npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@geometra/token-registry

v0.1.1

Published

Token registry and verification service for @geometra/auth

Downloads

2,787

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

razroorazroo

Keywords

geometraauthtokenregistryjwtrbac

Readme

@geometra/token-registry

Token registry and verification service for @geometra/auth.

Creates, stores, and verifies tokens with role-based access control. Serves as the backend for @geometra/auth's remoteVerifier().

Geometra · geometra-auth · Platform auth doc — how this fits the DOM-free stack (WS auth at upgrade, no coupling in @geometra/core).

Install

npm install @geometra/token-registry

Quick Start

import { createRegistry, serveRegistry } from '@geometra/token-registry'

// Start the registry HTTP server
const { registry } = await serveRegistry({
  port: 3200,
  adminKey: process.env.ADMIN_KEY,
  jwtSecret: process.env.JWT_SECRET, // optional: enables JWT tokens
})

// Create tokens via the registry API
const admin = await registry.createToken({ role: 'admin', expiresIn: '7d' })
const viewer = await registry.createToken({ role: 'viewer' })

Then on the Geometra server, point remoteVerifier() at the registry:

import { createServer } from '@geometra/server'
import { createAuth, remoteVerifier } from '@geometra/auth'

const auth = createAuth({
  verify: remoteVerifier('http://localhost:3200/verify'),
  policies: {
    viewer: { allow: ['resize'] },
  },
})

await createServer(view, { port: 3100, ...auth })

Three-process local smoke test

  1. RegistryserveRegistry({ port: 3200, adminKey, jwtSecret? })
  2. Geometra servercreateServer + createAuth + remoteVerifier('http://localhost:3200/verify')
  3. Browser clientconnectWithAuth from @geometra/auth/client with a token from POST /admin/tokens

Use Geometra PLATFORM_AUTH.md for close codes, forbidden handling, and token refresh.

API

createRegistry(options?)

Creates a registry instance for programmatic use.

const registry = createRegistry({
  store: memoryStore(),             // default; implement TokenStore for Redis/Postgres
  jwtSecret: 'your-secret',        // optional: sign tokens as JWTs
  jwtIssuer: '@geometra/token-registry', // optional: JWT issuer claim
})

| Method | Description | |---|---| | registry.createToken({ role, claims?, expiresIn? }) | Create and store a new token | | registry.verify(token) | Returns { role, claims } or null | | registry.revoke(id) | Revoke a token by ID | | registry.list() | List all active (non-revoked, non-expired) tokens |

serveRegistry(options?)

Starts an HTTP server with verification and admin endpoints.

const { registry, server, close } = await serveRegistry({
  port: 3200,
  adminKey: 'secret',   // protects /admin/* endpoints
  jwtSecret: 'secret',  // optional
})

HTTP Endpoints

| Method | Path | Auth | Description | |---|---|---|---| | POST | /verify | Bearer token | Verify a token (for remoteVerifier()) | | POST | /admin/tokens | Admin key | Create a token ({ role, claims?, expiresIn? }) | | GET | /admin/tokens | Admin key | List active tokens | | POST | /admin/revoke | Admin key | Revoke a token ({ id }) | | GET | /health | None | Health check |

Token Modes

Opaque tokens (default): Random base64url strings stored and looked up in the store.

JWT tokens (when jwtSecret is set): Signed JWTs that can be verified without a store lookup. Revocation still checks the store.

Custom Stores

Implement the TokenStore interface for any backend:

import type { TokenStore } from '@geometra/token-registry'

function redisStore(client: RedisClient): TokenStore {
  return {
    async put(record) { /* ... */ },
    async getByToken(token) { /* ... */ },
    async getById(id) { /* ... */ },
    async revoke(id) { /* ... */ },
    async list() { /* ... */ },
    async clear() { /* ... */ },
  }
}

Development

bun install
bun run check    # type check
bun test         # run tests
bun run build    # compile to dist/

License

MIT