npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@rmdes/indiekit-endpoint-comments

v1.0.16

Published

Comment endpoint for Indiekit. Allows visitors to authenticate via IndieAuth/RelMeAuth and post comments on blog posts.

Downloads

115

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

rmdesrmdes

Keywords

indiekitindiekit-pluginindiewebcommentsindieauth

Readme

@rmdes/indiekit-endpoint-comments

Comment endpoint for Indiekit. Allows visitors to authenticate via IndieAuth and post comments on blog posts. Site owners can reply to comments from the admin session.

Features

  • IndieAuth authentication — visitors sign in with their personal URL via IndieAuth/PKCE
  • Comment submission — authenticated visitors can post comments on any page
  • Owner replies — site owner can reply to native comments from the admin session
  • Rate limiting — per-user rate limits (configurable per hour/per day)
  • Content sanitization — HTML sanitization with configurable max length
  • Admin moderation — hide (soft delete), restore, and purge comments
  • JF2 API — comments served in JF2 feed format for frontend consumption

Installation

npm install @rmdes/indiekit-endpoint-comments
// indiekit.config.js
import CommentsEndpoint from "@rmdes/indiekit-endpoint-comments";

export default {
  plugins: [
    new CommentsEndpoint({
      mountPath: "/comments",
      maxLength: 2000,
      rateLimit: { perHour: 5, perDay: 20 },
    }),
  ],
};

API

Public Routes (no authentication required)

| Method | Path | Description | |--------|------|-------------| | GET | /comments/api/comments?target={url} | Get comments for a target URL (JF2 feed) | | GET | /comments/api/session | Check current IndieAuth session | | GET | /comments/api/is-owner | Check if visitor is the site owner (admin session) | | POST | /comments/api/submit | Submit a comment (requires IndieAuth session) | | POST | /comments/api/reply | Submit an owner reply to a comment (requires admin session) | | POST | /comments/api/auth | Start IndieAuth flow | | GET | /comments/auth/callback | IndieAuth callback handler |

Admin Routes (require Indiekit authentication)

| Method | Path | Description | |--------|------|-------------| | GET | /comments | Admin dashboard with stats and moderation | | POST | /comments/hide | Soft-delete a comment | | POST | /comments/purge | Permanently delete a comment |

Owner Reply (POST /comments/api/reply)

Allows the site owner to reply to native comments. Requires an active Indiekit admin session (not an IndieAuth comment session).

Request:

{
  "parent_id": "comment-id-123",
  "content": "Thanks for the comment!",
  "target": "https://example.com/posts/hello/"
}

Response:

{
  "success": true,
  "comment": {
    "type": "entry",
    "author": {
      "name": "Site Owner",
      "url": "https://example.com",
      "photo": "https://..."
    },
    "content": {
      "text": "Thanks for the comment!",
      "html": "<p>Thanks for the comment!</p>"
    },
    "published": "2026-03-15T12:00:00.000Z"
  }
}

Owner Detection (GET /comments/api/is-owner)

Returns owner status and available syndication targets for the reply-to-interactions feature. Used by the frontend to show reply buttons on interactions.

Response (when owner):

{
  "isOwner": true,
  "name": "Ricardo Mendes",
  "url": "https://rmendes.net",
  "photo": "https://...",
  "syndicationTargets": {
    "bluesky": "https://bsky.social",
    "mastodon": "https://indieweb.social"
  }
}

The syndicationTargets map is auto-detected from Indiekit's registered syndicators. The frontend uses these to route replies to the correct platform via Micropub.

Architecture

Comment Types

This plugin handles two distinct reply flows:

| Flow | Trigger | Route | Session | |------|---------|-------|---------| | Visitor comment | Visitor submits via comment form | POST /api/submit | IndieAuth comment session | | Owner reply to comment | Owner replies to a native comment | POST /api/reply | Indiekit admin session |

Reply-to-Interactions (Micropub flow)

When the site owner replies to platform interactions (Mastodon replies, Bluesky mentions, IndieWeb webmentions), the reply goes through Micropub — not through this plugin. The frontend posts to /micropub with in-reply-to set to the interaction's URL and optional mp-syndicate-to for platform-specific threading.

This separation exists because:

  • Native comments are stored in the comments collection and managed by this plugin
  • Platform interactions are stored in the conversation_items collection by @rmdes/indiekit-endpoint-conversations
  • Owner replies to interactions are Micropub posts stored in the posts collection

Collections

| Collection | Purpose | |------------|---------| | comments | Native visitor comments | | comment_sessions | IndieAuth session state (PKCE, tokens) |

Dependencies

  • indiekit-eleventy-theme — The theme's comments.js provides the Alpine.js comment form, IndieAuth flow, and inline reply UI. webmentions.js provides reply buttons on platform interactions.
  • @rmdes/indiekit-endpoint-conversations — Handles platform interactions (Mastodon/Bluesky/AP). Owner replies to platform interactions go through Micropub, and conversations enriches its API with those replies for frontend threading.

License

MIT