npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@navirondynamics/accord

v1.3.0

Published

A policy-first identity and access engine for modular systems.

Downloads

46

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bawasen-altbawasen-alt

Keywords

authorizationaccess-controlrbacabacpolicy

Readme

Accord

Accord is a policy-first identity and access platform for Node.js.

It treats access not as scattered application logic, but as a formal agreement between identities, systems, and resources - evaluated through declarative, versioned policies.

New in v1.3: Policy Simulation, Version Control, Rollback, Impact Analysis, and Visual Graph APIs.

Table of Contents

🚀 Why Accord?

v1.1 was a library. v1.2 was a platform. v1.3 is a control plane.

Modern authorization is fragmented:

  • Authentication in one service
  • Roles in another
  • Access logic scattered across microservices

Accord centralizes authorization into a single governance layer, acting as the System of Record for access control across your platform.

"ACCORD v1.3 transforms authorization from static rules into a visible, testable, and version-controlled system."

Key Features

  • 🚀 Platform Mode – Standalone HTTP server for centralized decision making.
  • 🗄️ Database-First – Pluggable storage adapters (Postgres, File) with JSONB optimization.
  • 🤝 JIT Provisioning – Automatic identity creation on first login.
  • 📊 Explainability – Full decision traces (latency, matched policies) for debugging.
  • 🔍 Observability – Built-in audit logging (console, file, & webhooks).
  • 📝 Policy as Code – JSON and YAML configuration support.
  • 🛡️ Reliability – Zod-based schema validation.
  • 🧩 Framework Adapters – Express, NestJS, and Fastify integrations.
  • 🧪 Simulation Engine – Dry-run policies without touching production.

📦 Installation

npm install @navirondynamics/accord

🛠️ Quick Start (Server Mode)

The fastest way to experience v1.3 is running Accord as a standalone service.

1. Configure Environment

Create a .env file:

DATABASE_URL=postgres://user:password@localhost:5432/accord
PORT=8080
JIT_ENABLED=true
WEBHOOK_URL=https://hooks.your-siem.com/webhook

2. Run the Server

npx @navirondynamics/accord serve --adapter postgres

3. Create a Policy

curl -X POST http://localhost:8080/api/v1/policies \
  -H "Content-Type: application/json" \
  -d '{
    "id": "policy-view-all",
    "version": "1.0",
    "effect": "allow",
    "subject": { "type": "user" },
    "action": ["view"],
    "resource": { "type": "document" }
  }'

4. Check Access

curl -X POST http://localhost:8080/api/v1/check \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "alice",
    "action": "view",
    "resource": { "type": "document" }
  }'

Result: Alice is automatically created (JIT) and allowed.

🧩 Usage (Library Mode)

You can also embed Accord directly into your Node.js applications.

const { Accord, PostgresStoreAdapter } = require('@navirondynamics/accord');

// 1. Initialize Storage
const adapter = new PostgresStoreAdapter({
  connectionString: process.env.DATABASE_URL,
});

// 2. Initialize Accord (Use static create for async safety)
const accord = await Accord.create({
  adapter,
  jit: { enabled: true, defaultStatus: 'active' },
});

// 3. Check Access
const decision = await accord.check('alice', 'view', { type: 'document' });

if (decision.decision === 'allow') {
  console.log(`Allowed by ${decision.policy_id}`);
  console.log(`Latency: ${decision.trace.latencyMs}ms`);
}

🌟 v1.3 New Features

Policy Simulation (Dry Run)

Test policies without touching production data.

const mockIdentity = {
  id: 'test',
  type: 'user',
  status: 'active',
  attributes: { role: 'admin' },
};
const result = await accord.simulate(mockIdentity, 'delete', {
  type: 'booking',
});

Policy Rollback

Revert a broken policy instantly via CLI.

accord policy rollback billing-access --to 1.2

Visual Graph API

Fetch the permission graph for visualization.

curl http://localhost:8080/api/v1/policies/graph

🛡️ Framework Integration

NestJS

import { AccordGuard } from '@navirondynamics/accord/adapters/nest';

@Controller('bookings')
export class BookingController {
  @UseGuards(
    new AccordGuard({
      accordInstance: accord, // Use your Accord instance
      action: 'delete',
      resourceType: 'booking',
    })
  )
  @Delete(':id')
  deleteBooking(@Param('id') id: string) {
    // Only authorized users reach here
  }
}

Express

const { protect } = require('@navirondynamics/accord/adapters/express');

app.delete(
  '/bookings/:id',
  protect({
    accordInstance: accord,
    action: 'delete',
    resourceType: 'booking',
  }),
  (req, res) => {
    res.send('Deleted');
  }
);

🔧 CLI Tool

Validate policies, manage versions, or run the server directly from your terminal.

# Run the Platform Server
npx @navirondynamics/accord serve --adapter postgres --port 8080

# Validate a local policy file
npx @navirondynamics/accord validate ./config/policies.yaml

# Dry-run a check (File mode)
npx @navirondynamics/accord eval -i user_123 -a delete -r booking

# v1.3: Rollback a policy
npx @navirondynamics/accord policy rollback <policy-id> --to <version>

📚 Documentation

  • Getting Started – Installation and core concepts
  • Platform vs Library – Choosing the right deployment mode
  • Observability – Interpreting Decision Traces
  • JIT Provisioning – Configuring identity mapping
  • Adapters – Setting up Postgres or File storage
  • API Reference – Management API documentation

📜 License

ISC