npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@storm-gate/client

v0.1.0

Published

Browser SDK for the Storm-Gate auth service.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hoseacodeshoseacodes

Keywords

storm-gateauthsdkbrowserjwt

Readme

@storm-gate/client

Browser SDK for the Storm-Gate auth service. Replaces hand-rolled axios + cookie + JWT plumbing in consumer apps.

Install

npm install @storm-gate/client axios

axios is a peer dependency — you control the version.

Quickstart

import { createStormGateClient } from '@storm-gate/client';

export const auth = createStormGateClient({
  baseURL: process.env.REACT_APP_STORM_GATE_URL,
  rememberMeMaxAge: 7 * 24 * 3600,
  defaultMaxAge: 24 * 3600,
  isAuthRequiredRoute: (pathname) => pathname.startsWith('/admin'),
  onUnauthenticated: () => { window.location.href = '/login'; },
});

await auth.login({ email, password, rememberMe: true });
const { user } = await auth.getMe();          // /login does not return user — call /me separately
await auth.logout();

// For your OWN backend, with the same cookie token attached:
const api = auth.createAuthedAxios({ baseURL: process.env.REACT_APP_LOCAL_API_URL });
await api.get('/articles');

API

createStormGateClient(options)

Options:

  • baseURL (string, required) — Storm-Gate base URL.
  • cookieName (string, default 'accesstoken') — cookie name for the access token.
  • rememberMeMaxAge (seconds, default 7 * 24 * 3600) — cookie TTL when rememberMe: true.
  • defaultMaxAge (seconds, default 24 * 3600) — cookie TTL otherwise.
  • isAuthRequiredRoute ((pathname) => boolean, default returns false) — controls whether a normalized 401 fires onUnauthenticated.
  • onUnauthenticated (() => void, optional) — called once per session when an authed request fails.
  • strictNormalization (boolean, default false) — when true, skips the 400→401 heuristic and only treats real 401s as auth failures.

Methods returned:

  • login({ email, password, rememberMe? }){ accesstoken, status, limitedAccess? }
  • register({ name, email, password, role?, application?, status? }){ accesstoken?, status, requiresApproval?, msg? }
  • getMe(){ status, user }
  • logout(){ msg, status }
  • refreshToken(){ accesstoken }
  • checkStatus({ email }){ status, user }
  • forgotPassword({ email }){ msg, status }
  • verifyResetToken(token){ msg, status, email } — token is in URL path
  • resetPassword({ token, password }){ msg, status } — token is in URL path
  • createAuthedAxios({ baseURL, ...config }) → axios instance that auto-attaches the same cookie token

Behavior notes

  • Header format: the SDK sends Authorization: <jwt> (no Bearer prefix). Storm-Gate accepts both.
  • 400→401 normalization: Storm-Gate currently returns 400 (not 401) for expired or invalid tokens. The SDK normalizes these so error.response.status === 401 for callers. Login/register are excluded from this heuristic since their 400s are business errors. Disable with strictNormalization: true.
  • Cross-origin: the SDK uses withCredentials: true so the HttpOnly refreshtoken cookie can roundtrip on refreshToken(). Requires Storm-Gate's CORS config to allowlist your origin with credentials: true.
  • auth.login() does NOT return user. Storm-Gate's /login response omits it; call auth.getMe() after if you need it.

v0.1 limitations

  • HS256 only. RS256/JWKS coming in v0.2.
  • Browser only — no SSR / Node cookie support. Will throw if document is not available.
  • No silent refresh loop — call refreshToken() manually when needed.

License

ISC