Creates a device-bound browser credential and derives stable entropy bytes from it so local-first and zero-knowledge apps can bootstrap cryptographic state without storing their own seed material.
The public API is intentionally tiny:
createDeviceBinding(displayName)deriveDeviceEntropy()
npm install @sovereignbase/hardware-bound
# or
pnpm add @sovereignbase/hardware-bound
# or
yarn add @sovereignbase/hardware-bound
# or
bun add @sovereignbase/hardware-bound
# or
deno add jsr:@sovereignbase/hardware-bound
# or
vlt install jsr:@sovereignbase/hardware-boundimport {
createDeviceBinding,
deriveDeviceEntropy,
} from '@sovereignbase/hardware-bound'
const created = await createDeviceBinding('Ada Lovelace')
if (!created) throw new Error('Device binding failed')
const entropy = await deriveDeviceEntropy()
if (!entropy) throw new Error('Entropy derivation failed')
console.log(entropy)Creates a device binding for the current origin and returns true on success or false on failure.
Derives deterministic entropy bytes from the existing device binding and returns either:
Uint8Arrayfalse
The returned bytes are:
- credential
rawId - first PRF output
- second PRF output
- No storage.
- No network.
- No thrown library errors from the two exported functions. Failure is
false. - Intended as bootstrap material for local cryptographic state, not as a general authentication library.
- Unit and integration tests in Node.
- Browser tests in Playwright.
- Browser matrix: Chromium, Firefox, WebKit, Pixel 5 emulation, iPhone 12 emulation.
Apache-2.0