SASL Authentication Framework

0.1.1 · abandoned · verified Sun Apr 19

saslmechanisms is a foundational JavaScript framework designed to facilitate SASL (Simple Authentication and Security Layer) authentication and data security within connection-oriented protocols. Released as version 0.1.1 over a decade ago, it provides a `Factory` pattern for managing and negotiating pluggable SASL mechanisms. The package itself does not include any authentication mechanisms; instead, it serves as an extensible core that requires separate, dedicated packages (e.g., `sasl-plain`) to implement specific SASL methods. Due to its age and lack of updates, it is largely superseded by more modern authentication solutions and is not actively maintained, making its current utility limited outside of legacy systems. The framework's primary differentiator was its modularity, allowing developers to easily extend supported authentication types by plugging in new mechanism implementations.

Common errors

```
TypeError: Cannot read properties of undefined (reading 'Factory')
```
cause The `saslmechanisms` package was not correctly `require()`-d, or the variable name does not match the expected export.

fix Ensure you are using `const sasl = require('saslmechanisms');` and then `new sasl.Factory();`.
```
Error: Unknown mechanism "PLAIN"
```
cause The required SASL mechanism package (e.g., `sasl-plain`) was not installed or not correctly registered with the factory using `factory.use()`.

fix Install the necessary mechanism package (e.g., `npm install sasl-plain`) and add `factory.use(require('sasl-plain'));` to your initialization code.

Warnings

breaking This package is extremely old (v0.1.1, published over a decade ago) and has been abandoned. It is highly unlikely to be compatible with modern Node.js versions or maintain current security standards. Using it in new projects is strongly discouraged.
Fix: Consider modern alternatives for authentication, such as OAuth2, OpenID Connect, or actively maintained SASL libraries if strict SASL compliance is necessary.
gotcha The package is CommonJS-only and does not support ES Modules (`import`). Attempting to use `import` syntax will result in errors.
Fix: Always use `require()` for importing the `saslmechanisms` package and any associated mechanism packages.
gotcha The `saslmechanisms` package provides only the framework; actual SASL authentication mechanisms (e.g., PLAIN, DIGEST-MD5) must be installed as separate npm packages (e.g., `sasl-plain`, `sasl-digest-md5`) and registered with the factory.
Fix: Ensure all required `sasl-*` mechanism packages are explicitly installed via npm and registered using `factory.use(require('sasl-mechanism-package'));`
deprecated The `volo` package manager mentioned in the README for installation (`volo add jaredhanson/js-sasl sasl`) is obsolete and no longer maintained. Use npm for package installation.
Fix: Install using npm: `npm install saslmechanisms`.

Install

npm install saslmechanisms npm
yarn add saslmechanisms yarn
pnpm add saslmechanisms pnpm

Imports

Factory
wrong:
```
import { Factory } from 'saslmechanisms';
```
correct:
```
const sasl = require('saslmechanisms');
const factory = new sasl.Factory();
```
The package exports an object (often aliased as `sasl`) that contains the `Factory` constructor. This package is CommonJS-only; ESM imports are not supported.
Mechanism registration
wrong:
```
factory.use(SASLPlain);
```
correct:
```
factory.use(require('sasl-plain'));
```
Mechanism packages like `sasl-plain` are expected to be `require()`-d directly and passed to the `use` method to register them with the factory. Ensure the mechanism package is installed.
ClientSession / ServerSession
wrong:
```
const clientSession = new sasl.ClientSession('PLAIN');
```
correct:
```
const clientSession = factory.createClientSession('PLAIN');
```
Client and server sessions are instantiated via the `factory` instance after mechanisms have been registered, not directly from the `sasl` object.

Quickstart

Demonstrates initializing the SASL factory, registering the 'PLAIN' mechanism, and simulating a basic client-server authentication flow.

const sasl = require('saslmechanisms');

// Create a SASL mechanism factory.
const factory = new sasl.Factory();

// Register supported SASL mechanisms. This package only provides the framework;
// mechanism implementations like 'sasl-plain' must be installed separately.
// For this example, ensure 'sasl-plain' is installed: npm install sasl-plain
try {
  factory.use(require('sasl-plain'));
  console.log('SASL PLAIN mechanism registered successfully.');
} catch (e) {
  console.error('Failed to load sasl-plain. Make sure it is installed: npm install sasl-plain');
  process.exit(1);
}

// Simulate client and server interactions for 'PLAIN' authentication.
const username = process.env.SASL_USERNAME || 'testuser';
const password = process.env.SASL_PASSWORD || 'testpassword';

// Client-side: initiate authentication with credentials
const clientSession = factory.createClientSession('PLAIN'); // 'PLAIN' is the mechanism name
const initialClientChallenge = clientSession.challenge({
  username: username,
  password: password
});
console.log(`\nClient initiated authentication with challenge: "${initialClientChallenge}"`);

// Server-side: respond to the client's challenge
const serverSession = factory.createServerSession('PLAIN');
try {
  const serverResponse = serverSession.response(initialClientChallenge);
  if (serverSession.isComplete()) {
    console.log('Server successfully completed authentication.');
    console.log(`Authenticated user: ${serverSession.username}`);
    // In PLAIN, serverResponse is typically an empty string on success
  } else {
    console.log('Server authentication not complete, further steps might be required.');
  }
} catch (error) {
  console.error(`Server failed to authenticate: ${error.message}`);
}

console.log('\nSASL framework demonstration complete.');

view raw JSON →