{"id":34922220,"url":"https://github.com/besoeasy/daku","last_synced_at":"2026-01-20T17:02:33.528Z","repository":{"id":329791633,"uuid":"1111413937","full_name":"besoeasy/daku","owner":"besoeasy","description":"Leave no trace. Just authenticate.","archived":false,"fork":false,"pushed_at":"2025-12-31T23:19:53.000Z","size":114,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-05T12:19:22.918Z","etag":null,"topics":["authentication","no-email","passwordless"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/daku","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/besoeasy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-06T22:15:01.000Z","updated_at":"2025-12-31T23:19:57.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/besoeasy/daku","commit_stats":null,"previous_names":["besoeasy/daku"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/besoeasy/daku","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/besoeasy%2Fdaku","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/besoeasy%2Fdaku/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/besoeasy%2Fdaku/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/besoeasy%2Fdaku/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/besoeasy","download_url":"https://codeload.github.com/besoeasy/daku/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/besoeasy%2Fdaku/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28607624,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T16:10:39.856Z","status":"ssl_error","status_checked_at":"2026-01-20T16:10:39.493Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","no-email","passwordless"],"created_at":"2025-12-26T13:52:44.025Z","updated_at":"2026-01-20T17:02:33.522Z","avatar_url":"https://github.com/besoeasy.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DAKU\n\n\u003e **Anonymous authentication \u0026 encryption. Zero personal data. One library.**\n\n**DAKU** (Punjabi for \"bandits\") is a minimal cryptographic toolkit for building passwordless, privacy-first applications. No emails, no passwords, no databases of credentials to breach.\n\n```bash\nnpm install daku\n```\n\n---\n\n## Why DAKU?\n\n| Traditional Auth | DAKU |\n|------------------|------|\n| Store emails \u0026 passwords | Just verify signatures |\n| Hash passwords, manage resets | No passwords exist |\n| GDPR compliance headaches | No PII collected |\n| Database = honeypot for hackers | Nothing sensitive to steal |\n| OAuth complexity | 3 functions to authenticate |\n\n```javascript\nimport { generateKeyPair, createAuth, verifyAuth } from \"daku\";\n\n// User creates identity (client-side, once)\nconst { privateKey, publicKey } = generateKeyPair();\n\n// User logs in (client-side)\nconst token = await createAuth(privateKey);\n\n// Server verifies (server-side)\nconst userId = await verifyAuth(token);  // Returns publicKey or null\n```\n\n**That's it.** No signup forms, no email verification, no password resets.\n\n---\n\n## What DAKU Offers\n\n### 🔑 Identity\n```javascript\ngenerateKeyPair()              // Create new keypair identity\ngetPublicKey(privateKey)       // Derive public key from private\ngetUsername(publicKey)         // Human-readable name like \"oceanrunning4523\"\n```\n\n### 🎫 Authentication\n```javascript\ncreateAuth(privateKey, pow?)   // Create login token (with spam protection)\nverifyAuth(token, pow?)        // Verify token, returns publicKey or null\n```\n\n### ✍️ Signatures\n```javascript\nsign(message, privateKey, pow?)      // Sign any data\nverify(message, sig, publicKey, pow?)  // Verify signature\nsha256(message)                      // SHA-256 hash\n```\n\n### 🔐 E2E Encryption\n```javascript\nderiveSharedSecret(myPrivate, theirPublic)  // ECDH key agreement\nencrypt(plaintext, key)                      // AES-256-GCM encrypt\ndecrypt(ciphertext, key)                     // AES-256-GCM decrypt\n```\n\n---\n\n## 20+ Use Cases\n\n| # | Use Case |\n|---|----------|\n| 1 | **Anonymous chat apps** — Users communicate without revealing identity or phone numbers |\n| 2 | **Passwordless API authentication** — Clients sign requests instead of using API keys |\n| 3 | **End-to-end encrypted messaging** — Private conversations only sender and receiver can read |\n| 4 | **Anonymous feedback systems** — Collect honest feedback without identifying who submitted it |\n| 5 | **Whistleblower platforms** — Secure, anonymous submission of sensitive information to journalists |\n| 6 | **Decentralized identity** — Users own their identity, no central authority controls access |\n| 7 | **IoT device authentication** — Devices authenticate without passwords or certificate authorities |\n| 8 | **Wallet-based login** — Same keys work with Bitcoin/Ethereum ecosystems (secp256k1) |\n| 9 | **Document signing** — Cryptographically