npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@fullstacktechnyc/passwordless-gateway

v1.3.0

Published

Passwordless forward-auth gateway for Caddy / nginx / Traefik. Protect any self-hosted service with passkeys + magic links — zero per-service code.

Readme

@fullstacktechnyc/passwordless-gateway

Passwordless forward-auth for self-hosted services. Runs as a plain Node service; put it behind Caddy / nginx / Traefik and every protected site requires a passkey or magic link — with zero code in the services themselves. A simpler, passwordless-first alternative to Authelia / Authentik.

Sovereign end to end: node:sqlite (or Postgres/D1) for storage, WebCrypto for auth, jose for the forwarded identity token. No external database, no hosted auth provider.

How it works

              ┌─ authenticated ─→ 200 + Remote-User / Remote-Email / X-Auth-Token
Browser → Caddy ─forward_auth→ gateway /verify
              └─ not ──────────→ 302 → auth.lab.example.com login → back to where you were

The session cookie is scoped to the parent domain (.lab.example.com), so grafana.lab.example.com's forward-auth subrequest carries the cookie set when you signed in at auth.lab.example.com. One sign-in, every service.

Run it

import { createGateway, defaultLoginScript, serve } from "@fullstacktechnyc/passwordless-gateway";
import { createSqlStorage, sqliteDriver } from "@fullstacktechnyc/passwordless-storage-sql";
import { resendEmail } from "@fullstacktechnyc/passwordless-email";
import { DatabaseSync } from "node:sqlite";

const storage = createSqlStorage(sqliteDriver(new DatabaseSync("./gateway.db")));
await storage.migrate();

const gateway = createGateway({
  storage,
  email: resendEmail({ apiKey: process.env.RESEND_API_KEY, from: "[email protected]" }),
  secret: process.env.AUTH_SECRET,
  rpID: "lab.example.com",
  rpName: "Homelab",
  origin: "https://auth.lab.example.com",
  cookieDomain: ".lab.example.com",           // shared across protected subdomains
  allowedEmails: ["@lab.example.com"],          // who may pass
  magicLink: { from: "[email protected]" },
  jwt: { ttlSeconds: 300 },                     // signed identity for backends
  loginScript: defaultLoginScript,
});

serve(gateway, { port: 9099, host: "0.0.0.0" });

Caddy

auth.lab.example.com { reverse_proxy localhost:9099 }

(passwordless) {
  forward_auth localhost:9099 {
    uri /verify
    copy_headers Remote-User Remote-Email Remote-Name X-Auth-Token
  }
}

grafana.lab.example.com {
  import passwordless
  reverse_proxy localhost:3000
}

See examples/homelab-gateway for a complete, runnable setup.