npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@prash0029/webhook-interceptor

v0.1.0

Published

Self-hosted webhook inspector and forwarding proxy: a hop between sender and target that captures every request/response to Postgres and optionally forwards to a configured URL.

Readme

@prash0029/webhook-interceptor

Self-hosted webhook inspector and forwarding proxy. A hop you place between a webhook sender (A) and its real target (B): it captures every request and the response, and can optionally forward the request to B and relay B's response back to A.

  • Create a unique capture URL per service.
  • Point sender A at that URL.
  • Toggle forward per service:
    • on -> the full request is proxied to the target B; B's response (status, headers, body) is relayed back to A. If B is unreachable or times out, A gets 502.
    • off -> A gets a default 200.
  • Every request and response is stored in Postgres for inspection.
  • Minimal dashboard to create services, toggle forwarding, and browse captures.

Distributed as an npm package with a CLI; run it on your server (e.g. under supervisord) against a Postgres database.

Data model

  • services - one row per capture endpoint (public_id, optional name, forward_enabled, forward_url).
  • requests - every received request + the response returned, foreign-keyed to its service (service_id), indexed by (service_id, received_at desc).

Install

npm install @prash0029/webhook-interceptor

Configure

Set environment variables (see .env.example):

| Var | Required | Default | Meaning | | --- | --- | --- | --- | | DATABASE_URL | yes | - | Postgres connection string | | PORT | no | 3000 | listen port | | PUBLIC_BASE_URL | no | http://localhost:<port> | external URL shown for capture endpoints | | FORWARD_TIMEOUT_MS | no | 10000 | forward target timeout before 502 | | BODY_LIMIT_BYTES | no | 5242880 | max captured body size | | ADMIN_TOKEN | no | (unset) | when set, dashboard + read API require this token |

Run

# 1. create the schema (idempotent)
npx webhook-interceptor migrate

# 2. start the server
npx webhook-interceptor start

Dashboard: PUBLIC_BASE_URL/ . Capture endpoint for a service: PUBLIC_BASE_URL/hook/<public_id>.

Under supervisord

[program:webhook-interceptor]
command=npx webhook-interceptor start
directory=/srv/webhook-interceptor
environment=DATABASE_URL="postgres://...",PUBLIC_BASE_URL="https://hooks.example.com",ADMIN_TOKEN="..."
autostart=true
autorestart=true

Map your external URL (hooks.example.com) to this process via your reverse proxy.

Security

  • Capture URLs (/hook/...) are public by design - external senders must reach them with no auth.
  • The dashboard exposes every captured payload, which routinely includes signing signatures, API keys, tokens, and personal data. Set ADMIN_TOKEN to require a token on the dashboard and read API. Without it, anyone who can reach the server reads all captured secrets.
  • Bodies are stored in plaintext. Consider retention limits and redaction before capturing production traffic. Do not capture regulated personal data without the appropriate controls.

Programmatic use

import { createPool, migrate, createServer, loadConfig } from "@prash0029/webhook-interceptor";

const config = loadConfig();
const pool = createPool(config.databaseUrl);
await migrate(pool);
createServer(pool, config).listen(config.port);

Develop

npm install
npm run typecheck
npm test
npm run build

Limitations

  • Bodies captured/stored as UTF-8 text; binary payloads are stored lossily.
  • content-encoding is stripped when relaying (fetch decodes the body), so the relayed body is decompressed.
  • Single process, single Postgres; no built-in retention/cleanup job yet.
  • Redirects from the forward target are not followed (redirect: "manual").

License

MIT