sign contracts, agreements, or any digital document |\n| 10 | **Anonymous voting systems** — Verify votes are legitimate without revealing who voted |\n| 11 | **Encrypted file sharing** — Share files that only intended recipients can decrypt |\n| 12 | **Private note-taking apps** — Notes encrypted locally, unreadable even if server breached |\n| 13 | **Spam-resistant forms** — Proof-of-work prevents bots from mass-submitting without CAPTCHAs |\n| 14 | **Multiplayer game authentication** — Players authenticate without creating accounts or emails |\n| 15 | **Anonymous support tickets** — Users get help without revealing personal information |\n| 16 | **Secure configuration sharing** — Share secrets between team members with E2E encryption |\n| 17 | **Timestamped proof of existence** — Sign documents to prove they existed at specific time |\n| 18 | **Private health apps** — Health data stays encrypted, only user can access it |\n| 19 | **Anonymous marketplace** — Buy/sell without linking transactions to real identity |\n| 20 | **Encrypted backups** — Backup data that only you can restore, even on untrusted storage |\n| 21 | **CLI tool authentication** — Command-line tools authenticate without browser OAuth flows |\n| 22 | **Peer-to-peer apps** — Direct encrypted communication between users without servers |\n| 23 | **Private analytics** — Collect anonymous usage data without tracking individuals |\n| 24 | **Secure team collaboration** — Group encryption for team channels and shared documents |\n\n---\n\n## How It Works\n\n### Authentication Flow\n```\n┌─────────────────────────────────────────────────────────────┐\n│ CLIENT                                                      │\n│                                                             │\n│  1. First visit: generateKeyPair() → save privateKey        │\n│  2. Login: createAuth(privateKey) → token                   │\n│  3. Send token to server                                    │\n└─────────────────────────────────────────────────────────────┘\n                            │\n                            ▼\n┌─────────────────────────────────────────────────────────────┐\n│ SERVER                                                      │\n│                                                             │\n│  1. verifyAuth(token) → publicKey (user ID)                 │\n│  2. publicKey is the unique, permanent user identifier      │\n│  3. No passwords, no emails, no database of credentials     │\n└─────────────────────────────────────────────────────────────┘\n```\n\n### E2E Encryption Flow\n```\nAlice                                          Bob\n  │                                             │\n  │  1. deriveSharedSecret(alice.priv, bob.pub) │\n  │     ═══════════════════════════════════     │\n  │         (Both derive SAME secret)           │\n  │     ═══════════════════════════════════     │\n  │  2. deriveSharedSecret(bob.priv, alice.pub) │\n  │                                             │\n  │  3. encrypt(\"Hello\", secret) ──────────────►│\n  │                              ◄──────────────│ 4. decrypt(cipher, secret)\n  │                                             │\n  └─────────────────────────────────────────────┘\n        Only Alice \u0026 Bob can read messages\n```\n\n### Group Encryption\n```javascript\nimport { deriveSharedSecret, encrypt, decrypt } from \"daku\";\nimport crypto from \"node:crypto\";\n\n// Admin creates group key (just random 32 bytes)\nconst groupKey = crypto.randomBytes(32).toString(\"hex\");\n\n// Distribute to each member securely\nfor (const member of members) {\n  const secret = deriveSharedSecret(admin.privateKey, member.publicKey);\n  const encryptedKey = await encrypt(groupKey, secret);\n  // Send encryptedKey to member\n}\n\n// Member decrypts their copy\nconst memberSecret = deriveSharedSecret(member.privateKey, admin.publicKey);\nconst groupKey = await decrypt(encryptedKey, memberSecret);\n\n// Everyone encrypts/decrypts with the shared group key\nconst message = await encrypt(\"Hello group!\", groupKey);\n```\n\n---\n\n## Security\n\n| Feature | Implementation |\n|---------|----------------|\n| **Signatures** | secp256k1 ECDSA (same as Bitcoin/Ethereum) |\n| **Encryption** | AES-256-GCM with random 96-bit IV |\n| **Key Exchange** | ECDH (Elliptic Curve Diffie-Hellman) |\n| **Hashing** | SHA-256 |\n| **Spam Protection** | Proof-of-work (configurable difficulty) |\n| **Token Expiry** | Auth tokens valid for 1 minute only |\n\n### What DAKU Protects Against\n- ✅ Password breaches (no passwords exist)\n- ✅ Credential stuffing (nothing to stuff)\n- ✅ Phishing (no credentials to phish)\n- ✅ Database leaks (no PII stored)\n- ✅ Replay attacks (1-minute token expiry)\n- ✅ Spam/bots (proof-of-work)\n- ✅ Man-in-the-middle (E2E