npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sapbruno/cf-btp

v0.1.1

Published

SAP Cloud Foundry / BTP credential provider for sapbruno. Extracts xsuaa OAuth2 client_credentials from bound apps via cf CLI.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dongtrandongtran

Keywords

sapbrunobrunosapbtpcloudfoundryxsuaaoauth2credential-provider

Readme

@sapbruno/cf-btp

SAP Cloud Foundry / BTP credential provider for sapbruno.

Extracts OAuth2 client_credentials from the xsuaa (or identity) service binding of a deployed Cloud Foundry app, via the cf CLI. Eliminates the need to hand-copy clientid/clientsecret from service keys into Bruno env files.

How it works

For each call to fetch(prefix, ctx), the provider:

  1. Resolves { group, branch, app } from the configured services[prefix] binding.
  2. Looks up the corresponding CF org from a branch → subaccount map file (cf-branch-map.json — see format below).
  3. Ensures a live cf session — if cf target shows no API endpoint or user, it runs cf api <endpoint> and cf auth $SAP_EMAIL $SAP_PASSWORD (or values from provider config).
  4. Runs cf target -o <org> -s <space>, cf app <app> --guid, cf curl /v3/apps/<guid>/env.
  5. Parses VCAP_SERVICES.xsuaa[0].credentials — returns { tokenUrl: <url> + /oauth/token, clientId, clientSecret }.

If no xsuaa binding exists it falls back to the identity service and uses /oauth2/token.

Install

pnpm add -D @sapbruno/cf-btp sapbruno

Requires the cf CLI on your PATH.

Configure

In your sapbruno.config.json:

{
  "collections": "./collections",
  "environments": {
    "dev": {
      "auth": { "type": "oauth2-client-credentials" },
      "credentialProvider": {
        "type": "cf-btp",
        "mapFile": "./cf-branch-map.json",
        "space": "app",
        "cacheTtlSeconds": 300,
        "services": {
          "my_group_demo": {
            "group": "my-group",
            "branch": "main",
            "app": "my-demo-app"
          }
        }
      }
    }
  }
}

Then register the provider in your sapbruno setup (see sapbruno docs for the provider loader).

cf-branch-map.json format:

{
  "my-group": [
    { "branch": "main", "cf_org": "my-cf-org", "environment": "dev", "region": "eu20" },
    { "branch": "dev", "cf_org": "my-cf-org-dev", "environment": "dev", "region": "eu20" }
  ]
}

Environment variables

  • SAP_EMAIL, SAP_PASSWORD — used for non-interactive cf auth when no live session is found. Skip these if you prefer to run cf login yourself before invoking sapbruno.

Per-service options

Each entry under services[prefix] accepts:

  • group (required) — matches a top-level key in mapFile.
  • branch (required) — matches an entry under that group → determines target CF org.
  • app (required) — the CF app name bound to the xsuaa/identity service.
  • cfSpace — override the default space for this one service.
  • serviceInstanceName — pick a specific service instance by name when the app has multiple bindings of the same type.
  • preferredService"xsuaa" (default) or "identity".

Programmatic usage

import { cfBtpProvider } from "@sapbruno/cf-btp";

const provider = cfBtpProvider({
  mapFile: "./cf-branch-map.json",
  space: "app",
  services: {
    my_group_demo: { group: "my-group", branch: "main", app: "my-demo-app" },
  },
});

const creds = await provider.fetch("my_group_demo", { rootDir: process.cwd(), envName: "dev" });
// { tokenUrl, clientId, clientSecret }

Security

  • Credentials are only held in memory for the lifetime of the Node process.
  • cacheTtlSeconds controls how long a given prefix's creds are reused before re-fetching.
  • The provider never writes credentials to disk — sapbruno does that into its Bruno env file (same behavior as the upstream provider interface).

License

MIT © dongtran