npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@qrvey/app-state

v1.0.1-888

Published

![install size](https://packagephobia.now.sh/badge?p=%40qrvey%2Fapp-state) ![coverage](https://img.shields.io/badge/unit_test_coverage-100%25-brightgreen)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

amit.bhatnagaramit.bhatnagarricardo.madridricardo.madridjmsosajmsosaemirpoloemirpolosandresbc86sandresbc86juandavidleg1juandavidleg1hugo.tilanohugo.tilanomario.vascomario.vascojose.gonzalez.qrveyjose.gonzalez.qrveyrafamedranorafamedranoqrvey-jespinelqrvey-jespineldaniel.henriquezdaniel.henriquezeveracostaqrveyeveracostaqrveyandresbetinqrveyandresbetinqrveyneox10neox10

Keywords

httpfetchnodeqrvey

Readme

@qrvey/app-state

install size coverage

@qrvey/app-state is a utility library for checking the current state of a Qrvey application. It determines whether an application is locked (i.e., fully installed and ready) based on the caller's identity and the application's lifecycle state.

Installation

npm install @qrvey/app-state

API Documentation

isLocked(params, identity)

Checks whether an application is locked based on the provided identity or its state.

  • Parameters
    • params (object) – The parameters for checking the application lock status.
      • params.appId (string) – The ID of the application to check.
      • params.userId (string) – The ID of the user requesting the application lock status.
    • identity (Identity) – A token string or an IdentityAsObject.
  • Returns Promise<boolean> – Resolves to true when any of the following conditions are met:
    • The identity's token_client is SYSTEM_SERVICE.
    • The application's state is FINISHED.

Types

AppState (enum)

| Value | Description | | ------------ | ---------------------------------------- | | INSTALLING | The application is being installed. | | UPDATING | The application is being updated. | | FINISHED | The application is fully installed. |

AppStateResponse

| Property | Type | Default | Description | | -------- | ---------- | -------------------- | ----------------------------------- | | state | AppState | FINISHED | The current state of the application. |

TokenClient (enum)

| Value | Description | | ---------------- | ------------------------------------ | | SYSTEM_SERVICE | A system-level service token. | | USER | A regular user token. |

Identity

A union type that accepts either:

  • A string (raw token) – decoded internally via the Token Service.
  • An IdentityAsObject – an object with a token_client property (defaults to USER) and any additional properties.

Middleware

The package provides framework-specific middleware that checks if an application is locked before processing a request. When locked, the middleware short-circuits with a 423 response.

appStateMiddleware.express.isAppLocked

Express middleware. Expects req.user.id, req.params.appId (or appid), and optionally req.headers.authorization.

import { appStateMiddleware } from '@qrvey/app-state';

router.use('/apps/:appId/*', appStateMiddleware.express.isAppLocked);

appStateMiddleware.fastify.isAppLocked

Fastify pre-handler hook with the same behavior.

import { appStateMiddleware } from '@qrvey/app-state';

fastify.addHook('preHandler', appStateMiddleware.fastify.isAppLocked);

Middleware behavior

Request
  │
  ├─ No identity & no Authorization header → 423 (deny by default)
  │
  ├─ Identity is an API key (no `exp` claim)
  │    └─ Tags identity with `qv_token_client: SYSTEM_SERVICE`
  │
  ├─ ApplicationValidator.isLocked() → true  → 423
  │
  └─ ApplicationValidator.isLocked() → false → next() / done()

| Condition | Response | | -------------------------------------- | -------- | | App is locked | 423 | | No identity and no auth header | 423 | | App is not locked | next() | | Caller is SYSTEM_SERVICE | next() |

Errors

  • Express: forwards errors to next(err) for the framework error handler.
  • Fastify: forwards errors to done(err), wrapping non-Error values.

Example Usage

import { isLocked } from '@qrvey/app-state';

// Using a raw token string
const locked = await isLocked({ appId: 'app-123', userId: 'user-456' }, 'my-jwt-token');
console.log(locked); // true or false

const locked = await isLocked({ appId: 'app-123', userId: 'user-456' }, {
    token_client: 'USER',
});
console.log(locked); // true when app state is FINISHED