@simplewebauthn/browser
SimpleWebAuthn for Browsers
About
SimpleWebAuthn for Browsers
Live mirror of the GitHub README. Updated whenever the repo's default branch changes.
SimpleWebAuthn
Overview
This project features two complimentary libraries to help reduce the amount of work needed to incorporate WebAuthn into a website. The following packages are maintained here:
Installation
SimpleWebAuthn can be installed from NPM and JSR in Node LTS 20.x and higher, Deno v1.43 and higher projects, and other compatible runtimes (Cloudflare Workers, Bun, etc...)
See the packages' READMEs for more specific installation information.
Documentation
In-depth documentation for this project is available at https://simplewebauthn.dev/docs
Sponsors
Thank you very much to those who sponsor my work. Your contributions help keep the open-source dream alive 🙇♂️
Interested in sponsoring this project? See here for more info: https://github.com/sponsors/MasterKale
🌟 Platinum Sponsor
Simple Authentication. Make login our problem. Not yours.
🏅 Gold Sponsor
Simple, drop-in passkeys and MFA as a Service
Example
For a practical guide to implementing these libraries, take a look at the example project. It includes a single-file Express server and a few HTML files that, combined with the packages in this repo, are close to all it takes to get up and running with WebAuthn.
Contributions
The SimpleWebAuthn project is not currently open to external contributions.
Please submit an Issue and fill out the provided template with as much information as possible if you have found a bug in need of fixing.
You can also submit an Issue to request new features, or to suggest changes to existing features.
Development
Install the following before proceeding:
- Deno v2.4.x
After pulling down the code, set up dependencies:
$> deno install
To run unit tests for all workspace packages, use the test series of scripts:
# Run an individual package's tests
$> cd packages/browser/ && deno task test
$> cd packages/server/ && deno task test
Tests can be run in watch mode with the test:watch series of scripts:
$> cd packages/browser/ && deno task test:watch
$> cd packages/server/ && deno task test:watch
Quick facts
npm install @simplewebauthn/browserHow Sourcemap Explorer detects @simplewebauthn/browser
We catch @simplewebauthn/browser from two complementary signals: bundled source paths and the embedded package.json. Modern bundlers (webpack, Vite, esbuild, Rollup, Turbopack) preserve the original node_modules/@simplewebauthn/browser/ paths inside the JavaScript sourcemap's sources[] array — that's the canonical signal. When the matching package.json is also captured in sourcesContent[], we read the exact version field — patch number included. No regex guessing, no version inference.
- 1
Confirm the site exposes sourcemaps
In DevTools Network, check the response headers of any application script for `SourceMap` or `X-SourceMap`. Failing that, fetch the script's last 4 KB and look for a `//# sourceMappingURL=` comment.
- 2
Find the package in the bundle
Open DevTools → Network → reload. Click any application script and look at its sourcemap. Inside, search `sources[]` for entries matching `node_modules/@simplewebauthn/browser/` — every match confirms the package is bundled. The matching `sourcesContent[i]` for `node_modules/@simplewebauthn/browser/package.json` gives you the exact installed version.
- 3
Read the version directly from package.json
Run `jq -r '. as $m | $m.sources | to_entries[] | select(.value | endswith("node_modules/@simplewebauthn/browser/package.json")) | $m.sourcesContent[.key] | fromjson | .version' bundle.js.map`. Sourcemap Explorer automates the same query in the popup.
Recent versions
FAQ
What is @simplewebauthn/browser used for?
SimpleWebAuthn for Browsers
How can I tell if a website is using @simplewebauthn/browser?
Open the page in Chrome with the Sourcemap Explorer extension installed and read the Stack tab. We catch `@simplewebauthn/browser` from two complementary signals: `node_modules/@simplewebauthn/browser/` paths inside the JavaScript sourcemap, and the embedded `package.json` we read for exact-version detection. Without the extension you can do the same lookup manually in DevTools — the steps are listed in the "How Sourcemap Explorer detects" section above.
What is the latest version of @simplewebauthn/browser?
13.3.0, as published on the npm registry. The "Recent versions" table on this page lists the most recent 8 releases with their release dates. Sourcemap Explorer reports the version actually bundled into a site, which can lag the latest release by months on real-world deployments.
Where can I read more?
Project homepage: https://github.com/MasterKale/SimpleWebAuthn/tree/master/packages/browser#readme. Source code: https://github.com/MasterKale/SimpleWebAuthn. Published on npm: https://www.npmjs.com/package/@simplewebauthn/browser. Licensed as MIT.
Detected by Sourcemap Explorer
When a bundle ships sourcemaps, we read the embedded package.json for @simplewebauthn/browser and report the precise version. Without sourcemaps, an import / require in the page's scripts is enough to flag it.