npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@tzylo/auth-ce

v1.1.0

Published

Tzylo Auth CE – Lightweight authentication client for Node.js/TS applications.

Downloads

108

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

flora-neitizenflora-neitizenkbpramodkbpramod

Keywords

authauthenticationjwttzyloclientsdkcemicroservice

Readme

@tzylo/auth-ce

A minimal, modern, developer-friendly authentication SDK for Tzylo Auth CE.
Designed with simplicity, secure defaults, and a clean API surface.

Tzylo Auth CE provides:

  • 🔐 Password authentication
  • 🔁 Login with access token + refresh token (cookie-based)
  • ✉️ Email OTP verification
  • 🔄 2-step password reset (send OTP + reset)
  • 🪶 Lightweight SDK (built with native fetch)
  • ⚡ Zero dependencies
  • 🌐 Works in both Browser and Node 18+

📦 Install

npm install @tzylo/auth-ce

or

yarn add @tzylo/auth-ce

🚀 Quick Start

import { TzyloAuth } from "@tzylo/auth-ce";

const auth = new TzyloAuth({
  baseURL: "http://localhost:5000", // your backend URL
});

// Register a user
await auth.auth.register("[email protected]", "password123");

// Login
const res = await auth.auth.login("[email protected]", "password123");

// Get profile
const me = await auth.auth.me();
console.log(me);

🧩 SDK Structure

The SDK is divided into 3 modules:

1. auth — Core Authentication

auth.register(email, password)
auth.login(email, password)
auth.logout()
auth.me()

2. otp — General OTP APIs

otp.send(email)
otp.verify(email, otp)

3. password — Forgot Password Flow (2-step)

password.forgot(email)
password.reset(email, otp, newPassword)

🔐 Password Reset Flow (2-Step)

Tzylo CE uses a secure 2-step password reset flow:

Step 1 – Send OTP

await auth.password.forgot("[email protected]")

Step 2 – Reset Password

await auth.password.reset(
  "[email protected]",
  "123456",        // OTP
  "newPassword123"
)

This avoids common vulnerabilities associated with 3-step flows.

🧠 Access Token & Refresh Token Model

  • The access token is stored in-memory using a small internal token store
  • The refresh token is stored in an HttpOnly secure cookie (managed by backend)
  • The SDK attaches Authorization: Bearer <token> automatically
  • Cookies are sent automatically via credentials: "include"

No setup required.

🌐 Node + Browser Support

Tzylo CE SDK uses native fetch, so it works out of the box:

Browser → ✔ Works

Node 18+ → ✔ Works

Edge runtimes (Cloudflare, Vercel Edge) → ✔ Works

No polyfills needed.

💡 Example: Using in a React App

import { TzyloAuth } from "@tzylo/auth-ce";

const auth = new TzyloAuth({
  baseURL: "http://localhost:5000",
});

async function handleLogin() {
  try {
    await auth.auth.login(email, password);
    navigate("/dashboard");
  } catch (err) {
    console.error(err.message);
  }
}

⚙️ Configuration

| Field | Type | Required | Description | | --------- | ------ | -------- | --------------------------------- | | baseURL | string | yes | URL of your Tzylo Auth CE backend |

Example:

const auth = new TzyloAuth({
  baseURL: "https://api.myapp.com"
});

🧱 Token Store (Advanced)

You can manually update or clear tokens:

import { tokenStore } from "@tzylo/auth-ce";

tokenStore.setToken("new-token");
tokenStore.getToken(); // returns current token

Useful for logout logic or custom flows.

🛣️ Roadmap

  • OAuth login (Google/Github)
  • MFA / Email magic links
  • Session management APIs
  • Organization & Teams
  • Full Enterprise edition (@tzylo/auth-pro)

📝 License

MIT License — free for commercial and open-source use.

❤️ Built by Tzylo

Brutal Simplicity. Deep Engineering. No Drama.


---

# 📘 **Docs (API Reference)**

Below is a structured documentation you can place in `/docs` or website.

---

# **Tzylo Auth CE — SDK Documentation**

## 1. Initialization

```ts
import { TzyloAuth } from "@tzylo/auth-ce";

const auth = new TzyloAuth({
  baseURL: "http://localhost:5000",
});

2. Auth Module

register(email, password)

Registers a new user.

await auth.auth.register(email, password);

login(email, password)

Logs in a user and stores access token internally.

await auth.auth.login(email, password);

Response contains:

{
  data: {
    accessToken: "xxx",
    user: { ... }
  }
}

logout()

Clears access token + refresh cookie.

await auth.auth.logout();

me()

Returns authenticated user.

const profile = await auth.auth.me();

3. OTP Module

otp.send(email)

Sends an OTP:

await auth.otp.send("[email protected]");

otp.verify(email, otp)

Verifies OTP:

await auth.otp.verify("[email protected]", "123456");

4. Password Module

forgot(email)

Sends password reset OTP.

await auth.password.forgot(email);

reset(email, otp, newPassword)

Resets password using 2-step flow.

await auth.password.reset(email, otp, newPassword);

5. Error Handling

All errors throw:

{
  status: number,
  message: string
}

Example:

try {
  await auth.auth.login(email, password);
} catch (err) {
  console.error(err.status, err.message);
}

6. Token Store

setToken(token)

tokenStore.setToken("abc123");

getToken()

tokenStore.getToken();

Final Notes

Tzylo Auth CE focuses on:

  • Zero complexity
  • Secure defaults
  • Minimal API surface
  • Developer experience first

This version is perfect for:

  • Indie devs
  • Startups
  • Internal tools
  • Learning environments
  • Rapid prototyping