{"id":18337238,"url":"https://github.com/pillarjs/csrf","last_synced_at":"2025-05-15T06:02:29.519Z","repository":{"id":17766580,"uuid":"20627250","full_name":"pillarjs/csrf","owner":"pillarjs","description":"Logic behind CSRF token creation and verification.","archived":false,"fork":false,"pushed_at":"2024-06-02T17:16:24.000Z","size":131,"stargazers_count":308,"open_issues_count":2,"forks_count":32,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-04-07T00:16:13.340Z","etag":null,"topics":["csrf","javascript","nodejs","tokens"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pillarjs.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-08T21:46:35.000Z","updated_at":"2025-04-02T19:41:50.000Z","dependencies_parsed_at":"2024-06-02T19:09:20.215Z","dependency_job_id":null,"html_url":"https://github.com/pillarjs/csrf","commit_stats":{"total_commits":292,"total_committers":10,"mean_commits":29.2,"dds":0.08904109589041098,"last_synced_commit":"a470e1a6f789f2d8648301b23f22874559309e3a"},"previous_names":["expressjs/csrf-tokens"],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pillarjs%2Fcsrf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pillarjs%2Fcsrf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pillarjs%2Fcsrf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pillarjs%2Fcsrf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pillarjs","download_url":"https://codeload.github.com/pillarjs/csrf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248837274,"owners_count":21169373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csrf","javascript","nodejs","tokens"],"created_at":"2024-11-05T20:10:33.753Z","updated_at":"2025-04-14T06:51:53.554Z","avatar_url":"https://github.com/pillarjs.png","language":"JavaScript","readme":"# CSRF\n\n[![NPM Version][npm-version-image]][npm-url]\n[![NPM Downloads][npm-downloads-image]][npm-url]\n[![Node.js Version][node-image]][node-url]\n[![Build Status][ci-image]][ci-url]\n[![Test Coverage][coveralls-image]][coveralls-url]\n\nLogic behind CSRF token creation and verification.\n\nRead [Understanding-CSRF](https://github.com/pillarjs/understanding-csrf)\nfor more information on CSRF. Use this module to create custom CSRF middleware.\n\nLooking for a CSRF framework for your favorite framework that uses this\nmodule?\n\n  * Express/connect: [csurf](https://www.npmjs.com/package/csurf) or\n    [alt-xsrf](https://www.npmjs.com/package/alt-xsrf)\n  * Koa: [koa-csrf](https://www.npmjs.com/package/koa-csrf) or\n    [koa-atomic-session](https://www.npmjs.com/package/koa-atomic-session)\n\n### Install\n\n```sh\n$ npm install csrf\n```\n\n### TypeScript\n\nThis module includes a [TypeScript](https://www.typescriptlang.org/)\ndeclaration file to enable auto complete in compatible editors and type\ninformation for TypeScript projects.\n\n## API\n\n```js\nvar Tokens = require('csrf')\n```\n\n### new Tokens([options])\n\nCreate a new token generation/verification instance. The `options` argument is\noptional and will just use all defaults if missing.\n\n#### Options\n\nTokens accepts these properties in the options object.\n\n##### saltLength\n\nThe length of the internal salt to use, in characters. Internally, the salt\nis a base 62 string. Defaults to `8` characters.\n\n##### secretLength\n\nThe length of the secret to generate, in bytes. Note that the secret is\npassed around base-64 encoded and that this length refers to the underlying\nbytes, not the length of the base-64 string. Defaults to `18` bytes.\n\n#### tokens.create(secret)\n\nCreate a new CSRF token attached to the given `secret`. The `secret` is a\nstring, typically generated from the `tokens.secret()` or `tokens.secretSync()`\nmethods. This token is what you should add into HTML `\u003cform\u003e` blocks and\nexpect the user's browser to provide back.\n\n```js\nvar secret = tokens.secretSync()\nvar token = tokens.create(secret)\n```\n\n#### tokens.secret(callback)\n\nAsynchronously create a new `secret`, which is a string. The secret is to\nbe kept on the server, typically stored in a server-side session for the\nuser. The secret should be at least per user.\n\n```js\ntokens.secret(function (err, secret) {\n  if (err) throw err\n  // do something with the secret\n})\n```\n\n#### tokens.secret()\n\nAsynchronously create a new `secret` and return a `Promise`. Please see\n`tokens.secret(callback)` documentation for full details.\n\n**Note**: To use promises in Node.js _prior to 0.12_, promises must be\n\"polyfilled\" using `global.Promise = require('bluebird')`.\n\n```js\ntokens.secret().then(function (secret) {\n  // do something with the secret\n})\n```\n\n#### tokens.secretSync()\n\nA synchronous version of `tokens.secret(callback)`. Please see\n`tokens.secret(callback)` documentation for full details.\n\n```js\nvar secret = tokens.secretSync()\n```\n\n#### tokens.verify(secret, token)\n\nCheck whether a CSRF token is valid for the given `secret`, returning\na Boolean.\n\n```js\nif (!tokens.verify(secret, token)) {\n  throw new Error('invalid token!')\n}\n```\n\n## License\n\n[MIT](LICENSE)\n\n[ci-image]: https://badgen.net/github/checks/pillarjs/csrf/master?label=ci\n[ci-url]: https://github.com/pillarjs/csrf/actions/workflows/ci.yml\n[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/csrf/master\n[coveralls-url]: https://coveralls.io/r/pillarjs/csrf?branch=master\n[node-image]: https://badgen.net/npm/node/csrf\n[node-url]: https://nodejs.org/en/download\n[npm-downloads-image]: https://badgen.net/npm/dm/csrf\n[npm-url]: https://npmjs.org/package/csrf\n[npm-version-image]: https://badgen.net/npm/v/csrf\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpillarjs%2Fcsrf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpillarjs%2Fcsrf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpillarjs%2Fcsrf/lists"}