encryption)\n\n### User Responsibilities\n- 🔑 Users must securely store their private key\n- 🔑 Lost private key = lost identity (no recovery)\n- 🔑 Compromised private key = compromised identity\n\n---\n\n## Examples\n\n### Express.js Middleware\n```javascript\nimport { verifyAuth, getUsername } from \"daku\";\n\nasync function authMiddleware(req, res, next) {\n  const token = req.headers.authorization?.replace(\"Bearer \", \"\");\n  \n  const publicKey = await verifyAuth(token);\n  if (!publicKey) {\n    return res.status(401).json({ error: \"Unauthorized\" });\n  }\n  \n  req.userId = publicKey;\n  req.username = getUsername(publicKey);\n  next();\n}\n```\n\n### React Login\n```javascript\nimport { generateKeyPair, createAuth } from \"daku\";\n\nfunction useAuth() {\n  const login = async () =\u003e {\n    let privateKey = localStorage.getItem(\"privateKey\");\n    \n    if (!privateKey) {\n      const keys = generateKeyPair();\n      privateKey = keys.privateKey;\n      localStorage.setItem(\"privateKey\", privateKey);\n    }\n    \n    const token = await createAuth(privateKey);\n    return fetch(\"/api/login\", {\n      headers: { Authorization: `Bearer ${token}` }\n    });\n  };\n  \n  return { login };\n}\n```\n\n### Encrypted Chat\n```javascript\nimport { deriveSharedSecret, encrypt, decrypt } from \"daku\";\n\n// Both users derive the same shared secret\nconst secret = deriveSharedSecret(myPrivateKey, theirPublicKey);\n\n// Send encrypted message\nconst encrypted = await encrypt(\"Hello!\", secret);\nws.send(encrypted);\n\n// Receive and decrypt\nws.onmessage = async (e) =\u003e {\n  const message = await decrypt(e.data, secret);\n  console.log(message);\n};\n```\n\n---\n\n## API Reference\n\n### `generateKeyPair()`\nCreates a new secp256k1 keypair.\n```javascript\nconst { privateKey, publicKey } = generateKeyPair();\n// privateKey: 64-char hex (keep secret!)\n// publicKey: 66-char hex (share freely)\n```\n\n### `getPublicKey(privateKey)`\nDerives public key from private key.\n```javascript\nconst publicKey = getPublicKey(privateKey);\n```\n\n### `getUsername(publicKey)`\nGenerates a deterministic human-readable username.\n```javascript\nconst name = getUsername(publicKey); // \"oceanrunning4523\"\n```\n\n### `createAuth(privateKey, pow?)`\nCreates a signed authentication token. Default POW difficulty is 2.\n```javascript\nconst token = await createAuth(privateKey);\nconst token = await createAuth(privateKey, 3); // Higher difficulty\n```\n\n### `verifyAuth(token, pow?)`\nVerifies an auth token. Returns `publicKey` on success, `null` on failure.\n```javascript\nconst publicKey = await verifyAuth(token);\nif (publicKey) {\n  // Authenticated! publicKey is the user ID\n}\n```\n\n### `sign(message, privateKey, pow?)`\nSigns a message with proof-of-work.\n```javascript\nconst sig = await sign(\"Hello\", privateKey);\n// { signature: \"...\", pow: 123 }\n```\n\n### `verify(message, signatureData, publicKey, pow?)`\nVerifies a signature.\n```javascript\nconst isValid = await verify(\"Hello\", sig, publicKey);\n```\n\n### `sha256(message)`\nSHA-256 hash.\n```javascript\nconst hash = await sha256(\"Hello\"); // Uint8Array(32)\n```\n\n### `deriveSharedSecret(myPrivateKey, theirPublicKey)`\nECDH key agreement. Both parties derive the same secret.\n```javascript\nconst secret = deriveSharedSecret(alice.privateKey, bob.publicKey);\n// Same as: deriveSharedSecret(bob.privateKey, alice.publicKey)\n```\n\n### `encrypt(plaintext, key)`\nAES-256-GCM encryption.\n```javascript\nconst ciphertext = await encrypt(\"Secret message\", sharedSecret);\n```\n\n### `decrypt(ciphertext, key)`\nAES-256-GCM decryption. Returns `null` on failure.\n```javascript\nconst plaintext = await decrypt(ciphertext, sharedSecret);\n```\n\n---\n\n## Comparison\n\n| Feature | DAKU | Passport.js | Auth0 | Firebase Auth |\n|---------|------|-------------|-------|---------------|\n| No passwords | ✅ | ❌ | ❌ | ❌ |\n| No email required | ✅ | ❌ | ❌ | ❌ |\n| No database needed | ✅ | ❌ | ❌ | ❌ |\n| E2E encryption | ✅ | ❌ | ❌ | ❌ |\n| Self-hosted | ✅ | ✅ | ❌ | ❌ |\n| Zero dependencies* | ✅ | ❌ | ❌ | ❌ |\n| Works offline | ✅ | ❌ | ❌ | ❌ |\n| Bundle size | ~50KB | ~200KB | SDK required | SDK required |\n\n*Only 2 peer dependencies: `@noble/secp256k1` and `@noble/hashes`\n\n---\n\n## Installation\n\n```bash\nnpm install daku\n```\n\n**Requirements:** Node.js 16+ or modern browser\n\n---\n\n## License\n\nISC © [besoeasy](https://github.com/besoeasy)\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eLeave no trace. Just authenticate.\u003c/b\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbesoeasy%2Fdaku","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbesoeasy%2Fdaku","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbesoeasy%2Fdaku/lists"}