npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@disruptica/ladybug-identity

v0.1.1

Published

Server-side helpers for signing Ladybug widget identities

Downloads

140

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

sebastian-disrupticasebastian-disruptica

Keywords

ladybugidentitywidgethmac

Readme

@disruptica/ladybug-identity

Server-side helper for signing Ladybug widget identity tokens. Use this in your backend to identify logged-in users in the embedded widget.

Works in any Node.js or Bun server — no dependencies beyond the built-in crypto module.

Installation

npm install @disruptica/ladybug-identity

How it works

Your backend signs a short-lived HMAC token containing the user's identity. The widget sends this token to Ladybug, which verifies it and associates the chat session with the real user.

Your server  →  signLadybugIdentity()  →  token  →  widget  →  Ladybug

Usage

Basic

import { signLadybugIdentity } from '@disruptica/ladybug-identity';

const token = signLadybugIdentity({
  secret: process.env.WIDGET_SESSION_SECRET,
  user: {
    id: 'user_123',
    email: '[email protected]',
    name: 'Alice',
  },
});
// Returns a signed token string, valid for 15 minutes by default

Pass this token to the widget:

<script
  src="https://cdn.jsdelivr.net/npm/@disruptica/ladybug-widget/dist/widget.js"
  data-embed-key="emb_xxx"
  data-user-token="<token from your backend>"
></script>

Or via the programmatic API:

new LadybugWidget({
  embedKey: 'emb_xxx',
  userToken: tokenFromYourBackend,
});

Expose an endpoint

The recommended pattern is a short-lived token endpoint your frontend calls on load.

Next.js (App Router)

// app/api/ladybug-token/route.ts
import { signLadybugIdentity } from '@disruptica/ladybug-identity';
import { auth } from '@/lib/auth';

export async function GET() {
  const session = await auth();
  if (!session?.user) return new Response('Unauthorized', { status: 401 });

  const token = signLadybugIdentity({
    secret: process.env.WIDGET_SESSION_SECRET!,
    user: {
      id: session.user.id,
      email: session.user.email,
      name: session.user.name,
    },
    expiresInSeconds: 900, // 15 minutes
  });

  return Response.json({ token });
}

Express / Hono / any framework

import { signLadybugIdentity } from '@disruptica/ladybug-identity';

app.get('/api/ladybug-token', requireAuth, (req, res) => {
  const token = signLadybugIdentity({
    secret: process.env.WIDGET_SESSION_SECRET,
    user: {
      id: req.user.id,
      email: req.user.email,
      name: req.user.name,
      role: req.user.role,        // optional
      metadata: { plan: 'pro' },  // optional arbitrary data
    },
  });
  res.json({ token });
});

Rails

# config/routes.rb
get '/api/ladybug-token', to: 'ladybug#token'

# app/controllers/ladybug_controller.rb
class LadybugController < ApplicationController
  before_action :authenticate_user!

  def token
    require 'openssl'
    require 'base64'
    require 'json'

    secret = ENV['WIDGET_SESSION_SECRET']
    now    = Time.now.to_i
    payload = {
      sub:   current_user.id.to_s,
      email: current_user.email,
      name:  current_user.name,
      iat:   now,
      exp:   now + 900
    }.to_json

    body = Base64.urlsafe_encode64(payload, padding: false)
    sig  = Base64.urlsafe_encode64(
      OpenSSL::HMAC.digest('sha256', secret, body),
      padding: false
    )

    render json: { token: "#{body}.#{sig}" }
  end
end

With getUserToken (dynamic refresh)

The widget calls this function each time it needs to authenticate, so tokens are always fresh:

new LadybugWidget({
  embedKey: 'emb_xxx',
  getUserToken: async () => {
    const res = await fetch('/api/ladybug-token');
    if (!res.ok) return null;
    const { token } = await res.json();
    return token;
  },
});

API reference

signLadybugIdentity(options)

| Option | Type | Default | Description | |---|---|---|---| | secret | string | required | WIDGET_SESSION_SECRET from your Ladybug instance | | user.id | string | required | Unique user identifier | | user.email | string | — | User email | | user.name | string | — | Display name | | user.role | string | — | User role | | user.metadata | Record<string, unknown> | — | Any extra data | | embedKey | string | — | Scope token to a specific embed installation | | expiresInSeconds | number | 900 (15 min) | Token TTL |

Returns a string — a base64url-encoded signed token.

signLadybugIdentityPayload(payload, secret)

Low-level function if you need to construct the payload yourself.

import { signLadybugIdentityPayload } from '@disruptica/ladybug-identity';

const token = signLadybugIdentityPayload(
  { sub: 'user_123', exp: Math.floor(Date.now() / 1000) + 900 },
  process.env.WIDGET_SESSION_SECRET,
);

License

MIT