npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mindstone/mcp-server-microsoft-shared

v0.1.0

Published

Shared Microsoft Graph client, token persistence, logging, and types for @mindstone/mcp-server-microsoft-* connectors

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mindstone-engineeringmindstone-engineering

Keywords

Readme

@mindstone/mcp-server-microsoft-shared

Shared Microsoft Graph client, token persistence, structured logger, timezone mapping, and types used by the @mindstone/mcp-server-microsoft-* connector family (Mail, Calendar, Files, Teams, SharePoint).

This package exposes no MCP tools and ships no bin. It is consumed only by its sibling Microsoft connector packages as a pinned dependencies entry.

Installation

npm install @mindstone/[email protected]

Exports

  • TokenProvider — per-account token persistence (atomic write, cross-process refresh-race protection, host-injected refresh-disable gate).
  • MicrosoftRefreshDisabledError — thrown by TokenProvider.getAccessToken when the access token is expired and the host has set MICROSOFT_DISABLE_REFRESH=1.
  • createGraphClient, createGraphClientWithRetry, listMicrosoftAccounts, getTokenProvider, checkGraphConnection — Microsoft Graph client factory.
  • createLogger — structured stderr logger.
  • windowsToIanaTimezone — Windows timezone name → IANA identifier mapping.
  • Types and helpers from ./types.js: MicrosoftAccount, AccountsConfig, ToolResult, successResult, errorResult, formatGraphError, formatAuthRequiredError, detectAuthRequiredReason, hasScope, SHAREPOINT_REQUIRED_SCOPE, and Graph response shapes for email, calendar, drive, chats, mail folders, calendars, and SharePoint resources.

Configuration

TokenProvider is constructed with a config directory and OAuth client ID. Token storage layout (host-owned, consumed by every Microsoft connector):

<configDir>/
  accounts.json
  credentials/
    <sanitised-email>.token.json

Filenames sanitise email addresses via email.replace(/[^a-zA-Z0-9]/g, '-') (unchanged from the bundled predecessor).

Host-injected environment variables interpreted by this library:

| Variable | Effect | | --- | --- | | MICROSOFT_DISABLE_REFRESH | When set to "1", TokenProvider.getAccessToken throws MicrosoftRefreshDisabledError rather than calling Microsoft's token endpoint. The host owns refresh-token rotation in this mode. |

MICROSOFT_DISABLE_REFRESH is intentionally not a user-facing setup variable.

Security notes

  • Token and account writes use temp-file plus rename, restrictive permissions (0o600 files, 0o700 directories), fsync, symlink rejection, and a stale temp-file sweep on initialisation.
  • Token refresh can be disabled by the host so a single authority owns refresh-token rotation; in that mode the connector throws a structured MicrosoftRefreshDisabledError which callers translate into the host-neutral auth_required envelope.

Attribution

This package is a strict 1:1 OSS port of an in-process Microsoft Graph helper library, with cohort hygiene fixes (atomic credential writes, host-injected refresh-disable gate, internal-reference scrub).