npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@arkhai/apitokens-middleware

v0.1.1

Published

Seller-side API-tokens gating middleware: verify + meter prepaid API credits against the tokens service, map exhaustion to a 402 with a purchase pointer. Behavioral parity with the Python and Rust middlewares (../conformance).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mleglsmlegls

Keywords

Readme

@arkhai/apitokens-middleware (TypeScript)

Seller-side gating middleware for the API-tokens domain — the TypeScript sibling of the Python reference (../python). It extracts the bearer key from the Authorization header, verifies it against the tokens service (short-TTL cache), meters each request by consuming credits (synchronously near exhaustion, optionally batched above a low-balance threshold), and maps a drained key to a 402 whose body carries a purchase pointer (the re-purchase loop). All verification and accounting authority stays in the service.

The behavioral contract — status codes, machine-readable bodies, and per-step service-call counts — is shared with the Python and Rust middlewares and pinned by ../conformance/session.json.

Install

npm install @arkhai/apitokens-middleware

Requires Node ≥ 22.6 (per engines). The package is published with provenance.

Use

Two framework-neutral bindings ship from the package root. Both gate every request before it reaches the app and return a 402 with a purchase pointer once a key is drained; excludePaths defaults to ["/health"].

Connect/Express:

import express from "express";
import { tokenGateMiddleware, gateConfigFromEnv } from "@arkhai/apitokens-middleware";

const app = express();
app.use(tokenGateMiddleware({ config: gateConfigFromEnv() }));
// ... your routes

Web fetch handler (Workers, Deno, Bun, …):

import { withTokenGate, gateConfig } from "@arkhai/apitokens-middleware";

const fetchHandler = withTokenGate(
  { config: gateConfig({ serviceUrl: "http://localhost:8082", adminKey: process.env.ADMIN_KEY }) },
  async (_req) => Response.json({ ok: true }),
);
export default { fetch: fetchHandler };

gateConfigFromEnv() reads APITOKENS_MIDDLEWARE_* variables (SERVICE_URL, ADMIN_KEY, AMOUNT_PER_REQUEST, the PURCHASE_* pointer fields, …); gateConfig({ serviceUrl, … }) takes the same fields inline. All verification and accounting authority stays in the tokens service — the gate only caches and meters.

Layout

  • src/config.tsGateConfig / PurchasePointer (+ gateConfigFromEnv).
  • src/client.tsTokensClient over fetch, and the TokensApi interface the gate depends on.
  • src/gate.ts — framework-neutral TokenGate (verify cache, balance estimate, batched-charge accumulator), parseBearer, keyIdFromSecret.
  • src/adapter.ts — two bindings: a Connect/Express middleware (tokenGateMiddleware) and a Web fetch wrapper (withTokenGate). Neither imports a framework.

Develop

Requires Node ≥ 22.6 (native TypeScript type-stripping; tests run .ts directly).

npm install
npm run typecheck      # tsc --noEmit
npm test               # node --test over the conformance + gate suites
npm run check          # typecheck + test
npm run build          # emit dist/ (.js + .d.ts) for publishing

test/conformanceRunner.ts is the reference harness: it stands up an in-process scripted tokens service (test/scriptedService.ts) and drives the real fetch client against it, replaying ../conformance/session.json step for step and asserting the decision plus the per-step verify/consume call counts — mirroring the Python runner at the HTTP layer.