npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@trustpipelines/js

v0.1.3

Published

Trust Pipelines browser SDK — programmatic verification for signup, vote, review, and other on-entry touchpoints.

Downloads

533

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mypiniolabsmypiniolabs

Keywords

trust-pipelinesverificationfraud-preventionbot-detectionembodimentfingerprintbehavioralhoneypotbrowser-sdk

Readme

@trustpipelines/js

The Trust Pipelines browser SDK — programmatic verification for signup, account creation, vote, review, transaction, and other on-entry touchpoints.

This is the typed, npm-installable wrapper around the same engine that powers the CDN snippet (cdn.trustpipelines.com/v1/snippet.js). The snippet auto-detects forms with a single <script> tag; the SDK gives you programmatic control over where and how verification fires. Pick whichever fits your integration — they share an engine, so behavior is identical.

Install

npm install @trustpipelines/js

Also works with pnpm add, yarn add, and bun add.

Quickstart

import { createTrustPipelines } from '@trustpipelines/js';

const tp = createTrustPipelines({
  checkpointKey: 'cp_live_...', // your Checkpoint's publishable key
});

// Intercept a form on submit.
tp.protect(document.querySelector('form#signup')!);

// Or fire a programmatic check at any moment.
const result = await tp.check();
if (result.outcome === 'high_risk') {
  // your call.
}

The Checkpoint's publishable key (cp_live_*) is safe to ship in client code — the Edge Worker treats cp_* keys as browser-mode credentials. The secret tp_* keys never go near this SDK.

Configuration

createTrustPipelines({
  checkpointKey: string;   // required — your Checkpoint's cp_live_* key
  endpoint?: string;       // override the Edge base URL (defaults to production)
  debug?: boolean;         // attach per-Layer phase timings to results
});

endpoint is for staging or local dev — leave unset to hit the production Edge Worker at https://edge.trustpipelines.com.

API

| Method | What it does | |---|---| | protect(form) | Intercept submits on a <form>. On low_risk, the form re-dispatches; on medium_risk / high_risk, the registered handler decides. | | check(options?) | Fire a programmatic check. Returns the full ExecutionResult — outcome, per-Layer breakdown, requestId. | | onResult(fn) | Fires on every check — Glass-Box. Receives the full result. | | onHighRisk(fn) | Fires only on high_risk outcomes. Receives { form } if the check was triggered by a protected form. | | onMediumRisk(fn) | Fires only on medium_risk outcomes. Same shape as onHighRisk. | | version | The npm package version of @trustpipelines/js — the number you installed. |

Types TrustPipelinesAPI, ExecutionResult, LayerResult, Outcome, and PhaseTiming are re-exported for TypeScript users.

Versioning

The version export (and tp.version on a constructed instance) is auto-generated from package.json at build time — to bump it, edit package.json only and the runtime constant follows. It can never drift from the release you installed. The engine wire-contract version (bumped only when the SDK ↔ Edge Worker protocol changes) is available separately as the engineVersion export. VERSION is a deprecated alias of version, kept for one release cycle.

Full example

import { createTrustPipelines } from '@trustpipelines/js';

const tp = createTrustPipelines({
  checkpointKey: 'cp_live_AbCdEf1234567890',
});

tp.protect(document.querySelector<HTMLFormElement>('#signup')!);

tp.onHighRisk(({ form }) => {
  // Show a friendly blocked-state in your UI — the form did not submit.
  showInlineError(form, 'We couldn’t verify this submission.');
});

tp.onResult(({ result }) => {
  // Glass-Box: log to your own analytics if you want.
  analytics.track('trust_check', {
    outcome: result.outcome,
    requestId: result.requestId,
    layers: result.layers.map((l) => ({ key: l.key, outcome: l.outcome })),
  });
});

Docs

Full integration guide: https://trustpipelines.com/docs/sdk

Quickstart, API reference, ExecutionResult shape, framework recipes (Next.js, React, Svelte, vanilla ESM/CJS), error model, and a snippet→SDK migration guide all live there.

License

Released under the MIT License — see LICENSE.