Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/DeepSourceCorp/shifty
Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.
https://github.com/DeepSourceCorp/shifty
password secrets security web-cryptography-api
Last synced: 7 days ago
JSON representation
Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.
- Host: GitHub
- URL: https://github.com/DeepSourceCorp/shifty
- Owner: DeepSourceCorp
- License: mit
- Created: 2022-02-01T10:46:26.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2023-10-02T00:44:52.000Z (about 1 year ago)
- Last Synced: 2024-04-24T15:19:10.198Z (7 months ago)
- Topics: password, secrets, security, web-cryptography-api
- Language: TypeScript
- Homepage:
- Size: 82 KB
- Stars: 48
- Watchers: 2
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
[](https://deepsource.io/gh/deepsourcelabs/shifty/?ref=repository-badge) [](https://deepsource.io/gh/deepsourcelabs/shifty/?ref=repository-badge)
Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.
## Installation
```sh
yarn add @deepsource/shifty
```
## Usage
> Shifty is built for the browser and won't work with Node. You can use the built-in [crypto](https://nodejs.org/api/crypto.html#crypto) module instead.
```js
import Shifty from "@deepsource/shifty";
const shifty = new Shifty((harden = true), (defaultLength = 16));
shifty.generate((length = 12)); // G8qZt7PEha^s
```
### Options
##### `Shifty`
| Parameter | Default | Description |
| --------------- | ------- | ------------------------------------------------------------------- |
| `harden` | `true` | This flag enables adding special characters in the generated secret |
| `defaultLength` | `16` | Set the default length of the secrets generated |
##### `Shifty.generate`
| Parameter | Default | Description |
| --------- | ---------------------- | ------------------------------------ |
| `length` | `Shifty.defaultLength` | Length of the secret to be generated |
## How it works
The Web Crypto API is an interface allowing a script to use cryptographic primitives in order to build systems using cryptography. This library leverages the Web Crypto API to generate secrets and passwords for the web.
In case the browser does not support the Web Crypto API, the library uses a fallback, it generates the string using Math.random(). This is not cryptographically safe, but is still usable.
The algorithm for generating the password is quite simple
1. Generate a array of 8-bit unsigned integers using Uint8Array
2. Check if the browser crypto API is supported
1. If the browser supports crypto, use the generate array as the seed to fill in with random values using window.crypto.getRandomValues
2. Else use the fallback method, loop over the seed array, for every element, generate a random number between 0 to 255
3. Initalize the secret string
4. Start a while loop, until the length condition is matched
1. Start a for loop over the generated numbers
2. Convert the number to a character using `String.fromCharCode`
3. If the character code is valid, append it to the secret string from step 3
4. If the character limit is satisfied, break. Else, regenerate the seed array from step 2
5. Return the generated string