npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@podosoft/podokit-auth

v0.2.0

Published

PodoKit's DB-backed auth configuration pipeline: envelope-encrypted secrets, the AuthConfig model, and a config store on top of better-auth.

Readme

@podosoft/podokit-auth

PodoKit's DB-backed auth configuration pipeline — the layer that sits on top of better-auth so OAuth providers, SMTP, and server-enforced toggles can be managed at runtime (from an admin Settings page) instead of being frozen in environment variables at boot.

It is deliberately free of better-auth and NestJS/TypeORM imports (only node:crypto and a pg peer), so it can be loaded outside dependency injection and by the @better-auth/cli during migrations.

What's inside

  • Envelope-encrypted secretsencryptSecret / decryptSecret store OAuth client secrets and the SMTP password with AES-256-GCM. The key is derived from BETTER_AUTH_SECRET via HKDF-SHA256 and never lives in the database it protects, so a DB leak alone can't decrypt them.
  • The AuthConfig model — the shape of the runtime config (social providers, SMTP, and server toggles including provider-independent sign-up approval), plus envAuthConfig() (the env-only fallback), the supported-provider allowlist, and socialKey helpers.
  • A config storecreateConfigStore(pool) loads the current config from the auth_config table (with per-field env fallback) and decrypts secrets on read.

Install

npm install @podosoft/podokit-auth

pg is a peer dependency (your app already provides it).

Usage

import { createConfigStore, envAuthConfig } from "@podosoft/podokit-auth";

const store = createConfigStore(pool);      // reads auth_config, env fallback
const config = await store.load();          // AuthConfig (secrets decrypted)
const smtp = await store.smtpConfig();      // resolved SMTP transport config, or null

Generated by @podosoft/podokit; most apps consume it through the auth module rather than importing it directly.

License

Apache-2.0