npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kpstreams/server

v0.1.0

Published

KPS server: accepts WebRTC and QUIC clients under one pinned identity.

Readme

@kpstreams/server

The accepting end of KPS (Key-Pinned Streams) for Node. Accepts both WebRTC and QUIC clients on a single public UDP port under one pinned self-signed identity, and hands you a transport-neutral @kpstreams/core Connection for either.

Requires Node ≥ 20 (global WebCrypto). Has native dependencies (node-datachannel for WebRTC, @infisical/quic for QUIC) — both ship prebuilt binaries.

Install

npm install @kpstreams/server

Usage

import { listen } from '@kpstreams/server'

const ln = await listen({ port: 41108 })   // creates ./kps-cert.pem on first run
console.log('dial me at', ln.address('203.0.113.5'))
// -> 203.0.113.5:41108:uEiD...  (same address for WebRTC and QUIC)

for (;;) {
  const conn = await ln.accept()            // a connected peer (either transport)
  ;(async () => {
    const stream = await conn.acceptStream()
    await stream.readable.pipeTo(stream.writable)   // echo
  })()
}

ListenOptions:

| field | default | meaning | |---|---|---| | port | — | public UDP port | | address | '0.0.0.0' | public bind (dual-stack wildcard) | | certPath / keyPath | kps-cert.pem / kps-key.pem | persisted identity (created on first run; keep stable to keep the certhash stable) |

The server always accepts both WebRTC and QUIC on the one public port under the single advertised address; a client picks its transport.

Listener: address(ip), accept({ signal? }), close(), plus certhash / port.

How the single port works

node-datachannel and @infisical/quic each own their UDP socket and (unlike pion / quic-go) can't be handed an external one, so they can't natively share a port. This package fronts them with a small userspace demux relay: one public socket classifies each client's first packet (STUN → WebRTC, else → QUIC) and forwards it — via a per-client loopback NAT socket — to the matching backend on a private loopback port, NAT-ing responses back out the single public port. Clients only ever talk to the public address, so ICE and QUIC are unaffected.

Caveats

  • QUIC datagrams are sent/received through @infisical/quic's native quiche connection (its high-level API doesn't expose datagrams yet) — best-effort, and coupled to library internals.
  • The relay keeps one socket per active client (idle-GC'd) — may limit scale.
  • loadOrCreateIdentity() is exported if you want to manage the cert yourself.

License

MIT