npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aikdna/kdna-web-client

v0.2.0

Published

Browser-safe KDNA utilities — file selection, metadata inspection, upload, and load-plan state management. Never performs decryption.

Readme

@aikdna/kdna-web-client

Browser-safe KDNA utilities.

File selection, metadata inspection, upload to your server, and load-plan state management — without ever performing decryption in the browser.

Design constraint: this package never decrypts anything. It reads public metadata from a .kdna file and delegates all sensitive operations to a server running @aikdna/kdna-web-server.

New to KDNA? → KDNA Core

Need a server-side adapter? → @aikdna/kdna-web-server

Need React components? → @aikdna/kdna-react

npm License


Install

npm install @aikdna/kdna-web-client

No peer dependencies. No Node.js built-ins in the browser bundle.


Quick start

import { readKDNAMetadata, uploadKDNA, KDNALoadPlanManager } from '@aikdna/kdna-web-client'

// 1. Let the user pick a file
const input = document.createElement('input')
input.type = 'file'
input.accept = '.kdna'
input.onchange = async () => {
  const file = input.files[0]

  // 2. Read public metadata (no server round-trip, no decryption)
  const meta = await readKDNAMetadata(file)
  console.log(meta.domain, meta.version, meta.encrypted)

  // 3. Upload to your server and get a fileId
  const { fileId } = await uploadKDNA(file, '/api/kdna/inspect')

  // 4. Manage the load-plan flow
  const manager = new KDNALoadPlanManager('/api/kdna')
  const plan = await manager.planLoad(fileId)

  if (plan.canProceed) {
    const result = await manager.load(fileId, { profile: 'compact' })
    console.log(result.capsule.context)
  } else {
    console.log('Missing:', plan.missing)  // e.g. ['enter_password']
  }
}
input.click()

API reference

readKDNAMetadata(file)

Reads public manifest fields from a .kdna File object without uploading it or performing any decryption.

const meta = await readKDNAMetadata(file, {
  maxSizeBytes: 10 * 1024 * 1024,
})

Returns:

{
  domain:      string         // e.g. "@author/asset-name"
  version:     string         // e.g. "1.2.0"
  title:       string | null
  description: string | null
  encrypted:   boolean
  profiles:    string[]       // available load profiles
  fileSize:    number         // bytes
}

Throws KDNAFileSizeError if maxSizeBytes is set and the file is too large. Throws KDNAFormatError if the file is not a valid .kdna container.


uploadKDNA(file, endpoint)

Upload a .kdna File to an endpoint (typically /api/kdna/inspect) and return the fileId assigned by the server.

const { fileId, inspect } = await uploadKDNA(file, '/api/kdna/inspect')

Returns:

{
  fileId:   string    // opaque ID — pass to plan-load and load
  inspect:  object    // the full /inspect response
}

Throws KDNAUploadError if the request fails or the server returns a non-200 status.


KDNALoadPlanManager

Stateful class that drives the load-plan flow for a single file.

const manager = new KDNALoadPlanManager(baseUrl)

| Method | Description | |--------|-------------| | planLoad(fileId, context?) | Evaluate the LoadPlan. Returns requirements. | | load(fileId, options) | Load the asset. Credentials are passed directly. |

planLoad(fileId, context?)

const plan = await manager.planLoad('abc123', {
  hasPassword: false,
  entitlementToken: null,
})

Returns:

{
  canProceed:   boolean
  missing:      string[]    // e.g. ['enter_password']
  requirements: {
    password:   { required: boolean, hint: string | null }
    licenseKey: { required: boolean }
  }
}

load(fileId, options)

const result = await manager.load('abc123', {
  profile:          'compact',
  password:         '...',   // only if required
  entitlementToken: { status: 'active' }, // signed entitlement from /activate, only if required
})

Returns the /load response from the server. The Agent-facing artifact is the Runtime Capsule; content is a web-UI convenience alias of capsule.context:

{
  content: object
  capsule: {
    type: "kdna.context.capsule"
    version: "1.0"
    context: object
  }
}

KDNAFileSizeError

Thrown by readKDNAMetadata when the file exceeds the configured maximum size.

KDNAFormatError

Thrown by readKDNAMetadata when the file does not have a valid .kdna header.

KDNAUploadError

Thrown by uploadKDNA when the HTTP request fails.


Security model

See docs/security-model.md.

Short version:

  • This package reads only the container header and public kdna.json manifest in memory. It never parses, decrypts, or exposes payload.kdnab; loading is delegated to the official server-side toolchain.
  • Passwords and signed entitlement records or tokens are passed as arguments to manager.load() and are POSTed directly to the server endpoint. They are not stored in any object property or module-level variable. Raw license keys belong on your activation endpoint, not /load.
  • This package has no Node.js built-in dependencies. It runs entirely within the browser's security model.

Consumption traces

The optional trace viewer is for application-level transparency: it can show a selected primary asset, bounded advisors, rejected candidates, budget status, and provenance. Browser clients should receive a projection or trace from a trusted application endpoint; they must not treat a sidecar as permission to read a protected payload.


Related packages

| Package | Role | |---------|------| | @aikdna/kdna-core | KDNA format and runtime (Node.js) | | @aikdna/kdna-web-server | Server-side adapter | | @aikdna/kdna-react | React components and hooks | | create-kdna-web-app | Project scaffolding CLI |


License

Apache 2.0 — see LICENSE.