npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cauth/prisma

v0.2.0

Published

[![NPM Version](https://img.shields.io/npm/v/@cauth/prisma.svg)](https://www.npmjs.com/package/@cauth/prisma)

Readme

@cauth/prisma

NPM Version

CAuth Prisma is the official database adapter for the CAuth authentication system. It provides a robust implementation of the DatabaseContract using Prisma Client.

[!IMPORTANT] For more information and full documentation, visit cauth.dev.


✨ Features

  • 🐘 Prisma Native: Full support for Prisma 5+ and any database Prisma supports.
  • 🛡️ Secure Refresh Tokens: Automatically handles HMAC hashing of refresh tokens.
  • 🔑 Argon2id Integration: Works seamlessly with CAuth's Argon2id password hashing.
  • 📱 OTP Built-in: Robust schema and logic for managing one-time passwords.
  • 🛠️ Type-Safe: Fully typed database operations and results.

🚀 Installation

npm install @cauth/prisma @cauth/core @prisma/client
# or
yarn add @cauth/prisma @cauth/core @prisma/client

🏁 Quick Start

1. Define the Schema

Add the following models to your schema.prisma file. These models are required for CAuth to function.

model Auth {
  id            String   @id @default(cuid())
  phoneNumber   String?  @unique
  email         String?  @unique
  role          String
  passwordHash  String
  lastLogin     DateTime @default(now())
  refreshTokens Json[]   // Stores hashed refresh tokens and metadata
  createdAt     DateTime @default(now())
  updatedAt     DateTime @updatedAt
  
  // Relations (optional but recommended)
  user          User?
  otp           Otp?

  @@map("auth")
}

model Otp {
  id        String     @id // Same as Auth.id
  auth      Auth       @relation(fields: [id], references: [id])
  code      String     // Argon2id hash of the numeric code
  purpose   OtpPurpose
  expiresAt DateTime
  isUsed    Boolean    @default(false)
  createdAt DateTime   @default(now())
  updatedAt DateTime   @updatedAt

  @@map("otp")
}

enum OtpPurpose {
  LOGIN
  RESET_PASSWORD
  ACTION
}

2. Initialize the Contractor

import { PrismaClient } from '@prisma/client';
import { CAuth } from '@cauth/core';
import { PrismaContractor } from '@cauth/prisma';
import { ExpressContractor } from '@cauth/express';

const prisma = new PrismaClient();

const auth = CAuth({
  roles: ['USER', 'ADMIN'],
  dbContractor: new PrismaContractor(prisma),
  routeContractor: new ExpressContractor(),
  jwtConfig: {
    accessTokenSecret: process.env.ACCESS_TOKEN_SECRET!,
    refreshTokenSecret: process.env.REFRESH_TOKEN_SECRET!,
  }
});

🔒 Security Features

Refresh Token Hashing

Unlike basic implementations that store refresh tokens in plaintext, @cauth/prisma stores an HMAC hash of the token. This ensures that even if your database is leaked, the active sessions cannot be hijacked.

OTP Security

Numeric codes are never stored in the database. Instead, an Argon2id hash of the code is stored, providing the same level of security as passwords.


🛠️ API Reference

PrismaContractor(prisma: PrismaClient)

The primary class that implements the DatabaseContract. It handles:

  • Account CRUD: Finding, creating, and updating auth accounts.
  • Session Management: Securely adding/removing/refreshing token hashes.
  • OTP Lifecycle: Generating CSPRNG codes and verifying them against hashes.

📄 License

MIT © Jonace Mpelule