npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@inai-dev/backend

v1.8.0

Published

Server-side InAI Auth client

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

inaidevinaidev

Keywords

inaiauthbackendservermulti-tenantapi-client

Readme

@inai-dev/backend

Server-side client for the InAI Auth API. Use this package to interact with the auth API from any Node.js or edge runtime.

Installation

npm install @inai-dev/backend

Quick Start

import { InAIAuthClient } from "@inai-dev/backend";

const client = new InAIAuthClient({
  publishableKey: "pk_live_...",
});

// Login a user
const result = await client.login({ email: "[email protected]", password: "..." });

// Get current user
const { data: user } = await client.getMe(result.access_token);

App User Auth (v1)

Methods for authenticating end-users of your application.

// Login
const result = await client.login({ email, password });
// result: { access_token, refresh_token, expires_in } or { mfa_required, mfa_token }

// Register
const result = await client.register({ email, password, firstName, lastName });

// MFA Challenge
const tokens = await client.mfaChallenge({ mfa_token, code });

// Refresh tokens
const tokens = await client.refresh(refreshToken);

// Logout
await client.logout(refreshToken);

// Get current user
const { data: user } = await client.getMe(accessToken);

// Set active organization
const tokens = await client.setActiveOrganization(accessToken, orgId);

// Forgot password
await client.forgotPassword(email);

// Reset password
await client.resetPassword(token, newPassword);

// Verify email
await client.verifyEmail(token);

Platform Auth

Methods for authenticating platform administrators.

const result = await client.platformLogin({ email, password });
const tokens = await client.platformRefresh(refreshToken);
await client.platformLogout(refreshToken);
const tokens = await client.platformMfaChallenge({ mfa_token, code });
const { data: user } = await client.platformGetMe(accessToken);

Platform Management

Methods for managing applications, users, and API keys (requires platform access token).

// Applications
const { data: apps } = await client.listApplications(accessToken);
const { data: app } = await client.createApplication(accessToken, { name, slug });
const { data: app } = await client.getApplication(accessToken, appId);
const { data: app } = await client.updateApplication(accessToken, appId, { name });
const { data: stats } = await client.getApplicationStats(accessToken, appId);

// App Users
const { data, total, page, limit } = await client.listAppUsers(accessToken, appId, { environmentId, page, limit });
const { data: user } = await client.createAppUser(accessToken, appId, { email, password, environmentId });

// API Keys
const { data: keys } = await client.listAppApiKeys(accessToken, appId, environmentId);
const { data: key } = await client.createAppApiKey(accessToken, appId, name, environmentId);
await client.revokeAppApiKey(accessToken, appId, keyId);

// Rotate publishable keys
const { publishableKey } = await client.rotateAppKeys(accessToken, appId, environmentId);

API Reference

| Method | Description | |---|---| | login(params) | App user login | | register(params) | App user registration | | mfaChallenge(params) | MFA code verification | | refresh(refreshToken) | Refresh access token | | logout(refreshToken) | Revoke refresh token | | getMe(accessToken) | Get current app user | | setActiveOrganization(accessToken, orgId) | Switch active org | | forgotPassword(email) | Send password reset email | | resetPassword(token, password) | Reset password with token | | verifyEmail(token) | Verify email address | | platformLogin(params) | Platform admin login | | platformRefresh(refreshToken) | Platform token refresh | | platformLogout(refreshToken) | Platform logout | | platformMfaChallenge(params) | Platform MFA verification | | platformGetMe(accessToken) | Get current platform user | | listApplications(accessToken) | List all applications | | createApplication(accessToken, data) | Create application | | getApplication(accessToken, appId) | Get application details | | updateApplication(accessToken, appId, data) | Update application | | getApplicationStats(accessToken, appId) | Get application stats | | listAppUsers(accessToken, appId, params?) | List app users | | createAppUser(accessToken, appId, data) | Create app user | | listAppApiKeys(accessToken, appId, envId?) | List API keys | | createAppApiKey(accessToken, appId, name, envId) | Create API key | | revokeAppApiKey(accessToken, appId, keyId) | Revoke API key | | rotateAppKeys(accessToken, appId, envId) | Rotate publishable keys |

Token Verification (ES256)

Token verification is now async and uses ES256 cryptographic verification via JWKS:

import { buildAuthObjectFromToken } from "@inai-dev/backend";
import { JWKSClient } from "@inai-dev/shared";

const jwks = new JWKSClient("https://apiauth.inai.dev/.well-known/jwks.json");
const auth = await buildAuthObjectFromToken(token, jwks);
// auth: AuthObject | null

All tokens are cryptographically verified using ES256 (ECDSA P-256). Public keys are fetched from the JWKS endpoint and cached for 5 minutes. On signature failure, the client automatically retries with fresh keys to handle key rotation.

Error Handling

import { InAIAuthError } from "@inai-dev/shared";

try {
  await client.login({ email, password });
} catch (err) {
  if (err instanceof InAIAuthError) {
    console.error(err.status, err.message, err.body);
  }
}

Questions & Support

Visit https://inai.dev for documentation, guides, and support.

License

MIT