@eqtylab/vcomp-verify-js

This library provides a collection of reusable functions and classes to parse, validate, and verify cryptographic signatures for attestation report, TPM measurements and calculate measurements across multiple platforms.

Supported Technologies

- Intel TDX – Parse and validate Intel Trusted Domain Extensions (TDX) attestation reports.
- AMD SEV-SNP – Support for AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
- NVIDIA Confidential Computing – Validate attestation information from NVIDIA’s confidential computing-enabled environments.
- Azure Confidential VMs
- Azure TDX – Azure's implementation of Intel TDX with vTPM.
- Azure SNP – AMD SEV-SNP on Azure with vTPM.

Full list of available functions, classes, and object is available in API Documentation.

Dependencies and Licenses

$3

- @digitalbazaar/security-context v1.0.1 - BSD-3-Clause
- @digitalbazaar/security-document-loader v3.0.1 - BSD-3-Clause
- @digitalbazaar/vc v7.2.0 - BSD-3-Clause
- @noble/hashes v1.8.0 - MIT
- bs58 v6.0.0 - MIT
- jsonld-signatures v11.5.0 - BSD-3-Clause
- multiformats v13.3.6 - Apache-2.0 OR MIT
- node-forge v1.3.2-0 - BSD-3-Clause OR GPL-2.0 (custom fork from github:yurkowashere/node-forge-ec#ecdsa)
- vc v0.1.4 - MIT

$3

- jsdoc-to-markdown v9.1.1 - MIT
- vite-plugin-node-polyfills v0.23.0 - MIT
- vitest v3.1.4 - MIT

$3

- MIT: 150+ packages (majority)
- BSD-3-Clause: 20+ packages (Digital Bazaar ecosystem)
- Apache-2.0: 5+ packages
- ISC: 2 packages (main project + browserify-sign)
- Python-2.0: 1 package (argparse)
- BSD: 1 package (credentials-context)

$3

- Custom node-forge fork from yurkowashere/node-forge-ec with ECDSA support
- multiformats dual-licensed (Apache-2.0 OR MIT)
- Most transitive dependencies use permissive licenses (MIT/BSD)
- No GPL dependencies except node-forge's dual BSD-3-Clause OR GPL-2.0 option