npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mrbd/auth

v0.4.0

Published

Client helpers for adding MRBD-hosted auth to Meta Ray-Ban Display web apps.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mattmichelmattmichel

Keywords

mrbdmeta-ray-ban-displayauthwearablesglasses

Readme

@mrbd/auth

Client helpers for adding MRBD-hosted auth to Meta Ray-Ban Display web apps.

This package is the public SDK only. It talks to MRBD-owned auth services over HTTPS plus SSE or WebSocket. It does not contain Supabase credentials, admin logic, token minting, OTP verification internals, or private infrastructure code.

Install

npm install @mrbd/auth

Usage

import { createMrbdAuth } from "@mrbd/auth";

const auth = createMrbdAuth({
  appId: "com.example.my-app",
});

const request = await auth.startSignIn({
  onEvent: (event) => {
    if (event.type === "email_submitted") {
      void auth.sendOtp(event.email);
    }
  },
});

console.log(`Go to ${request.verificationUrl} and enter ${request.userCode}`);

After the email has been submitted on the phone or computer, send the OTP from the glasses browser:

const session = await auth.verifyOtp("123456");

The resulting session belongs to the glasses browser. The phone or computer is only used as a keyboard proxy for email entry.

Direct email sign-in (web and phone)

On a surface that has its own keyboard (a phone web app or desktop companion), skip device pairing and run a straight email-OTP flow:

await auth.sendEmailOtp("[email protected]");
// collect the 6-digit code the user received by email
const session = await auth.verifyEmailOtp("123456");

The session is bound to the same appId and the same MRBD user as the glasses, so signing in on the phone shares one identity (and one set of managed data) with the glasses app.

Convenience flow

Apps that want to orchestrate the default flow can use signInWithCode():

const session = await auth.signInWithCode({
  onRequest: (request) => {
    showCodeOnGlasses(request.verificationUrl, request.userCode);
  },
  getOtp: async () => {
    return showOtpNumpadOnGlasses();
  },
});

React

@mrbd/auth/react ships drop-in components for React apps (React 18+ peer dependency). Wrap your app in MrbdAuthProvider and gate protected UI with MrbdAuthGate:

import { MrbdAuthProvider, MrbdAuthGate, useMrbdAuth } from "@mrbd/auth/react";

function App() {
  return (
    <MrbdAuthProvider appId="com.example.my-app">
      <MrbdAuthGate>
        <SignedInApp />
      </MrbdAuthGate>
    </MrbdAuthProvider>
  );
}

function SignedInApp() {
  const { session, signOut } = useMrbdAuth();
  return <button onClick={() => void signOut()}>Sign out {session?.userId}</button>;
}

MrbdAuthGate renders the built-in MrbdSignInScreen when signed out. That screen shows the verification URL and code, then collects the email OTP with the 600x600, D-pad-navigable MrbdOtpNumpad. On keyboard surfaces (web/phone), pass MrbdEmailSignInScreen as the gate's fallback to collect the email and code directly. All of these (MrbdSignInScreen, MrbdEmailSignInScreen, MrbdOtpNumpad, MrbdAuthGate) can also be used directly, and useMrbdAuth() exposes the underlying client for custom flows.

Sessions

By default, sessions are stored in localStorage under an app-specific key. Pass storage: null to disable persistence or provide a custom storage object for tests.

const session = await auth.getSession();
const refreshed = await auth.refreshSession();
await auth.signOut();

Security model

  • The glasses app never talks directly to Supabase.
  • The visible pairing code is not treated as the only secret.
  • The SDK generates a high-entropy device secret and sends a SHA-256 challenge to the backend.
  • Sensitive session credentials are fetched over HTTPS, not delivered over realtime events.
  • The private MRBD auth backend owns pairing, rate limits, app registration, Supabase OTP, token exchange, and audit logging.