npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@invisra/rendezvous-cli

v0.1.2

Published

CLI client for pinging a Rendezvous protected endpoint: fetch the current message or publish a new one.

Readme

@invisra/rendezvous-cli

A command-line client for a Rendezvous protected endpoint: generates the current HOTP/TOTP codes and either fetches the message or publishes a new one. Built on @invisra/rendezvous-core; works against any Rendezvous-compatible server, including apps/fastapi (the Python reference app), since both implement the same HOTP/TOTP scheme.

Install

Within this monorepo:

npm install
npm run build --workspace=@invisra/rendezvous-core
npm run build --workspace=@invisra/rendezvous-cli
node apps/cli/dist/index.js get

Once published, install it globally:

npm install -g @invisra/rendezvous-cli
rendezvous get

Configuration

Reads BASE_URL, HOTP_SECRET, TOTP1_SECRET, and TOTP2_SECRET from the environment by default; each has a matching flag (--base-url, --hotp-secret, --totp1-secret, --totp2-secret) that overrides it.

Usage

Fetch the current message:

rendezvous get

Publish a new message:

rendezvous post "already-encrypted-message"

# from a file
rendezvous post --file message.txt

# from stdin
echo "already-encrypted-message" | rendezvous post

Optional: end-to-end encryption

If the deployment owner has configured a /key endpoint (see apps/web or apps/fastapi), you can encrypt client-side instead of sending plaintext:

# Fetch and cache the server's public key (default: ~/.rendezvous/key.pub)
rendezvous key install

# Encrypt to the installed key before posting
rendezvous post --encrypt "the actual secret"

Decrypting requires the deployment owner's private key — only they have it, which is the point:

rendezvous get --decrypt --private-key "AGE-SECRET-KEY-1..."
# or: MESSAGE_PRIVATE_KEY=AGE-SECRET-KEY-1... rendezvous get --decrypt

This is a one-way dead-drop, not mutual encryption: anyone who ran key install can encrypt a message, but only the private-key holder can read anything, including messages they encrypted themselves.

Threads (multi-user admin/reply model)

The commands above talk to a single shared secret for the whole deployment. If the server also supports the thread model (see "Threads" in apps/web or apps/fastapi), each admin↔user conversation gets its own independently derived secrets — nobody, including the server operator, needs to share a single long-lived secret across every conversation.

As the admin

# One-time setup: generates your identity keypairs and a local, password-encrypted
# SQLite database (~/.rendezvous/admin.db by default). Prints the values to deploy
# on the server (MESSAGE_PUBLIC_KEY, ADMIN_API_KEY) and the value to hand out to
# thread users (ADMIN_THREAD_PUBLIC_KEY).
rendezvous admin init --base-url https://your-deployment.example --password "correct horse battery staple"

# Create a thread once a user has sent you their THREAD_PUBLIC_KEY and
# MESSAGE_PUBLIC_KEY (from `rendezvous identity create`, below). Prints a join
# code — send that to the user over whatever channel you already trust.
#
# Use --flag=value (not --flag value) for the key options: these are
# base64url-encoded and can legitimately start with "-", which a
# space-separated value would get misparsed as another flag.
rendezvous admin thread create \
  --user-thread-key="<their-thread-public-key>" \
  --user-message-key="<their-message-public-key>" \
  --description "Jane, re: the Q3 filing" \
  --password "correct horse battery staple"

rendezvous admin thread list --password "correct horse battery staple"
rendezvous admin messages <threadId> --password "correct horse battery staple"
rendezvous admin reply <threadId> "got it, thanks" --password "correct horse battery staple"

# Revoke a thread — e.g. the user's device was lost or compromised. This
# permanently deletes the thread and its messages server-side, so its codes
# stop working immediately; idempotent, and marks the thread revoked in
# your local record (rendezvous admin thread list will show it) rather
# than deleting that local record.
rendezvous admin thread revoke <threadId> --password "correct horse battery staple"

# If your API key leaks, rotate it: this updates the local database only —
# you still have to redeploy the server with the printed value yourself.
# The old key keeps working until you do.
rendezvous admin rotate-key --password "correct horse battery staple"

Back up your admin database. ~/.rendezvous/admin.db holds your only copies of your message and thread private keys — lose it and you permanently lose the ability to decrypt past thread messages or reply on existing threads. Back it up regularly:

rendezvous admin export --password "correct horse battery staple" --output admin-backup.json
# ...disk failure, wiped laptop, etc...
rendezvous admin import admin-backup.json --db ~/.rendezvous/admin.db

The export is JSON but still password-encrypted — treat the file exactly as carefully as admin.db itself. import refuses to overwrite an existing file. Both admin.db and its exports are cross-language compatible: a database (or backup) created here can be opened by apps/cli-py (the Python client) with the same password, and vice versa.

--password can also be set via RENDEZVOUS_ADMIN_PASSWORD to keep it off the command line/shell history. Private keys and the database password never leave ~/.rendezvous/admin.db; only MESSAGE_PUBLIC_KEY and ADMIN_API_KEY need to be deployed to the server.

As a thread user

# One-time setup: generates your identity keypairs, saved to
# ~/.rendezvous/config.json by default. Prints the two public keys to send
# to whoever will create a thread with you.
rendezvous identity create

# Once the admin sends you a join code:
rendezvous identity join <the-join-code>

rendezvous identity threads

# Talk on the thread:
rendezvous post --thread <threadId> --encrypt "the actual message"
rendezvous get --thread <threadId> --decrypt

--encrypt/--decrypt on --thread commands use the keys exchanged via the join code (the admin's message key to encrypt posts, your own message key to decrypt replies) — no separate key install step needed for threads.

Development

npm run build --workspace=@invisra/rendezvous-core
npm run typecheck --workspace=@invisra/rendezvous-cli
npm run test --workspace=@invisra/rendezvous-cli

One-hour invitation codes

Set RENDEZVOUS_BASE_URL=https://invisra.ai/rendezvous for short-code joins.

rendezvous admin invite create --password "..."
rendezvous identity join ABCD-EFGH
rendezvous admin invite approve ABCD-EFGH --password "..." --description "..."
rendezvous identity join ABCD-EFGH --claim-token "<token printed by the claim>"

Codes use an unambiguous eight-character alphabet, expire after one hour, and can be claimed once. The claim token is independent high-entropy proof needed to finish. Existing encoded join codes remain supported.