npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dax-crafta/auth

v2.1.1

Published

A powerful, flexible, and secure authentication plugin for the Crafta framework. Supports JWT, social login, 2FA, RBAC, audit logging, and enterprise-grade security features.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

daxp472daxp472

Keywords

authenticationauthjwtoauthsocial-loginrole-based-access-controlrbac2famfaaudit-loggingexpressnodejscraftasecure-authenticationenterprise-securityuser-management

Readme

@dax-crafta/auth

A powerful, flexible, and secure authentication system for Node.js applications. Built with enterprise-grade security features while maintaining developer-friendly simplicity.

npm version License Downloads

Features

  • 🔐 Comprehensive Authentication

    • Email/Password authentication
    • Social login (Google, Facebook, GitHub)
    • JWT-based session management
    • Refresh token rotation

  • 👥 Advanced Role-Based Access Control (RBAC)

    • Custom role creation
    • Granular permissions
    • Resource-based access control
    • Role hierarchy support

  • 🔒 Enterprise Security

    • Multi-factor authentication (MFA/2FA)
    • Password policies and strength validation
    • Account lockout protection
    • Brute force prevention

  • 📧 Email Features

    • Email verification
    • Password reset
    • Login notifications
    • Custom email templates

  • 📝 Audit Logging

    • Detailed activity tracking
    • Security event logging
    • User session monitoring

Quick Start

npm install @dax-crafta/auth
const { crafta } = require('crafta');
const { auth } = require('@dax-crafta/auth');

const app = crafta();

// Basic setup
auth({
  strategy: 'jwt',
  fields: ['email', 'password'],
  emailVerification: true
})(app);

app.listen(3000);

Configuration

auth({
  // Authentication Strategy
  strategy: 'jwt',
  
  // User Fields
  fields: ['name', 'email', 'password', 'age'],
  
  // Routes Configuration
  routes: {
    register: '/register',
    login: '/login',
    verify: '/verify',
    forgotPassword: '/forgot-password',
    resetPassword: '/reset-password',
    refreshToken: '/refresh-token',
    profile: '/profile',
    twoFactor: '/2fa'
  },
  
  // Security Settings
  maxLoginAttempts: 5,
  emailVerification: true,
  loginAlerts: true,
  
  // Password Policy
  passwordPolicy: {
    minLength: 8,
    requireUppercase: true,
    requireNumbers: true,
    requireSpecialChars: true,
    expiryDays: 90
  },
  
  // Email Configuration
  smtp: {
    host: 'smtp.example.com',
    port: 587,
    auth: {
      user: '[email protected]',
      pass: 'your-password'
    },
    from: '[email protected]'
  },
  
  // Social Login
  social: {
    google: {
      clientID: 'your-client-id',
      clientSecret: 'your-client-secret',
      callbackURL: 'http://localhost:3000/auth/google/callback'
    }
  }
})(app);

Role-Based Access Control

// Create a custom role
const adminRole = await roleService.createRole({
  name: 'admin',
  permissions: [{
    resource: 'users',
    actions: ['create', 'read', 'update', 'delete']
  }]
});

// Check permissions
const canAccess = await roleService.checkPermission('admin', 'users', 'create');

Multi-Factor Authentication

// Enable 2FA for a user
const { secret, qrCode } = await mfaService.generateSecret(
  '[email protected]',
  'MyApp'
);

// Verify 2FA token
const isValid = mfaService.verifyToken(token, secret);

Audit Logging

// Log user activity
await auditService.logActivity({
  userId: user.id,
  action: 'login',
  ipAddress: req.ip,
  userAgent: req.headers['user-agent'],
  status: 'success'
});

// Get user activity history
const activities = await auditService.getUserActivity(userId);

Security Best Practices

  • Use HTTPS in production
  • Set secure cookie options
  • Configure CORS appropriately
  • Regularly rotate refresh tokens
  • Monitor failed login attempts
  • Implement rate limiting

License

MIT © Dax Crafta