npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@proc/context-auth

v0.2.0

Published

Authentication and authorization module for @proc/context

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

thechriswalkerthechriswalker

Keywords

Readme

Authentication/Authorization module adapter for @proc/context

The Authn module provides a framework for authentication and authorization within your application.

It provides a middleware for attaching authn information to HTTP requests, or (de)serializing that information. It also provides a basis for authorization which includes decision making and reporting of decisions (audit).

Teminology:

There's a bunch of domain specific terms here and I may or may not be using standardised wording, so I'll define some things.

  • authn: Authentication, proving you are who you say you are
  • authz: Authorization, deciding what you can and cannot do
  • entity: A person, system or thing that can act within the application. The authn specifies and identifies the authenticated entity.
  • subject: this is the authenticated entity, i.e. the entity that the authn object is referencing. In an authorization decision like "Can X do Y with Z" the subject is X.
  • owner: this is the entity which owns this authentication. This is not often different to the subject, however sometimes we create delegated authentication object. That is a privileged entity may be allowed to act as a different entity, for example a admin user logged into a regular user's account. We distinguish this case from the direct authn as sometimes it is useful to be able to discern the difference, even if the decisions are based solely on the subject and scopes.
  • scopes: which are simply string values that identify the capabilities this authn has been granted. They will be application specific and carry little meaning externally. They are used to determine the outcome of authorization decisions.

There are 3 types of Authn Entity defined:

  • User this represents a human user, has an identifier to represent the stored ID for the user.
  • System this represents a non-human user, i.e. system to system communication, scheduled tasks.
  • Anonymous this represents a non-authenticated state. It is useful to have this seperately for a number of reasons, foremost it means you can make your authn object non-null (simplifying code) and also anonymous access is often allowed in many systems and defining it up front makes it easier to reason about. This also represents a failed Authn, which is often best handled the same as none, but we still want to know if there was no authn attempt versus an invalid authentication attempt.