@spruceid/siwe-parser

v2.1.0

Parse Messages that conform to EIP-4361: Sign-In with Ethereum (SIWE) For more information about how to use this package see README

Latest version published 8 days ago

License: Apache-2.0

NPM

GitHub

Package Health Score

81 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
2.1.0	\|	04/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.2	\|	10/2022	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.1.3	\|	03/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

Apache-2.0

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (69,011)

GitHub Stars: 963
Forks: 117
Contributors: 20

Direct Usage Popularity

The npm package @spruceid/siwe-parser receives a total of 69,011 downloads a week. As such, we scored @spruceid/siwe-parser popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package @spruceid/siwe-parser, we found that it has been starred 963 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 20
Funding: No

With more than 10 contributors for the @spruceid/siwe-parser repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like @spruceid/siwe-parser is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 17
Open PR: 4
Last Release: 8 days ago
Last Commit: 1 month ago

Further analysis of the maintenance status of @spruceid/siwe-parser based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that @spruceid/siwe-parser demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 2 years
Dependencies: 4 Direct
Versions: 6
Install Size: 36.3 kB
Dist-tags: 1
# of Files: 19
Maintainers: 8
TS Typings: No

@spruceid/siwe-parser has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Sign-In with Ethereum describes how Ethereum accounts authenticate with off-chain services by signing a standard message format parameterized by scope, session details, and security mechanisms (e.g., a nonce). The goals of this specification are to provide a self-custodied alternative to centralized identity providers, improve interoperability across off-chain services for Ethereum-based authentication, and provide wallet vendors a consistent machine-readable message format to achieve improved user experiences and consent management.

Quickstart Examples

To try it out locally, check out these examples:

Motivation

When signing in to popular non-blockchain services today, users will typically use identity providers (IdPs) that are centralized entities with ultimate control over users' identifiers, for example, large internet companies and email providers. Incentives are often misaligned between these parties. Sign-In with Ethereum offers a new self-custodial option for users who wish to assume more control and responsibility over their own digital identity.

Already, many services support workflows to authenticate Ethereum accounts using message signing, such as to establish a cookie-based web session which can manage privileged metadata about the authenticating address. This is an opportunity to standardize the sign-in workflow and improve interoperability across existing services, while also providing wallet vendors a reliable method to identify signing requests as Sign-In with Ethereum requests for improved UX.

This work is sponsored by the Ethereum Foundation and Ethereum Name Service (ENS). It is being developed in the open through a series of recorded community calls and public repositories, and its development is informed by over twenty user interviews with a focus on currently-in-production uses, related prior EIPs, and fits within product roadmaps.

Specification

Specification can be found here.

Disclaimer

Our TypeScript library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

Mono Repo Install and Build

Run npm install to install dependencies, then npm run build to build the library. Development can occur on the package/* level with tests being run on each package itself.

To run all tests: npm run test

@spruceid/siwe-parser dependencies

@noble/hashes apg-js uri-js valid-url

@spruceid/siwe-parser development dependencies

@typescript-eslint/eslint-plugin @typescript-eslint/parser eslint eslint-config-prettier prettier

FAQs

What is @spruceid/siwe-parser?

Parse Messages that conform to EIP-4361: Sign-In with Ethereum (SIWE). Visit Snyk Advisor to see a full health score report for @spruceid/siwe-parser, including popularity, security, maintenance & community analysis.

Is @spruceid/siwe-parser popular?

The npm package @spruceid/siwe-parser receives a total of 69,011 weekly downloads. As such, @spruceid/siwe-parser popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @spruceid/siwe-parser well maintained?

We found that @spruceid/siwe-parser demonstrated a healthy version release cadence and project activity. It has a community of 20 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is @spruceid/siwe-parser safe to use?

The npm package @spruceid/siwe-parser was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 13 April-2024, at 09:58 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP