{"id":13703129,"url":"https://github.com/passwordless-id/webauthn","last_synced_at":"2026-02-09T18:09:02.921Z","repository":{"id":60091820,"uuid":"523630008","full_name":"passwordless-id/webauthn","owner":"passwordless-id","description":"Webauthn / passkeys helper library to make your life easier. Client side, server side and demo included.","archived":false,"fork":false,"pushed_at":"2025-03-12T13:18:50.000Z","size":2298,"stargazers_count":513,"open_issues_count":1,"forks_count":58,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-12T14:25:02.697Z","etag":null,"topics":["authentication","passkeys","passwordless","webauthn"],"latest_commit_sha":null,"homepage":"https://webauthn.passwordless.id","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/passwordless-id.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"passwordless-id"}},"created_at":"2022-08-11T07:41:33.000Z","updated_at":"2025-03-12T13:18:47.000Z","dependencies_parsed_at":"2024-01-25T04:47:45.297Z","dependency_job_id":"5dac4438-46f9-41a5-b8c8-7b244c861136","html_url":"https://github.com/passwordless-id/webauthn","commit_stats":{"total_commits":62,"total_committers":4,"mean_commits":15.5,"dds":0.09677419354838712,"last_synced_commit":"989001b8329efb4ce68d73e1d83924b1eb7d2bfb"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passwordless-id%2Fwebauthn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passwordless-id%2Fwebauthn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passwordless-id%2Fwebauthn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passwordless-id%2Fwebauthn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/passwordless-id","download_url":"https://codeload.github.com/passwordless-id/webauthn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252458325,"owners_count":21751017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","passkeys","passwordless","webauthn"],"created_at":"2024-08-02T21:00:50.768Z","updated_at":"2026-02-09T18:09:02.913Z","avatar_url":"https://github.com/passwordless-id.png","language":"TypeScript","funding_links":["https://github.com/sponsors/passwordless-id"],"categories":["Server Libraries","TypeScript"],"sub_categories":[],"readme":"@passwordless-id/webauthn\n=========================\n\n[![NPM Version](https://img.shields.io/npm/v/%40passwordless-id%2Fwebauthn)](https://www.npmjs.com/package/@passwordless-id/webauthn)\n[![npm bundle size](https://img.shields.io/bundlephobia/minzip/@passwordless-id/webauthn)](https://bundlephobia.com/package/@passwordless-id/webauthn)\n[![NPM Downloads](https://img.shields.io/npm/dm/%40passwordless-id%2Fwebauthn)](https://www.npmjs.com/package/@passwordless-id/webauthn)\n[![GitHub Repo stars](https://img.shields.io/github/stars/passwordless-id/webauthn)](https://github.com/passwordless-id/webauthn)\n[![GitHub Sponsors](https://img.shields.io/github/sponsors/passwordless-id?style=social\u0026logo=githubsponsors)](https://github.com/sponsors/passwordless-id)\n\n\n![banner](docs/img/banner-biometric-auth.svg)\n\n\n\u003e This library greatly simplifies the usage of **passkeys** by invoking the [WebAuthn protocol](https://w3c.github.io/webauthn/) more conveniently. It is [open source](https://github.com/passwordless-id/webauthn), opinionated, dependency-free and minimalistic.\n\u003e\n\u003e This library is provided by [Passwordless.ID](https://passwordless.id), a free public identity provider.\n\n\n\n\n\n\n\n\n👀 Demos\n---------\n\n- [Basic Demo](https://webauthn.passwordless.id/demos/basic.html)\n- [Passkeys autocomplete](https://webauthn.passwordless.id/demos/conditional-ui.html)\n- [Testing Playground](https://webauthn.passwordless.id/demos/playground.html)\n- [Authenticators list](https://webauthn.passwordless.id/demos/authenticators.html)\n- [Docs](https://webauthn.passwordless.id)\n  \nThese demos are plain HTML/JS, not minimized. Just open the sources in your browser if you are curious.\n\n\n\n📦 Installation\n----------------\n\n### Modules (recommended)\n\n```bash\nnpm install @passwordless-id/webauthn\n```\n\nThe base package contains both client and server side modules. You can import the `client` submodule or the `server` depending on your needs.\n\n```js\nimport {client} from '@passwordless-id/webauthn'\nimport {server} from '@passwordless-id/webauthn'\n```\n\n*Note: the brackets in the import are important!*\n\n### Alternatives\n\nFor **browsers**, it can be imported using a CDN link in the page, or even inside the script itself.\n\n```html\n\u003cscript type=\"module\"\u003e\n  import { client } from 'https://cdn.jsdelivr.net/npm/@passwordless-id/webauthn';\n\u003c/script\u003e\n```\n\nLastly, a **CommonJS** variant is also available for old Node stacks, to be imported using `require('@passwordless-id/webauthn')`. It's usage is discouraged though, in favor of the default ES modules.