npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@useoneauth/adapter-sdk

v1.0.0

Published

The contract for building **OneAuth adapters**. OneAuth owns *ports, not integrations* — it ships these port interfaces plus a **conformance kit**, and the ecosystem builds the integrations (Postgres, Redis, Mongo, Drizzle, Prisma, AWS, …). In-memory is t

Downloads

313

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jeremy049jeremy049

Keywords

Readme

@useoneauth/adapter-sdk

The contract for building OneAuth adapters. OneAuth owns ports, not integrations — it ships these port interfaces plus a conformance kit, and the ecosystem builds the integrations (Postgres, Redis, Mongo, Drizzle, Prisma, AWS, …). In-memory is the canonical reference adapter.

What an adapter is

An adapter implements OneAuth's storage ports — and nothing else. It owns no policy, no trust logic, no lifecycle rules; those live in the runtime. An adapter is pure persistence behind a well-defined interface.

import type { Adapters, SessionRepository } from "@useoneauth/adapter-sdk"

export class MySessionRepository implements SessionRepository {
  // create / findById / findByIdentity / list / update
}

The full set of ports is the Adapters interface: identity, relationship, membership, organization, credential, credentialVersion, credentialPolicy, session, refreshToken, keyStore, eventStore.

Prove it with the conformance kit

Every adapter must pass the same conformance suite the in-memory reference passes. Each suite is parameterized by a factory:

import { describe } from "vitest"
import { testSessionRepository, testEventStore } from "@useoneauth/adapter-sdk/conformance"
import { MySessionRepository } from "../src/MySessionRepository.js"
import { MyEventStore } from "../src/MyEventStore.js"

testSessionRepository(() => new MySessionRepository())
testEventStore(() => new MyEventStore())

The kit enforces the contracts that the runtime depends on, e.g.:

  • EventStore — monotonic sequence, duplicate-id rejection, immutable (frozen) stored events. The event stream is replayable and load-bearing.
  • RelationshipRepositoryfindByFrom / findByTo, which the identity graph uses for cycle detection.
  • SessionRepositorylist() (fleet-wide), findByIdentity, and the optional organizationId scope used by org-leave revocation.

Secrets-at-rest expectations

Adapters persist hashes only — never plaintext credentials or tokens. The runtime hashes before handing data to your adapter (with an optional application pepper), and the event stream is redacted before persistence, so a faithfully-implemented adapter never stores a raw secret. For key material, prefer the runtime's EncryptedKeyStore (AES-256-GCM + a terminal-entered password) or a cloud-KMS KeyStore adapter.

Checklist

  1. Implement the port(s) you need from @useoneauth/adapter-sdk.
  2. Run the matching conformance suite(s) — all green.
  3. Persist hashes only; never log or store raw secrets.
  4. Publish; wire it via createOneAuth({ adapters: { … } }) (composition root).

Currently published suites: testEventStore, testIdentityRepository, testRelationshipRepository, testSessionRepository. The remaining ports follow the same factory pattern and are being added incrementally.