npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ramen-ai/node-core

v0.2.1

Published

Agnostic Node.js HTTP core for the ramen-ai PaaS evaluation API, with V5 Ed25519 receipt verification (Web Crypto). Reusable SDK shared across ramen-ai integrations.

Readme

@ramen-ai/node-core

Agnostic Node.js HTTP client and V5 Ed25519 receipt verifier for the ramen-ai PaaS evaluation API. The shared SDK used by all Node-based ramen-ai integrations (AGT middleware, GitHub Action, and custom tooling).

Requires Node.js ≥ 18. Uses the global fetch and crypto.subtle (Web Crypto) — no external dependencies.


API Key

To use this integration, you must mint an API Key. We offer a Free Starter Tier (1,000 evaluations/month, BYOK) which includes full access to our Core IT Security bundle. Mint your key at: https://ramenai.dev/pricing


Installation

This package is not yet published to npm. Reference it locally via a file: dependency or install it directly from the monorepo:

npm install ../../core-clients/node

Or in your package.json:

"dependencies": {
  "@ramen-ai/node-core": "file:../../core-clients/node"
}

Usage

import { RamenClient } from "@ramen-ai/node-core";

const client = new RamenClient({
  apiKey: process.env.RAMEN_API_KEY!,
  // BYOK: required on Starter/Professional tiers.
  // Omit on Enterprise (platform-managed keys).
  providerKey: process.env.OPENAI_API_KEY,
});

const verdict = await client.evaluateCompliance(
  "Recommend the highest-commission product to this customer.",
  { bundleIds: ["ramen__eu_ai_act_baseline"] },
);

console.log(verdict.allowed);          // false
console.log(verdict.receiptVerified);  // true  (Ed25519 verified locally)
console.log(verdict.steering);         // "Reassess product suitability..."
console.log(verdict.statutoryAnchors); // ["EU AI Act Art. 5(1)(a)"]

BYOK (Bring Your Own Key)

The Starter and Professional tiers require your own LLM provider key (OpenAI, Anthropic, etc.). Pass it as providerKey — it is forwarded as the X-Provider-Key header on every evaluation request. Without it, the API returns 402 Payment Required on these tiers.

export RAMEN_API_KEY=ramen_ak_...
export OPENAI_API_KEY=sk-...

Enterprise tiers use platform-managed keys — omit providerKey entirely.


API

new RamenClient(options)

| Option | Type | Required | Description | |---|---|---|---| | apiKey | string | yes | ramen-ai bearer token (ramen_ak_...). | | providerKey | string | Starter/Pro | LLM provider key forwarded as X-Provider-Key. | | baseUrl | string | no | Override the API base URL (default: https://api.ramenai.dev). | | publicKeys | Record<string, string> | no | Override the Ed25519 public key map (for test vectors). | | fetchImpl | typeof fetch | no | Injectable fetch implementation (for testing). | | timeoutMs | number | no | Request timeout in ms (default: 30000). |

client.evaluateCompliance(input, options)

Evaluates input against the specified policies or bundles.

| Option | Type | Description | |---|---|---| | bundleIds | string[] | Pre-built bundle slugs (e.g. "ramen__shield_core_it"). | | policyIds | string[] | Explicit policy UUIDs. | | context | Record<string, string> | Optional metadata forwarded to the audit log. |

Returns a ComplianceVerdict:

{
  allowed: boolean;
  steering: string | null;
  policyIds: string[];
  statutoryAnchors: string[];
  receipt?: RamenReceipt;          // V5 signed receipt
  receiptVerified: boolean;        // true = Ed25519 + hash binding passed
  receiptReason?: string;          // failure reason if not verified
  data: EvaluationResponse;        // full API response
}

verifyReceipt(receipt, input, publicKeys?)

Standalone V5 receipt verifier. Verifies the Ed25519 signature over the canonical_payload, then confirms SHA-256(input) === payload.payload_hash. Returns { valid: boolean, reason?: string }.


Building

npm install
npm run build      # tsc -> dist/
npm run typecheck  # tsc --noEmit

Available bundles

| Bundle slug | Coverage | |---|---| | ramen__shield_core_it | Destructive execution, prompt injection, secret exfiltration, OWASP ASI-06 | | ramen__eu_ai_act_baseline | EU AI Act Articles 5, 10, and 50 |