// Manage your data as always:
store.data = { hello: 'world' }; // Always encrypted data

Roadmap

  • x Implements the Data Privacy Security Layer by default described here:
https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
  • x Implements TOTP
  • Implements the QRCode generation part