npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@teovilla/code-runner-sdk-node

v0.4.0

Published

Server-side SDK for the code-runner service: a typed CodeRunnerClient over the Hono gateway plus zero-dependency soketi channel-auth signing.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

teodorovillanuevateodorovillanueva

Keywords

Readme

@teovilla/code-runner-sdk-node

The server-side SDK for the code-runner service.

  • A typed CodeRunnerClient over the code-runner Hono gateway (bearer auth, typed errors).
  • Zero-dependency soketi private-channel auth signing (signChannelAuth / createChannelAuthorizer) using only node:crypto.

Server-side only. This package carries the EXECUTOR_API_TOKEN and signs with the soketi APP_SECRET. Never ship it — or those secrets — to a browser. The browser half is @teovilla/code-runner-react.

Install

npm i @teovilla/code-runner-sdk-node

Dual ESM + CJS with bundled type declarations. Requires Node >= 22.

Client quickstart

import { CodeRunnerClient, CapacityError } from "@teovilla/code-runner-sdk-node";

const client = new CodeRunnerClient({
  baseUrl: "http://localhost:8080", // your code-runner gateway
  token: process.env.EXECUTOR_API_TOKEN!,
});

// 1. Enqueue a job
let job;
try {
  job = await client.execute({
    language: "python",
    files: [{ name: "main.py", content: "name = input(); print('hi', name)" }],
  });
} catch (err) {
  if (err instanceof CapacityError) {
    // no free sandbox slots — back off and retry
    console.log("retry after", err.retryAfterMs, "ms");
  }
  throw err;
}

console.log(job.jobId, job.channel, job.status); // "queued"

// 2. Start it (the client must have subscribed to job.channel first)
await client.start(job.jobId);

// 3. Drive the interactive session
await client.sendStdin(job.jobId, "world\n");
await client.closeStdin(job.jobId);
// await client.kill(job.jobId); // force-terminate if needed

Methods

| Method | Endpoint | | --- | --- | | listLanguages() | GET /v1/languages | | execute(req) | POST /v1/execute | | getJob(id) | GET /v1/jobs/:id | | start(id) | POST /v1/jobs/:id/start | | sendStdin(id, chunk) | POST /v1/jobs/:id/stdin | | closeStdin(id) | POST /v1/jobs/:id/stdin/close | | kill(id) | POST /v1/jobs/:id/kill |

Typed errors

Every non-2xx response is mapped to a typed error you can branch on with instanceof:

| Error | Status | Extra fields | | --- | --- | --- | | UnauthorizedError | 401 | — | | NotFoundError | 404 | — | | ValidationError | 400 | — | | CapacityError | 429 (execute) | retryAfterMs? | | RateLimitError | 429 (stdin) | retryAfterMs?, capBytes? | | CodeRunnerError | other | status?, body? |

All extend CodeRunnerError.

Channel auth (the full circle)

sequenceDiagram
    participant B as Browser (react SDK)
    participant Y as Your backend (this SDK)
    participant SK as soketi
    B->>Y: pusher-js POST socket_id + channel_name
    Y->>Y: createChannelAuthorizer() signs with APP_SECRET
    Y-->>B: { auth: "key:hmac" }
    B->>SK: subscribe private-run-id (with auth)
    SK-->>B: live stdout / stderr / result

The browser subscribes to a private private-run-<jobId> soketi channel via @teovilla/code-runner-react. pusher-js authorizes that subscription by POSTing to your backend, which signs the response with the soketi APP_SECRET. This SDK gives you that signer with zero dependencies:

import express from "express";
import { createChannelAuthorizer } from "@teovilla/code-runner-sdk-node";

const authorize = createChannelAuthorizer({
  appKey: process.env.SOKETI_APP_KEY!,
  appSecret: process.env.SOKETI_APP_SECRET!, // server-side only
});

const app = express();
app.use(express.json());

// pusher-js POSTs { socket_id, channel_name } here
app.post("/channel-auth", (req, res) => {
  const { socket_id, channel_name } = req.body;
  try {
    // throws unless channel_name is a private-run-* channel
    res.json(authorize(socket_id, channel_name));
  } catch {
    res.status(403).json({ error: "forbidden channel" });
  }
});

createChannelAuthorizer refuses any channel that is not private-run-*, so a client can only ever authorize a code-runner job channel.

Signing formula

signChannelAuth (and the authorizer it returns) produces exactly what the Pusher/soketi protocol expects — byte-identical to the official pusher server SDK:

auth = `${appKey}:` + HMAC_SHA256(`${socketId}:${channelName}`, appSecret)  // hex
import { signChannelAuth } from "@teovilla/code-runner-sdk-node";

signChannelAuth({
  socketId: "123.456",
  channelName: "private-run-abc",
  appKey: "k",
  appSecret: "s",
});
// => { auth: "k:<hmac-sha256-hex>" }

License

MIT