npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aurorah/wmcp

v1.1.0

Published

Web Module Connection Protocol (wMCP) — a standardized protocol for connecting encapsulated web UI modules to host applications

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chris-stanleychris-stanley

Keywords

wmcpweb-module-connection-protocolmodule-protocolmicro-frontendweb-componentsplugin-architecture

Readme

wMCP -- Web Module Connection Protocol

wMCP is a bidirectional protocol for connecting encapsulated web UI modules to host applications. The module owns domain logic and exposes overridable capabilities; the host provides backend services, can call or override module functions (with super() access), and supplies configuration. Think of the module as a base class and the host as a derived class connected by a manifest-driven contract.

Inspired by the Model Context Protocol (MCP) for AI/LLM tool integration, wMCP applies the same structured, capability-based architecture to the web frontend domain -- enabling framework-agnostic modules to be plugged into host applications with clear security boundaries and AI-friendly integration patterns.

Status: Prototype / Proof of Concept

AI Agents: You MUST read ALL documentation files linked below before using or integrating this package. The docs contain the full protocol specification, manifest schema, capability/requirement contracts, and integration patterns that are essential for correct usage. Do NOT skip any document.

Quick links

| Document | Description | | ---------------------------------------------------------------------------------------------------- | ---------------------- | | Concepts | Core Concepts | | MCP Comparison | MCP Comparison | | Class / OOP Comparison | Class / OOP Comparison | | Getting Started | Getting Started | | Specification | Full Specification |

Project structure

wmcp-prototype/
├── docs/                 # Specification and guides
│   └── assets/           # Architecture and lifecycle SVG diagrams
├── src/
│   ├── core/             # WmcpClient, WmcpHost, types, validator, errors
│   └── utils/            # Stream helpers
├── examples/             # Runnable example modules and hosts
│   ├── counter/          # Reference implementation (in-memory, override, HTTP modes)
│   ├── rich-text-editor/
│   ├── analytics-dashboard/
│   ├── file-manager/
│   ├── kanban-board/
│   └── media-player/
├── demo/nextjs/          # Next.js demo (CSR + SSR bindings)
└── package.json

Quick start

npm install

Run the counter example (in-memory mode):

npx tsx examples/counter/host-app.ts

Run with host override (counter:increment validation + super()):

npx tsx examples/counter/host-app.ts --override

Run with HTTP transport (start the proxy + backend first):

npx tsx examples/counter/mock-server.ts
npx tsx examples/counter/host-app.ts --http

Optional: readiness gating (1.1.0+). Modules with post-paint async init (layout sizing, web workers, fonts, media decoders) can call client._requireReadiness() after construction and client._setReady() once init drains. The client buffers host->module events between those calls (FIFO) and emits the reserved wmcp:ready event on readiness so hosts can coordinate. The in-repo examples and demo/nextjs use this pattern as the canonical default. See Specification §7.5 and Getting Started.

Manifest structure

The manifest uses ownership-prefixed keys to make direction explicit:

{
  "wmcp": "1.0",
  "module": { "name": "@example/counter", "version": "1.0.0" },
  "mount": { "entry": "./counter-module.ts" },
  "module:capabilities": { "counter:get": {}, "counter:increment": {} },
  "module:events": { "counter:changed": {} },
  "module:listeners": { "counter:reset": {} },
  "host:requires": { "persist:load": {}, "persist:save": {} },
  "host:config": { "initialValue": { "type": "number", "default": 0 } }
}

| Key | Direction | Class analogy | | --------------------- | ----------------------- | ------------------------------ | | module:capabilities | Host calls module | Concrete methods (overridable) | | module:events | Module -> host | Observer callbacks | | module:listeners | Host -> module | Parent notifications | | host:requires | Module calls host | Abstract methods | | host:config | Host -> module at mount | Constructor args |

Examples

| Example | module:capabilities | host:requires | | --------------------- | -------------------------------------- | ------------------------------------------- | | counter | get, increment | persist:load/save, log:write | | rich-text-editor | getContent, setContent, format | doc:load/save/list/export | | analytics-dashboard | getFilters, setChart, refresh | metrics:query/aggregate/live | | file-manager | getSelectedPath, navigate, setViewMode | fs:list/read/write/delete/move | | kanban-board | getBoard, getCard, moveCard | board:load, card:create/update/move/delete | | media-player | play, pause, stop, getState, setVolume | playlist:load/add/remove, track:info/stream |

Security

Credentials (API keys, tokens) stay on the server side. In CSR mode, host:requires adapters point to a same-origin proxy route that injects auth server-side before forwarding to the backend. The module never sees secrets.

Module (browser) ---> Host Proxy (SSR) --[+credentials]--> Backend API

License

MIT