npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kiroo/sdk

v0.1.2

Published

Production API traffic capture for Kiroo with Time-Travel Replay support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

yash-pouranikyash-pouranik

Keywords

apidebuggingcapturereplayexpressmiddlewaresupabase

Readme

@kiroo/sdk

Capture production API traffic with replay IDs, privacy-first sanitization, and Kiroo CLI time-travel debugging.

@kiroo/sdk is Express middleware that records request/response interactions, uploads them in batches to Supabase Storage, and attaches an X-Kiroo-Replay-ID header on every response.

Why teams use it

  • Time-travel debugging: Reproduce production failures locally with kiroo fetch + kiroo replay.
  • Low request overhead: Capture happens on response finish with buffered async uploads.
  • Privacy-first defaults: Sensitive keys are recursively masked before leaving your server.
  • Operationally friendly: Batched writes + graceful flush on process shutdown.

Installation

npm install @kiroo/sdk

Quick start (Express)

const express = require('express');
const { capture } = require('@kiroo/sdk');

const app = express();
app.use(express.json());

app.use(capture({
  supabaseUrl: process.env.SUPABASE_URL,
  supabaseKey: process.env.SUPABASE_KEY,
  bucket: process.env.SUPABASE_BUCKET || 'kiroo-captures',
  sampleRate: 0.2,
  scrub: true,
  flushIntervalMs: 30000
}));

app.get('/api/fail', (_req, res) => {
  res.status(500).json({
    error: 'Downstream timeout',
    replayId: res.get('X-Kiroo-Replay-ID')
  });
});

Capture behavior

  • Every response gets a unique replay ID header: X-Kiroo-Replay-ID.
  • Error responses (>=400) are always captured, even when sampling is low.
  • Successful responses are captured according to sampleRate.
  • Captures are uploaded to Supabase bucket files partitioned by date (YYYY-MM-DD.json).

API reference

capture(options)

Returns Express middleware.

Options:

| Option | Type | Default | Description | |---|---|---|---| | supabaseUrl | string | process.env.SUPABASE_URL | Supabase project URL | | supabaseKey | string | process.env.SUPABASE_KEY | Supabase key used for storage operations | | bucket | string | "kiroo-captures" | Storage bucket name | | sampleRate | number | 1.0 | Fraction of successful responses to capture (0..1) | | scrub | boolean | true | Mask sensitive values before buffering/upload | | flushIntervalMs | number | 30000 | Batch upload interval |

Security model

Before upload, the SDK redacts keys containing:

  • password, token, authorization, secret
  • apikey, api_key
  • credit_card, cvv
  • cookie, set-cookie

Output placeholder: <REDACTED>

Time-travel workflow with Kiroo CLI

After you get a replay ID from an error response:

kiroo fetch <replay-id>
kiroo replay <replay-id> --target http://localhost:3000

This reproduces the same captured request against your local service for debugging with breakpoints.

Production notes

  • Keep sampleRate conservative in high-traffic environments (for example, 0.05 to 0.2).
  • Keep scrub: true unless you have strict internal-only handling.
  • Ensure the configured bucket has required read/write permissions.
  • On process shutdown, SDK flushes buffered captures before exiting.

Troubleshooting

  • No captures uploaded: verify SUPABASE_URL, SUPABASE_KEY, and bucket existence.
  • kiroo fetch cannot find replay ID: check date partition and that app had upload permissions.
  • Too many uploads: increase flushIntervalMs and/or lower sampleRate.
  • Missing request body: ensure body parser middleware runs before routes (express.json()).

Built with ❤️ by Kiroo