npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@anzar-auth/server

v1.5.11

Published

Anzar server middleware for verifying tokens

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hakou_9hakou_9

Keywords

Software DevelopmentAuthenticationAuthorizationMicroService

Readme

Anzar SDK Documentation

Install The Typescript SDK

In a ts project run the following command to install the anzar package.

npm

$ npm install @anzar-auth/server

pnpm

$ pnpm install @anzar-auth/server

yarn

$ yarn add @anzar-auth/server

Middleware

The server SDK provides two Express middleware functions for protecting your routes using JWT tokens issued by your Anzar Auth container.

AnzarExpressRequireAuth

Verifies the JWT token and attaches the authenticated user's ID to the request object. Use this to protect any route that requires a logged-in user.

import { AnzarExpressRequireAuth } from "@anzar-auth/server";
 
const requireAuth = AnzarExpressRequireAuth({
  secret: process.env.SECRET;
  audience: process.env.AUTH0_AUDIENCE,
});

app.get("/profile", requireAuth, (req, res) => {
  res.json({ userId: req.user_id });
});

Parameters

| Parameter | Type | Default | Description | |-----------------|----------|-----------|----------------------------------------------------------------------| | secret | string | — | The secret key used to sign and verify JWT tokens | | audience | string | "web-app" | The intended recipient of the token | | algorithm | string | "HS256" | The algorithm used to verify the JWT signature | | issuerBaseURL | string | — | The base URL of the token issuer | For further reading, see the JWT specification.

Behavior

  • If no token is provided → 401 { error: "No token provided" }
  • If the token is invalid or expired → 403 { error: "Invalid or expired token" }
  • If the token is valid → sets req.user_id from the token's sub claim and calls next()

requireRole

Verifies the JWT token and checks that the token includes a specific role. Use this to restrict routes to users with a particular permission level.

import { requireRole } from "@anzar-auth/server";

const requireAdmin = requireRole({
  secret: process.env.SECRET,
  audience: process.env.AUTH0_AUDIENCE,
}, "Admin");
 
app.delete("/admin/users/:id", requireAdmin, (req, res) => {
    // only reachable by users with the "admin" role
    res.json({ deleted: req.params.id });
  }
);

Parameters

| Parameter | Type | Default | Description | |-----------------|-----------------|-----------|----------------------------------------------------------------------| | role | User, Admin | — | The role the authenticated user must have | | secret | string | — | The secret key used to sign and verify JWT tokens | | audience | string | "web-app" | The intended recipient of the token | | algorithm | string | "HS256" | The algorithm used to verify the JWT signature | | issuerBaseURL | string | — | The base URL of the token issuer |

For further reading, see the JWT specification.

Behavior

  • If no token is provided → 401 { error: "No token provided" }
  • If the token is valid but the user lacks the required role → 403 { error: "Forbidden" }
  • If the token is invalid or expired → 403 { error: "Invalid or expired token" }
  • If the token is valid and the role matches → sets req.user_id and calls next()

Full Example

import express from "express";
import { AnzarExpressRequireAuth, requireRole } from "@anzar-auth/server";
 
const app = express();
 
const requireAuth = AnzarExpressRequireAuth({
  secret: process.env.SECRET;
  audience: process.env.AUTH0_AUDIENCE,
});

// Any authenticated user
app.get("/dashboard", requireAuth, (req, res) => {
    res.json({ message: `Welcome, user ${req.user_id}` });
  }
);
 
const requireAdmin = requireRole({
  secret: process.env.SECRET,
  audience: process.env.AUTH0_AUDIENCE,
}, "Admin");

// Admin-only route
app.get("/admin", requireAdmin, (req, res) => {
    res.json({ message: "Admin area" });
  }
);
 
app.listen(3000);

📝 Note: Make sure the SECRET used in your server matches the one configured in your Anzar Auth container, otherwise all tokens will fail verification.