npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gati-framework/production-hardening

v1.0.2

Published

Production hardening utilities for Gati - secret management, config validation, auto-scaling

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

krishna.paulkrishna.paul

Keywords

gatiproductionhardeningsecuritysecretsvalidationscaling

Readme

@gati-framework/production-hardening

Production hardening utilities for Gati framework - secret management, config validation, auto-scaling, and zero-downtime deployments.

Features

  • Secret Management - Encrypted secret storage with rotation
  • Config Validation - Schema-based configuration validation
  • Auto-scaling - Intelligent scaling policies and HPA generation
  • Zero-downtime Deployment - Rolling updates and health checks
  • Production Readiness Checks - Comprehensive pre-deployment validation

Installation

pnpm add @gati-framework/production-hardening

Quick Start

import { ProductionHardeningSuite } from '@gati-framework/production-hardening';

const hardening = new ProductionHardeningSuite(process.env.ENCRYPTION_KEY);

// Check production readiness
const readiness = await hardening.checkProductionReadiness(deploymentConfig);

if (!readiness.ready) {
  console.error('Production readiness check failed:');
  readiness.checks.forEach(check => {
    if (!check.passed) {
      console.error(`- ${check.category}:`, check.details);
    }
  });
  process.exit(1);
}

Secret Management

Encrypt and Store Secrets

const { secrets } = hardening;

// Generate a secure secret
const apiKey = secrets.generateSecret(32);

// Store encrypted secret
secrets.storeSecret({
  name: 'api-key',
  value: apiKey,
  rotationDays: 90,
}, '/path/to/secrets/api-key.json');

// Load and decrypt
const secret = secrets.loadSecret('/path/to/secrets/api-key.json');
console.log('Decrypted value:', secret.value);

// Check if rotation needed
if (secrets.needsRotation(secret)) {
  const newKey = secrets.generateSecret(32);
  secrets.storeSecret({
    ...secret,
    value: newKey,
    lastRotated: new Date(),
  }, '/path/to/secrets/api-key.json');
}

Validate Secret Strength

import { SecretValidator } from '@gati-framework/production-hardening';

const strength = SecretValidator.checkStrength('myPassword123!');

if (!strength.strong) {
  console.warn('Weak secret detected:');
  strength.feedback.forEach(msg => console.warn(`- ${msg}`));
}

console.log('Strength score:', strength.score);

Validate Required Secrets

SecretValidator.validateRequired([
  'DATABASE_URL',
  'API_KEY',
  'JWT_SECRET',
]);

Configuration Validation

Validate Deployment Config

const { validator } = hardening;

const config = {
  appName: 'my-app',
  environment: 'production',
  region: 'us-east-1',
  cloudProvider: 'aws',
  kubernetes: {
    clusterName: 'prod-cluster',
    namespace: 'default',
    version: '1.28',
  },
  resources: {
    replicas: 3,
    cpu: { request: '500m', limit: '1000m' },
    memory: { request: '512Mi', limit: '1Gi' },
  },
  autoscaling: {
    enabled: true,
    minReplicas: 2,
    maxReplicas: 10,
    targetCPU: 70,
  },
  networking: {
    port: 3000,
    protocol: 'HTTPS',
    ingress: {
      enabled: true,
      host: 'api.example.com',
      tls: true,
    },
  },
};

const result = validator.validateDeploymentConfig(config);

if (!result.valid) {
  console.error('Configuration errors:', result.errors);
} else {
  console.log('Configuration is valid');
}

Pre-deployment Checks

const preCheck = await validator.preDeploymentCheck(validatedConfig);

console.log('Pre-deployment check:', preCheck.passed ? 'PASSED' : 'FAILED');

preCheck.checks.forEach(check => {
  console.log(`${check.passed ? '✓' : '✗'} ${check.name}`);
  if (!check.passed && check.message) {
    console.log(`  ${check.message}`);
  }
});

Auto-scaling

Get Recommended Policy

const { scaling } = hardening;

// Get policy for your workload type
const policy = scaling.getRecommendedPolicy('api');

console.log('Recommended policy:', policy);
// {
//   metric: 'requests',
//   targetValue: 1000,
//   minReplicas: 3,
//   maxReplicas: 20,
//   scaleUpCooldown: 30,
//   scaleDownCooldown: 180
// }

Generate HPA Manifest

const hpaManifest = scaling.generateHPAManifest(
  'my-app',
  'production',
  policy
);

console.log(hpaManifest);
// Output: Kubernetes HPA YAML

Get Scaling Recommendations

const recommendations = scaling.getScalingRecommendations({
  cpuUsage: 85,
  memoryUsage: 70,
  requestRate: 1500,
  currentReplicas: 3,
});

console.log('Recommendations:', recommendations.recommendations);
if (recommendations.suggestedPolicy) {
  console.log('Suggested policy:', recommendations.suggestedPolicy);
}

Zero-downtime Deployment

Rolling Update Configuration

const { deployment } = hardening;

// Get recommended config for environment
const rollingConfig = deployment.getRecommendedRollingConfig('production');

// Generate deployment manifest
const manifest = deployment.generateRollingUpdateManifest(
  'my-app',
  'production',
  rollingConfig
);

Health Checks

const healthChecks = deployment.getRecommendedHealthChecks();

const probes = deployment.generateHealthProbes(
  healthChecks.liveness,
  healthChecks.readiness
);

console.log(probes);

Run Smoke Tests

const smokeTests = [
  {
    name: 'Health check',
    endpoint: '/health',
    expectedStatus: 200,
  },
  {
    name: 'API version',
    endpoint: '/api/version',
    expectedStatus: 200,
    expectedBody: /"version":/,
  },
];

const results = await deployment.runSmokeTests(
  'https://my-app.example.com',
  smokeTests
);

if (!results.passed) {
  console.error('Smoke tests failed:');
  results.results.forEach(r => {
    if (!r.passed) {
      console.error(`- ${r.test}: ${r.error}`);
    }
  });
}

Verify Deployment Health

const health = await deployment.verifyDeploymentHealth(
  'https://my-app.example.com/health',
  60000 // 60 second timeout
);

if (!health.healthy) {
  console.error('Deployment is unhealthy:', health.message);
  
  // Rollback
  const rollbackCmd = deployment.generateRollbackCommand('my-app', 'production');
  console.log('Rollback command:', rollbackCmd);
}

Best Practices

1. Always Validate Before Deployment

const readiness = await hardening.checkProductionReadiness(config);
if (!readiness.ready) {
  throw new Error('Production readiness check failed');
}

2. Use Secret Rotation

// Check and rotate secrets regularly
const secret = secrets.loadSecret('path/to/secret.json');
if (secrets.needsRotation(secret)) {
  // Rotate the secret
  const newValue = secrets.generateSecret();
  // ... update in cloud provider
}

3. Monitor Scaling Metrics

// Get recommendations based on current metrics
const recommendations = scaling.getScalingRecommendations(currentMetrics);
// Apply recommendations

4. Run Smoke Tests After Deployment

const smokeTestResults = await deployment.runSmokeTests(endpoint, tests);
if (!smokeTestResults.passed) {
  // Rollback deployment
  await rollback();
}

Environment Variables

  • ENCRYPTION_KEY - Key for encrypting secrets (required)
  • GATI_SECRET_KEY - Alternative secret key name

API Reference

See TypeScript definitions for complete API documentation.

License

MIT © Krishna Paul