npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@flametrench/nextjs

v0.0.1

Published

Next.js 15 App Router adapter for Flametrench: cookie-backed session helpers, auth route handlers, server-component utilities.

Downloads

126

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nathancallnathancall

Keywords

flametrenchnextjsnextapp-routersessionauth

Readme

@flametrench/nextjs

Next.js 15 App Router adapter for Flametrench. Wires @flametrench/identity into Next's cookie-based session model with a thin, opinionated surface: server-component session helpers, password sign-in, session rotation, and route-handler factories for the /api/auth/* family.

Status: v0.0.1 — early alongside the other @flametrench/* packages.

Install

pnpm add @flametrench/nextjs @flametrench/identity
# next and react are peer deps you already have

Setup

Create one shared instance bound to your identity store and Next's cookies() accessor. Keep it module-level so the same store is used across server components and route handlers.

// app/_lib/flametrench.ts
import { cookies } from "next/headers";
import { InMemoryIdentityStore } from "@flametrench/identity";
import { createFlametrenchNext } from "@flametrench/nextjs";

// In production, swap this for a real backend (Postgres adapter coming soon).
const identityStore = new InMemoryIdentityStore();

export const flametrench = createFlametrenchNext({
  identityStore,
  cookies,
});

Server-component usage

// app/page.tsx
import { flametrench } from "./_lib/flametrench";

export default async function Page() {
  const session = await flametrench.getSession();
  return session
    ? <p>Welcome back, {session.usrId}.</p>
    : <a href="/sign-in">Sign in</a>;
}

For pages that require auth, use requireSession() — it throws UnauthenticatedError, which you can catch with a Next error boundary or wrap to redirect:

// app/dashboard/page.tsx
import { redirect } from "next/navigation";
import { flametrench } from "../_lib/flametrench";
import { UnauthenticatedError } from "@flametrench/nextjs";

export default async function Page() {
  try {
    const session = await flametrench.requireSession();
    return <Dashboard usrId={session.usrId} />;
  } catch (e) {
    if (e instanceof UnauthenticatedError) redirect("/sign-in");
    throw e;
  }
}

Route handlers

The package ships a factory that returns ready-made handlers for the common /api/auth/* routes. Each helper is a discrete export so you wire only the routes you need:

// app/api/auth/sign-in/route.ts
import { flametrench } from "@/app/_lib/flametrench";
import { makeAuthRouteHandlers } from "@flametrench/nextjs";
export const { POST } = makeAuthRouteHandlers(flametrench).signIn();

// app/api/auth/sign-out/route.ts
import { flametrench } from "@/app/_lib/flametrench";
import { makeAuthRouteHandlers } from "@flametrench/nextjs";
export const { POST } = makeAuthRouteHandlers(flametrench).signOut();

// app/api/auth/me/route.ts
import { flametrench } from "@/app/_lib/flametrench";
import { makeAuthRouteHandlers } from "@flametrench/nextjs";
export const { GET } = makeAuthRouteHandlers(flametrench).me();

// app/api/auth/refresh/route.ts
import { flametrench } from "@/app/_lib/flametrench";
import { makeAuthRouteHandlers } from "@flametrench/nextjs";
export const { POST } = makeAuthRouteHandlers(flametrench).refresh();

All five handlers (signIn, signOut, me, refresh, plus a lower-level createSession for cases where you've already verified credentials elsewhere — e.g. passkey assertion) follow Next's named-method-export convention exactly.

Cookie defaults

| Field | Default | Override via | |---|---|---| | Cookie name | flametrench_session | cookieOptions.name | | HttpOnly | always | (not configurable) | | Secure | true when NODE_ENV === "production" | cookieOptions.secure | | SameSite | lax | cookieOptions.sameSite | | Path | / | cookieOptions.path | | Default TTL | 7 days | cookieOptions.defaultTtlSeconds |

The cookie value is the opaque bearer token issued by @flametrench/identity, not the session id — same separation the spec mandates (docs/identity.md §"Session ID versus session token"). Verifying the token uses the identity store's verifySessionToken, which checks expiry, revocation, and the SHA-256 token hash.

What this adapter is NOT

  • It's not an auth UI. Sign-in / sign-out forms are application code; this package gives you the verbs (signInWithPassword, signOut, etc.) and the route handlers that back them.
  • It's not multi-tenant aware. Tenancy + authz wiring stays at the application level for v0.0.1 — getSession() returns the bare session, and the caller queries @flametrench/tenancy and @flametrench/authz for org context and permission checks. A future getSessionWithContext() may bundle that.
  • It's not a JWT issuer. The bearer token is opaque; verification is server-side via the identity store. If you want stateless JWT-style sessions, swap in a different IdentityStore implementation that mints JWTs internally — the adapter is store-agnostic.

License

Apache License 2.0. Copyright 2026 NDC Digital, LLC.