npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sitr.io/embed-sdk

v0.1.9

Published

Security-first video embed SDK with DRM support for HLS and DASH streaming.

Downloads

544

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sitr.iositr.io

Keywords

videoplayerdrmembedhlsdash

Readme

@sitr.io/embed-sdk

Security-first video embed SDK with DRM support for HLS and DASH streaming.

Installation

npm install @sitr.io/embed-sdk

Usage

Script tag (UMD)

<div id="vg-player"></div>
<script src="https://unpkg.com/@sitr.io/embed-sdk@0/dist/vg.js"></script>
<script>
  VideoGuard.mountOnStart({
    el: "#vg-player",
    tenant: "<playback-grant>",
    videoId: "video-123",
    userId: "user-456",
  });
</script>

ES modules

import VideoGuard from "@sitr.io/embed-sdk";

VideoGuard.init({
  apiBaseUrl: "https://api.sitr.io",
});

const drmSecurity = await VideoGuard.detectDrmSecurityLevel();
console.log(drmSecurity.level);

const player = await VideoGuard.mount({
  el: "#vg-player",
  tenant: "<playback-grant>",
  videoId: "video-123",
  userId: "user-456",
});

Mount on DOM ready

await VideoGuard.mountOnStart({
  el: "#vg-player",
  tenant: "<playback-grant>",
  videoId: "video-123",
  userId: "user-456",
});

API

  • VideoGuard.init(config) – Optional for custom runtimes. Use it to override apiBaseUrl, tenantToken (a short-lived playback grant), or legacy branding values.
  • VideoGuard.mount(options) – Mount the player into a target element. Returns a Promise resolving to the player DOM element.
  • VideoGuard.mountOnStart(options) – Same as mount, but waits for DOMContentLoaded before mounting.
  • VideoGuard.detectDrmSecurityLevel() – Best-effort browser DRM probe returning hardware, software, supported-unknown, or unsupported.

DRM security probe

Browsers do not expose the "Use graphics acceleration when available" setting to web pages. The SDK therefore reports a best-effort DRM capability level based on EME robustness probing instead of trying to read the browser setting directly.

<script src="https://unpkg.com/@sitr.io/embed-sdk@0/dist/vg.js"></script>
<script>
  (async () => {
    const result = await VideoGuard.detectDrmSecurityLevel();
    console.log(result.level, result.keySystem, result.reason);

    if (result.level === "unsupported") {
      console.warn("DRM is not available in this browser.");
    }

    await VideoGuard.mountOnStart({
      el: "#vg-player",
      tenant: "<playback-grant>",
      videoId: "video-123",
      userId: "user-456",
    });
  })();
</script>

Returned levels:

  • hardware: hardware-secure DRM robustness was granted.
  • software: DRM is available, but only software-secure or baseline access succeeded.
  • supported-unknown: DRM is available, but the browser does not expose a trustworthy hardware/software distinction.
  • unsupported: no supported DRM key system could be acquired.

Required backend endpoints

Your API must implement:

  • GET {apiBaseUrl}/playback/sdk-conf – Tenant-level embed defaults used by the short snippet flow
  • GET {apiBaseUrl}/playback/videos/{id} – Video metadata and manifest paths
  • GET {apiBaseUrl}/playback/config – DRM license URLs
  • GET {apiBaseUrl}/playback/videos/{id}/token – Playback token

Notes

  • The SDK stores a persistent vg_device_id in localStorage.
  • The tenant option is a short-lived playback grant, not a tenant UUID or server-side API key.
  • Supports HLS, DASH, and MP4 fallback with optional Widevine, PlayReady, and FairPlay DRM.