npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@softwarepatterns/am

v0.4.0

Published

Auth client SDK for AccountMaker (Am)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ironspecsironspecs

Keywords

authenticationauthsdktypescriptoauthopenid-connectjwtsession-management

Readme

@softwarepatterns/am

Authentication client SDK for AccountMaker (Am).

This package provides a small, stable client for interacting with the AccountMaker authentication API. It is designed with explicit support for both ESM and CommonJS consumers.

Features

  • Sessions are created through Am auth and restore methods
  • Automatic access-token refresh until the session requires a hard reload
  • TypeScript-first API with bundled .d.ts
  • Explicit error modeling via RFC 9457 Problem Details
  • Typed auth lifecycle events
  • No runtime dependencies or side effects on import
  • ESM and CommonJS support

Requirements

  • Node.js ≥ 18
  • A runtime with a global fetch implementation (Node 18+, Bun, Deno, or a custom fetchFn)

Installation

npm install @softwarepatterns/am

Importing

ESM

import { Am } from "@softwarepatterns/am";

CommonJS

const { Am } = require("@softwarepatterns/am");

Basic usage

Create a client

import { Am } from "@softwarepatterns/am";

const am = new Am();

Examples live in examples/.

Authentication flows

Sign in with email and password

const session = await am.signIn({
  clientId: "your-client-id",
  email: "[email protected]",
  password: "password"
});

Sign up (register) a new user with email and password

const session = await am.signUp({
  clientId: "your-client-id",
  email: "[email protected]",
  password: "password"
});

Accept an invite from an email link

const session = await am.acceptInvite({
  clientId: "your-client-id",
  token: "token-from-email",
});

Sign in with a token from an email link

const session = await am.signInWithToken("token-from-email");

Sessions

A session represents an authenticated user and handles token refresh automatically.

// Automatically adds Authorization header, will refresh tokens as needed, 
const res = await session.fetch("https://yourdomain.com/some/protected/resource");

You can also use the access token yourself.

if (session.isExpired()) {
  await session.refresh();
}
await fetch("https://yourdomain.com/your/own/protected/api", {
  headers: {
    Authorization: `Bearer ${session.tokens.accessToken}`
  }
});

Sessions are produced by Am methods such as signIn(), signUp(), signInWithToken(), acceptInvite(), createSession(), and restoreSession().

Auth events

Subscribe to auth lifecycle events with am.on(...).

const stopSignedIn = am.on("signedIn", (session) => {
  console.log("signedIn", session.profile.id);
});

const stopAuthLost = am.on("authLost", (error) => {
  console.log("authLost", error.status, error.title);
});

const stopProfileUpdated = am.on("profileUpdated", (profile) => {
  console.log("profileUpdated", profile.lastUpdatedAt);
});

const stopTokensUpdated = am.on("tokensUpdated", (tokens) => {
  console.log("tokensUpdated", tokens.expiresAt);
});

const stopReloadRequired = am.on("reloadRequired", () => {
  window.location.reload();
});

Event meaning:

  • signedIn: a session was established through Am
  • tokensUpdated: session tokens rotated
  • profileUpdated: session profile refreshed
  • authLost: auth was lost but the runtime is still recoverable
  • reloadRequired: the current session can continue only after a hard reload

After reloadRequired, the current runtime should hard-navigate before doing more session work. authLost does not carry that requirement.

Your own services can validate the access token using AM's public keys.

import * as jose from 'jose';

// Will auto fetch, cache, and rotate keys as needed
const jwksUrl = new URL('https://auth.yourdomain.com/.well-known/jwks.json');

// if not using a custom auth domain:
// const jwksUrl = new URL('https://api.accountmaker.com/.well-known/jwks.json?client_id=your-client-id');

const JWKS = jose.createRemoteJWKSet(jwksUrl);

export const validateAccessToken = async (token: string) =>  {
  const { payload } = await jose.jwtVerify(token, JWKS);

  console.log('Account Id:', payload.acc);
  console.log('User Id:', payload.uid);
  console.log('User Account Role:', payload.role);
}

By default, tokens are saved in memory only.

const am = new Am({
  storage: null // disable storage, default is in-memory
});

Set to "localStorage" to persist sessions across reloads.

const am = new Am({
  storage: "localStorage"
});
const session = am.restoreSession();

Or implement your own storage mechanism by implementing the Storage interface.

Error handling

All API errors throw as AuthError.

import { AuthError } from "@softwarepatterns/am";

try {
  await am.signIn({ email, password });
} catch (err) {
  if (err instanceof AuthError) {
    console.log(err.status);
    console.log(err.title);
    console.log(err.detail);
  }
}

Errors follow RFC 9457 Problem Details format (application/problem+json).

Unknown or unsupported error responses are converted into a generic problem shape without exposing raw response bodies. All non-HTTP errors (such as network or parsing errors) are left alone to bubble up.

Custom fetch

For mocking or for custom fetch implementations, you can provide your own.

const am = new Am({
  fetchFn: fetch,
});

Stability guarantees

The following are guaranteed:

  • Stable ESM and CommonJS entry points
  • Stable TypeScript types for exported symbols
  • Compatibility with Node 18, 20, and 22

This package follows semantic versioning.

  • 0.x releases may introduce breaking changes
  • 1.0.0 will mark a frozen public API

Development and Testing

Prerequisites

Integration tests require credentials stored in the repository root .env. The encrypted version .env.enc is committed at the repository root.

Decrypting credentials

# From the repository root
sops -d .env.enc > .env

Running tests

# Unit tests
bun run --filter @softwarepatterns/am test:unit

# Integration tests (requires .env)
bun run --filter @softwarepatterns/am test:integration

The package integration script reads credentials from the repository root .env file.

Re-encrypting after changes

# From the repository root
sops -e .env > .env.enc

License

MIT