npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@theokit/gateway-sms

v0.1.0

Published

SMS platform adapter for @theokit/gateway. Multi-backend (Twilio + Plivo + Vonage). ADRs D389-D396.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

usetheodevusetheodev

Keywords

Readme

@theokit/gateway-sms

SMS platform adapter for @theokit/gateway.

Three backends, opt-in via peer-dep:

| Backend | Peer-dep | Inbound signature header | |---|---|---| | Twilio | twilio | X-Twilio-Signature (HMAC-SHA1 over URL+params) | | Plivo | plivo | X-Plivo-Signature-V3 (HMAC-SHA256) | | Vonage | @vonage/server-sdk | Authorization: Bearer <JWT> |

Install

pnpm add @theokit/sdk @theokit/gateway @theokit/gateway-sms

# Then install ONE of the backends you actually use:
pnpm add twilio              # for Twilio
pnpm add plivo               # for Plivo
pnpm add @vonage/server-sdk  # for Vonage

You also need libphonenumber-js (E.164 normalization) and express (webhook server). Both are listed as optional peer-deps and resolved on first use.

Quick start (Twilio)

import { Agent } from "@theokit/sdk";
import { GatewayRunner } from "@theokit/gateway";
import { SMSAdapter, createWebhookServer } from "@theokit/gateway-sms";

const adapter = new SMSAdapter({
  backend: "twilio",
  accountSid: process.env.TWILIO_ACCOUNT_SID!,
  authToken: process.env.TWILIO_AUTH_TOKEN!,
  fromNumber: process.env.TWILIO_FROM!,
  // Public URL where Twilio will POST inbound — required for signature validation.
  publicUrl: process.env.PUBLIC_URL!, // e.g. https://abc.ngrok.io
});

const runner = new GatewayRunner({
  adapters: [adapter],
  handler: async (event, ctx) => {
    if (event.platform !== "sms") return;
    await ctx.reply(`Echo: ${event.text}`);
  },
});

await runner.start();
const server = createWebhookServer({ adapter, port: 3000 });
await server.start();

Twilio Console setup

  1. Create a Twilio number with SMS capability.
  2. In the number's Voice & Messaging configuration, set A message comes inWebhookhttps://your-public-url/sms/twilio.
  3. Method: HTTP POST.

For local development, ngrok http 3000 and use the https://*.ngrok.io URL.

Signature enforcement (D392)

SMSAdapter refuses to start with an empty authToken — webhook public endpoint without HMAC validation is a known security hole. The constructor throws ConfigurationError({ code: "signing_secret_required" }) if you try.

If a request arrives without (or with invalid) signature, the webhook responds 401 Unauthorized BEFORE any handler dispatch.

Multipart split (D393)

Outbound messages longer than 1600 chars are split into (1/N) ... / (2/N) ... parts. Split is grapheme-cluster safe (Intl.Segmenter) so emoji and combining characters are not severed.

Each part is one billable outbound message at the carrier. Plan accordingly.

E.164 normalization (D391)

All phone numbers — inbound sender.id, outbound channel.id — are normalized to E.164 (+5511999999999) via libphonenumber-js. Non-parseable inputs throw ConfigurationError.

US toll-free numbers (+18001234567) are accepted (EC-6).

What's NOT supported in v0.1

| Feature | Status | Workaround | |---|---|---| | MMS (image/audio attachment) | Deferred to v0.2 (D395) | Use Twilio API direct via adapter.getBackendClient() | | Group SMS (MMS group thread on US carriers) | Not supported (D394) | — | | Auto budget per-message charge | Deferred to v0.2 (D396) | Charge via your own counter | | Delivery status callback (delivered/failed post-200) | Deferred to v0.2 (EC-13) | Subscribe via Twilio statusCallback URL |

Live smoke

SMS_LIVE_SMOKE=1 \
TWILIO_ACCOUNT_SID=... \
TWILIO_AUTH_TOKEN=... \
TWILIO_FROM=+1... \
TWILIO_TO=+55... \
pnpm --filter @theokit/gateway-sms test

The live smoke sends one real SMS through Twilio's API (test creds work; they cost ~$0.01/SMS in production accounts). Skip by leaving SMS_LIVE_SMOKE unset (default).

ADRs

D389 – D396 in .claude/knowledge-base/adrs/.