npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kherel/app-bridge

v0.1.0

Published

SDK for Tribe Mini Apps — postMessage bridge between the iframe SPA and the Tribe host shell.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dan99dmdan99dmtribeorgtribeorg

Keywords

tribemini-appssdkiframepostmessagebridge

Readme

@tribe/app-bridge

SDK for Tribe Mini Apps — the postMessage bridge between a mini-app iframe and the Tribe host shell.

npm install @tribe/app-bridge

Quick start

import { bridge } from '@tribe/app-bridge';

// Handshake with Tribe host — resolves once the host is ready to
// receive further messages.
await bridge.send('TribeAppInit');

// Who's using the mini app (no server round-trip — data comes from
// the signed launch params).
const me = await bridge.send('TribeAppGetUserInfo');
console.log(`Hi, ${me.firstName}!`);

// Grab the raw signed launch params. Mini-app backends use this to
// verify identity (the signature is HMAC-SHA256 over a canonical
// query string keyed on the app's own secret).
const { rawQuery } = await bridge.send('TribeAppGetLaunchParams');

// Call your OWN backend directly — not through Tribe. Pass the
// signed params as a header; your backend verifies the signature
// and extracts `tribe_user_id`.
const res = await fetch('https://my-mini-app.example.com/contacts', {
  headers: { 'X-Tribe-Signed-Params': rawQuery },
});

Methods

| Method | Description | |---|---| | TribeAppInit | Handshake with the Tribe host. Call this first. | | TribeAppClose | Close the mini app, return to Tribe. | | TribeAppGetLaunchParams | Raw signed launch-params query string. | | TribeAppGetUserInfo | Current Tribe user (from signed launch params). | | TribeAppRequestScopes | Prompt the user for scope consent (VK-style modal). | | TribeAppOpenProfile | Navigate to a Tribe user profile. | | TribeAppOpenDirectMessage | Open Tribe's DM drawer with a user / prefilled text. | | TribeAppOpenLink | Open an external https URL in a new tab. | | TribeAppShowAlert | Native alert modal rendered by the host. | | TribeAppShowConfirm | Native confirm modal rendered by the host. | | TribeAppResize | Adjust iframe height. |

Authentication model

Mini apps bring their own backend. Tribe signs launch params with a per-app HMAC secret (stored in Tribe's mini_apps.secret_key); the mini-app backend holds the same secret and verifies the signature on every request. Tribe's API gateway is not in the data path between the mini-app frontend and its backend.

License

UNLICENSED — internal to Tribe until further notice.