npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sectester/core

v0.49.0

Published

The core package can be used to obtain a config including credentials from different sources, and provide a simplified abstraction to handle events and commands.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

derevnjukderevnjukpmstsspmstss

Keywords

securitytestinge2etesttypescriptappsecpentestingqabrightsec

Readme

@sectester/core

Maintainability Test Coverage Build Status NPM Downloads

The core package can be used to obtain a config including credentials from different sources, and provide a simplified abstraction to handle events and commands.

Setup

npm i -s @sectester/core

Usage

Configuration

First, you need to generate a new instance of Configuration.

import { Configuration } from '@sectester/core';

const config = new Configuration({
  hostname: 'app.brightsec.com',
  projectId: 'your project ID',
  credentials: {
    token: 'your API key'
  }
});

After that, you can resolve the configuration using the IoC container.

const config = config.container.resolve(Configuration);

Options

Configuration can be customized using the following options:

export interface ConfigurationOptions {
  hostname?: string;
  projectId?: string;
  credentials?: Credentials;
  logLevel?: LogLevel;
  credentialProviders?: CredentialProvider[];
}

The default configuration is as follows:

{
  logLevel: LogLevel.ERROR,
  credentialProviders: [new EnvCredentialProvider()];
}

hostname

  • type: string

Set the hostname (domain name) used to establish a connection.

import { Configuration } from '@sectester/core';

const config = new Configuration({
  hostname: 'app.brightsec.com'
});

[!NOTE] If you omit the hostname parameter, 'app.brightsec.com' will be used by default.

projectId

  • type: string

Set the ID of the project you want to work with.

import { Configuration } from '@sectester/core';

const config = new Configuration({
  // ...
  projectId: 'your project ID'
});

[!TIP] The project ID can be found in the URL of the project page. For example, in the URL https://app.brightsec.com/projects/1234, the project ID is 1234. We recommend using the dedicated project ID for each application.

[!WARNING] If you omit the projectId parameter, we will use the default project ID. This is not recommended especially if you have multiple projects.

logLevel

  • type: LogLevel

Set the maximum log level to report.

import { Configuration, LogLevel } from '@sectester/core';

const config = new Configuration({
  // ...
  logLevel: LogLevel.ERROR
});

credentials

  • type: Credentials

Set credentials for accessing the application.

import { Configuration } from '@sectester/core';

const config = new Configuration({
  // ...
  credentials: {
    token: 'your API key'
  }
});

More info about setting up an API key

credentialProviders

  • type: CredentialProvider[]

Allows you to provide credentials that are loaded at runtime. The configuration will invoke one provider at a time and only continue to the next if no credentials have been located. For example, if the process finds values defined via the BRIGHT_TOKEN environment variables, the file at .sectesterrc will not be read.

EnvCredentialProvider

Use this provider to read credentials from the following environment variable: BRIGHT_TOKEN

If the BRIGHT_TOKEN environment variable is not set or contains a falsy value, it will return undefined.

import { Configuration, EnvCredentialProvider } from '@sectester/core';

const credentialsProvider = new EnvCredentialProvider();
const config = new Configuration({
  // ...
  credentialProviders: [credentialsProvider]
});

ApiClient

The ApiClient interface and its implementation FetchApiClient provide a robust way to handle HTTP requests with built-in retry logic, rate limiting, and error handling.

import { FetchApiClient } from '@sectester/core';

const client = new FetchApiClient({
  baseUrl: 'https://app.brightsec.com',
  apiKey: 'your-api-key',
  timeout: 5000 // optional, defaults to 5000ms
});

// Make a request
const response = await client.request('/api/v1/scans');

The FetchApiClient includes the following features:

  • Automatic retry for idempotent requests (GET, HEAD, PUT, DELETE, OPTIONS, TRACE)
  • Rate limiting handling with automatic retry based on 'Retry-After' header
  • Configurable timeout
  • API key authentication
  • Automatic handling of redirects (status 409)
  • JSON content type by default

The client can be configured using the following options:

| Option | Type | Default | Description | | ------------ | -------------------------------------------- | ------------------------------------------------------------ | --------------------------------------- | | baseUrl | string | - | Base URL for all API requests | | apiKey | string | - | API key for authentication | | apiKeyPrefix | string | 'Api-Key' | Prefix used in the Authorization header | | timeout | number | 5000 | Request timeout in milliseconds | | userAgent | string | sectester-js/ | User agent string | | retry | RetryOptions | See FetchApiClient.ts | Retry options for the client |

License

Copyright © 2025 Bright Security.

This project is licensed under the MIT License - see the LICENSE file for details.