npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@glrs-dev/assume

v0.6.5

Published

Unified SSO credential manager for AWS, GCP, and more — npm distribution of the glrs-assume Rust binary.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

iceglobericeglober

Keywords

ssoawsgcpcredentialsassumeglrs

Readme

@glrs-dev/assume

Authenticate once, work all day. Multi-cloud credential manager with per-shell context switching.

MIT License npm version

Getting Started

Install

npm i -g @glrs-dev/assume

The prebuilt binary for your platform is auto-selected via npm's optionalDependencies. No postinstall scripts.

Two equivalent bins ship with the package: gs-assume and gsa (shorter alias). Pick one; they're identical.

[!NOTE] Crates.io publishing (cargo install glrs-assume) is planned but not yet enabled. For now, npm i -g @glrs-dev/assume is the only install path.

First-time setup

gsa login aws       # Opens browser for AWS Identity Center
gsa profiles        # List all available account/role pairs
gsa use dev         # Switch context by fuzzy match

The Daily Loop

Login once, switch instantly, credentials follow you.

gsa login aws                    # authenticate (once per session)
gsa use dev                      # switch context in this shell
gsa use prod                     # different context in another shell
aws s3 ls                        # just works — credentials served locally
gsa console                      # open AWS console in browser

Commands

| Command | What happens | |:--|:--| | gsa login <provider> | Interactive auth — opens browser, polls for completion | | gsa use <pattern> | Fuzzy-match context switch, per-shell. TUI picker if no pattern. | | gsa profiles | List all contexts with active marker and danger tags | | gsa status | Auth status, token expiry, active context, daemon health | | gsa sync | Re-fetch contexts from provider APIs | | gsa exec -- <cmd> | Run a command with injected credentials | | gsa console | Open provider's web console for active context | | gsa credential-process | AWS credential_process JSON output for SDK integration | | gsa config show | View current configuration | | gsa config set <key> <val> | Set a config value (dot notation) | | gsa shell-init <shell> | Print shell integration script (bash, zsh, fish) | | gsa serve --install | Install to PATH + launch agent (daemon starts on login) | | gsa serve --uninstall | Remove binary, symlink, and launch agent | | gsa upgrade | Self-update to latest release | | gsa logout [provider] | Clear stored credentials |

Agent & MCP Integration

Permission-gated credential access for AI agents (Claude Code, etc.).

| Command | What happens | |:--|:--| | gsa agent allow | TUI multi-select to toggle which contexts agents can access | | gsa agent allow --list | Show currently approved contexts | | gsa agent allow --clear | Revoke all agent access | | gsa agent exec -- <cmd> | Run a command with auto-refreshing credentials (permission-gated) | | gsa agent mcp | Start MCP server for AI agent integration |

Default deny — no context is agent-accessible unless explicitly approved via gsa agent allow.

MCP server

Register in your Claude Code settings:

{
  "mcpServers": {
    "gsa": { "command": "gsa", "args": ["agent", "mcp"] }
  }
}

Tools provided:

  • run_with_credentials — run a shell command with auto-refreshing AWS credentials
  • list_contexts — list contexts approved for agent access

Wrapping other MCP servers

Any MCP server that needs AWS credentials can be wrapped with gsa agent exec:

{
  "mcpServers": {
    "aws-tools": { "command": "gsa", "args": ["agent", "exec", "--", "npx", "@aws/mcp-server"] }
  }
}

The wrapped server inherits AWS_CONTAINER_CREDENTIALS_FULL_URI pointing at the daemon, so credentials auto-refresh indefinitely.

Shell Integration

serve --install adds this to your shell rc automatically:

eval "$(gsa shell-init zsh)"

This gives you:

  • gsa wrappergsa use sets context as an env var in the current shell
  • Prompt segment — shows [aws:account/role] in green (or red for dangerous contexts)
  • Per-shell isolation — each terminal can have a different active context
  • Zero prompt delay — reads an env var, no subprocess

Configuration

Config file: ~/.config/gs-assume/config.toml (macOS: ~/Library/Application Support/gs-assume/config.toml)

[providers.aws]
start_url = "https://myorg.awsapps.com/start"
region = "us-east-1"

[[providers.aws.profiles]]
account_id = "111111111111"
role_name = "AdministratorAccess"
alias = "prod/admin"
tags = ["production", "dangerous"]
color = "red"
confirm = true

Team config (gs-assume.team.toml in repo root) merges with user config — user wins on conflicts.

Security

  • Credentials encrypted at rest with AES-256-GCM (not plaintext like AWS CLI, granted, or Leapp)
  • Encryption key stored at vault.key with 0600 permissions
  • Credential daemon serves tokens over localhost only
  • All token files are 0600
  • Agent access gated by agent-allowed.json allowlist (default deny)
  • All credential operations audit-logged to ~/.config/gs-assume/audit.log

Architecture

src/
├── main.rs                 # CLI entry (clap)
├── cli/
│   ├── agent.rs            # Agent access: allow, exec, mcp dispatch
│   ├── mcp.rs              # MCP JSON-RPC 2.0 server over stdio
│   ├── login.rs            # Interactive auth + first-time setup
│   ├── use_cmd.rs          # Fuzzy context switch, per-shell env vars
│   ├── status.rs           # Auth status + prompt segment
│   ├── profiles.rs         # Context listing with danger tags
│   ├── sync.rs             # Re-fetch contexts from APIs
│   ├── exec.rs             # Run command with injected creds
│   ├── serve.rs            # Daemon + install/uninstall
│   ├── console.rs          # Open web console
│   ├── config_cmd.rs       # Config get/set/show
│   ├── shell_init.rs       # Shell integration output
│   ├── credential_process.rs # AWS credential_process
│   ├── logout.rs           # Clear credentials
│   └── upgrade.rs          # Self-update
├── core/
│   ├── config.rs           # TOML config + team config merging
│   ├── keychain.rs         # AES-256-GCM encrypted storage
│   ├── cache.rs            # Context + active context + agent-allowed cache
│   ├── daemon.rs           # Daemon lifecycle, refresh loop, launchd
│   ├── fuzzy.rs            # nucleo fuzzy matching
│   ├── rpc.rs              # Unix socket RPC
│   ├── audit.rs            # Event logging
│   ├── notify.rs           # Desktop notifications
│   └── update_check.rs     # Version check + auto-upgrade
├── plugin/
│   ├── mod.rs              # Provider trait + data types
│   └── registry.rs         # Plugin registry + validation
├── providers/
│   ├── aws/                # AWS Identity Center (SSO OIDC + STS)
│   └── gcp/                # Google Cloud (stub)
├── tui/
│   └── picker.rs           # Interactive context picker + multi-select
└── shell/
    ├── prompt.rs           # ANSI prompt formatting
    └── completions.rs      # Shell completions