\n\nNote that at least NodeJS **19+** is necessary. (The reason is that previous Node versions had no `WebCrypto` being globally available, making it impossible to have a \"universal build\")\n\n\n🚀 Getting started\n-------------------\n\nThere are multiple ways to use and invoke the WebAuthn protocol.\nWhat follows is just an example of the most straightforward use case. \n\n### Registration\n\n```\nimport {client} from '@passwordless-id/webauthn'\nawait client.register({\n  challenge: 'a random base64url encoded buffer from the server',\n  user: 'John Doe'\n})\n```\n\nBy default, this registers a passkey on any authenticator (local or roaming) with `preferred` user verification. For further options, see [\u0026rarr; Registration docs](https://webauthn.passwordless.id/registration/)\n\n\n### Authentication\n\n```\nimport {client} from '@passwordless-id/webauthn'\nawait client.authenticate({\n  challenge: 'a random base64url encoded buffer from the server'\n})\n```\n\nBy default, this triggers the native passkey selection dialog, for any authenticator (local or roaming) and with  `preferred` user verification. For further options, see [\u0026rarr; Authentication docs](https://webauthn.passwordless.id/authentication/)\n\n\n### Verification\n\n```\nimport {server} from '@passwordless-id/webauthn'\nawait server.verifyRegistration(registration, expected)\nawait server.verifyAuthentication(authentication, expected)\n```\n\n[\u0026rarr; Verification docs](https://webauthn.passwordless.id/verification/)\n\n\u003c!--\n\n🛠️ A tool vs a solution\n------------------------\n\nThis library is a tool to implement passkeys for your website. Whether it is the main mechanism or to improve an existing authentication system, it is flexible enough to do both. However, you may also need to...\n\n- Register multiple authenticators per account\n- Verify e-mail address upon registration\n- Have account recovery mechanisms\n- Detect suspicious activity\n- Upload a user portrait\n- Manage the user profile\n- ...and so on\n\nBasically, this library is just a tool to realize something bigger. If you just want to \"register\" and \"authenticate\" users without dealing with the intricacies, a \"solution\" like [Passwordless.ID](https://passwordless.id) would be more suited. It's free and (soon) open source too, so there is no need for you to re-invent the wheel.\n\n--\u003e\n\n📃 Changelog\n-------------\n\nThe version 2 introduced breaking changes, different default behavior and different intermediate format. Basically, it's a complete overhaul and to understand \"why\" this version 2 was made, I recommend reading this [blog post](https://blog.passwordless.id/passkeys-webauthn-library-v20-is-there#heading-why-a-version-2). In a very summarized way, it is to enhance support for security keys by default, reflect latest changes in the underlying specs and improve cross-compatibility with other server side libraries.\n\nSome core changes are:\n\n- Use platform authenticator by default =\u003e authenticator selection pops up by default\n- `authenticatorType` was removed =\u003e use `hints` instead\n- User verification default: `required` =\u003e `preferred`\n- Timeout: 1 minute =\u003e no timeout\n- Response format changed\n- Transports as part of `allowCredentials`\n\nThe docs for the legacy version 1.x are found [here](https://webauthn.passwordless.id/version-1)\n\n\n\n✅ Supported Platforms\n-----------------------\n\n### Client side:\n\n- ✅ Chrome\n- ✅ Edge\n- ✅ Firefox\n- ✅ Safari\n- ✅ Opera\n- ❌ (old) Internet Explorer 11\n\n\u003e Basically, it supports all browsers that support *WebAuthn* API including the `getPublicKey()` and `getPublicKeyAlgorithm()` methods. Note that it might also depend on the password manager used, which will also be supported as long as it is specification compliant.\n\n\n### Server side:\n\n- ✅ NodeJS 19+\n- ✅ Cloudflare Workers\n- ✅ All other JS platforms that support *WebCrypto* API\n- ✅ All other server side libraries of other programming languages, as long as they use the default payload generated by the WebAuthn API.\n\n\u003e Note: apparently, native iOS / macOS clients written in Switft are not compatible with the *server-side* part of this library, as they do not provide the `publicKey` and `publicKeyAlgorithm` properties during registration in the first place. See [#95](https://github.com/passwordless-id/webauthn/issues/95).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpasswordless-id%2Fwebauthn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpasswordless-id%2Fwebauthn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpasswordless-id%2Fwebauthn/lists"}