npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lastshotlabs/slingshot-admin

v0.0.2

Published

Admin plugin for Slingshot

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jdd-lsljdd-lsl

Keywords

Readme

title: Human Guide description: Human-maintained guidance for @lastshotlabs/slingshot-admin

Human-owned documentation. This package should stay small and explicit about what it delegates.

Purpose

@lastshotlabs/slingshot-admin provides the admin HTTP surface for Slingshot. It is the package that turns admin access checks, managed-user operations, permissions state, and optional mail rendering into mounted routes.

The package does not own user storage, session storage, grant persistence, or identity policy. It depends on providers for all of that and should remain a thin route-and-guard assembly layer.

Design Constraints

  • createAdminPlugin() must remain provider-driven. It should not quietly reach into unrelated packages to discover auth or permissions implementations.
  • The root-level createSlingshotAdminPlugin() is the place where Slingshot-specific convenience wiring happens. That wrapper intentionally defers route registration to setupPost so it can read permissions from shared plugin state after other plugins have published it.
  • Admin route protection should stay centralized at the mount path. Today the package uses a single guard across admin, permissions, and mail routes so sub-routers cannot drift into inconsistent auth behavior.

Wiring providers

The admin plugin is a thin wrapper that coordinates provider objects you supply. Build the providers in app.config.ts and pass them to createAdminPlugin():

// @skip-typecheck
import { defineApp } from '@lastshotlabs/slingshot';
import { createAdminPlugin } from '@lastshotlabs/slingshot-admin';
import {
  createMemoryAuditLog,
  createSlingshotAuthAccessProvider,
  createSlingshotAuthManagedUserProvider,
} from '@lastshotlabs/slingshot-admin/providers';
import { createAuthPlugin } from '@lastshotlabs/slingshot-auth';
import { createPermissionsPlugin } from '@lastshotlabs/slingshot-permissions';

export default defineApp({
  plugins: [
    createAuthPlugin({
      auth: { roles: ['user', 'super-admin'], defaultRole: 'user' },
      db: { auth: 'memory', sessions: 'memory', oauthState: 'memory' },
    }),
    createPermissionsPlugin(),
    createAdminPlugin({
      accessProvider: createSlingshotAuthAccessProvider(),
      managedUserProvider: createSlingshotAuthManagedUserProvider(),
      auditLog: createMemoryAuditLog(),
      // permissions can be omitted — the plugin will read it from
      // slingshot-permissions plugin state at runtime.
    }),
  ],
});

accessProvider only grants admin access to users with the super-admin role. auditLog is an in-memory development implementation — entries are lost on process restart.

Operational Notes

  • If admin boots without permissions, check whether you are using createAdminPlugin() directly or the Slingshot root wrapper. Direct usage requires an explicit permissions object.
  • If the Slingshot root wrapper throws about missing PERMISSIONS_STATE_KEY, another plugin was expected to publish permissions state and did not. That is a wiring problem, not an admin-router problem.
  • mailRenderer is optional. When it is absent, mail preview routes should not be mounted.
  • Mail routes require read permission on admin:mail. The mount-path auth guard alone is not sufficient for template enumeration or preview.

Gotchas

  • The admin package exports ./testing helpers because the route layer is easiest to test with in-memory access and managed-user providers.
  • This package can look "too small" on first read. That is intentional. If business logic starts piling up here, it probably belongs in the backing providers or in a different package.
  • mountPath must start with /; trailing slashes are trimmed before routes are mounted.
  • Mount path defaults to /admin, but the mounted permissions sub-router lives under ${mountPath}/permissions, so proxy and routing assumptions should be documented carefully in consumer apps.

Key Files

  • src/plugin.ts
  • src/routes/admin.ts
  • src/routes/permissions.ts
  • src/testing.ts