Back to Explore

crouchcd/pkce-challenge

GitHub
1 watchersOpen source

Last release: 4 months ago

This software generates or verifies Proof Key for Code Exchange (PKCE) challenge pairs used with OAuth flows. It can create a code_verifier and corresponding code_challenge (default method S256, or plain), and it also provides functions to verify a verifier and challenge or generate a challenge from an existing verifier.

Project status

  • Actively maintained, evidence includes a recent upstream push on 2026-05-09 after the latest published update (6.0.0 on 2026-02-01), plus multiple prior versioned updates.
  • Update cadence appears moderate and ongoing, with 5.0.0 on 2025-03-31, 5.0.1 on 2025-11-23, and 6.0.0 on 2026-02-01 (roughly months apart, not years).

AI summary generated Today

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 6.0.0

    4 months ago

    Release 6.0.0 adds support for configurable PKCE challenge methods and updates the generated challenge object to include code_challenge_method. It also expands CI to run Cypress e2e tests for the browser bundle and bumps a couple of dev/test dependencies.

    BreakingFeatures

  • 5.0.1

    6 months ago

    Release 5.0.1 primarily changes the PKCE challenge/challenge-pair generation to use an even distribution over the allowed character set, reducing modulo bias. The code diff also includes CI and browser-test build workflow adjustments that are not mentioned in the release notes.

  • 5.0.0

    3/31/2025

    Release 5.0.0 updates pkce-challenge to support CommonJS consumers, and restructures the package entrypoints accordingly. The code changes also refactor crypto initialization and random generation to accommodate Node and browser WebCrypto differences more safely.

    Features

  • 4.1.0

    1/26/2024

    Version 4.1.0 introduces separate Node and browser entrypoints for pkce-challenge. The package build/test setup was expanded to generate browser and node variants and to bundle a small browser test.

    Features

  • 4.0.1

    5/11/2023

    Release 4.0.1 makes documentation tweaks and updates the package runtime requirements. The only functional change visible in the diff is adding an explicit Node engine constraint, while the README examples are adjusted to use async/await.

  • 4.0.0

    5/11/2023

    Version 4.0.0 switches the PKCE challenge generation and verification implementation from crypto-js to the Web Cryptography API (WebCrypto). The public API surface also becomes asynchronous, and the package build and module format are reorganized to output an ESM-first entry point.

    Breaking

  • 3.1.0

    3/29/2023

    Release 3.1.0 primarily claims a bundle-size improvement by switching how crypto-js is imported. The actual diff also introduces a new test setup (Jest, Babel) and enables TypeScript esModuleInterop, which can affect module interop outcomes.

  • 3.0.0

    3/29/2022

    v3.0.0 migrates pkce-challenge from a Node crypto-based JavaScript implementation to a TypeScript build that uses crypto-js for both Node and browser compatibility. The package entry points move to generated dist files and the public API shifts to a default export style.

    BreakingFeatures

  • 2.2.0

    5/20/2021

    Release 2.2.0 adds a new named export, generateChallenge, alongside the existing default pkceChallenge generator and verifyChallenge verifier. The runtime code change is primarily an added export and corresponding updates to TypeScript types, tests, and documentation.

    Features

  • 2.1.0

    12/20/2019

    Release 2.1.0 adds a new exported helper, verifyChallenge, to compute and verify a PKCE code challenge from a given code_verifier. The release also refactors internal helper code (notably random) and updates docs and tests accordingly, plus minor dev dependency bumps in the lockfile.

    Features