npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@conduit-client/salesforce-lightning-service-worker

v3.5.0

Published

Service worker for accessing Salesforce data

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

scarrawaysfscarrawaysflwc-adminlwc-admin

Keywords

Readme

Salesforce Lightning Service Worker

A specialized HTTP client and service worker for Salesforce Lightning applications that provides automatic CSRF (Cross-Site Request Forgery) protection for API requests. This package ensures secure communication with Salesforce APIs by automatically managing CSRF tokens.

Installation

npm install @conduit-client/salesforce-lightning-service-worker

Usage

This package provides two ways to use CSRF protection:

1. Using ConduitClient (Recommended)

The ConduitClient provides a convenient wrapper around fetch with automatic CSRF protection:

import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';

// Create a client instance
const client = ConduitClient.create();

// Make API calls - CSRF protection is automatic for protected endpoints
const response = await client.fetch('/services/data/v65.0/sobjects/Account', {
  method: 'POST',
  body: JSON.stringify({ Name: 'Test Account' }),
});

2. Using Service Worker (Advanced)

For applications that desire service worker-level CSRF protection:

Register the Service Worker

import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';

// Register service worker for enhanced protection
await ConduitClient.registerServiceWorker('./sw.js');

Create the Service Worker File

// sw.js - served statically by your bundler
import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';

// Define service worker behavior
ConduitClient.defineServiceWorker({ debug: true });

**NOTE: ** Note, if service worker registration fails the wrapper approach will remain in place in order to maintain CSRF protection.

Important Configuration Notes:

  1. Static File Name: The service worker file must have a static name (e.g., sw.js) without hash tokens
  2. Module Type: Use ES6 modules for modern bundlers
  3. Scope: Service worker scope determines which requests it can intercept

CSRF Protection Features

This package provides automatic CSRF protection with the following features:

Automatic Token Management

  • Token Caching: CSRF tokens are cached using the Cache API for performance
  • Token Refresh: Automatically refreshes tokens when they become invalid
  • Retry Logic: Retries requests once with fresh tokens on authentication failures

Protected Endpoints

  • Method Protection: Automatically protects data-mutating methods (POST, PUT, PATCH, DELETE)
  • URL Protection: Currently protects all Salesforce API endpoints under /services
  • Intelligent Detection: Only applies CSRF protection where needed

Service Worker Integration

  • Install Handler: Skips waiting to activate immediately
  • Activate Handler: Claims all clients immediately
  • Fetch Interception: Intercepts and enhances requests with CSRF tokens

Complete Example

// Main application code
import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';

async function setupApiClient() {
  // Optionally register service worker for enhanced protection
  await ConduitClient.registerServiceWorker('./sw.js');

  // Create client for API calls
  const client = ConduitClient.create();

  // Make API calls - CSRF protection is automatic
  const account = await client.fetch('/services/data/v65.0/sobjects/Account', {
    method: 'POST',
    body: JSON.stringify({ Name: 'New Account' }),
  });

  return client;
}
// sw.js - Service worker file if `registerServiceWorker` is used
import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';

ConduitClient.defineServiceWorker({ debug: false });

Development

Running the Development Server

Use the dev script to run and debug the service worker code:

npm run dev

This will:

  1. Build the service worker code
  2. Start a development server on port 3000
  3. Serve a test page with service worker registration
  4. Automatically open your browser

Development Features

  • Live Service Worker Updates: The development server includes automatic service worker update detection and page reloading when you make changes to the source code
  • Test API Endpoint: A dummy /api/data endpoint is configured to test fetch interception by the service worker
  • Debug Console: The test page includes buttons to check service worker status and test API calls
  • TypeScript Transformation: Service worker code is served as transformed TypeScript via Vite

Development Workflow

  1. Make changes to src/index.ts (service worker logic)
  2. The page will automatically detect service worker updates and reload
  3. Use the test page buttons to verify your changes:
    • Check SW Status: View service worker registration details
    • Fetch API Data: Test the /api/data endpoint through the service worker
    • Clear Output: Clear the debug console

Development File Structure

  • src/index.ts - Main service worker code and registration utilities
  • scripts/dev.ts - Development server with API mock and service worker serving
  • scripts/dev-service-worker.ts - Entry point for the development service worker
  • scripts/dev-test-page.html - Test page for debugging service worker functionality

Building for Production

npm run build

This creates production-ready files in the dist/ directory.

Browser Support

Requires browsers with service worker support. The registration function includes feature detection and will gracefully handle unsupported browsers.

This software is provided as-is with no support provided.