npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ydbjs/auth-yandex-cloud

v0.1.2

Published

Yandex Cloud Service Account authentication provider for YDB. Supports authorized key JSON files and automatic IAM token management.

Downloads

145

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ydb-platformydb-platform

Keywords

ydbdatabaseauthenticationauthyandex-cloudservice-accountiamtypescript

Readme

@ydbjs/auth-yandex-cloud

Yandex Cloud Service Account authentication provider for YDB. Supports authorized key JSON files and automatic IAM token management.

Installation

npm install @ydbjs/auth-yandex-cloud

Features

  • Service Account Key Authentication: Authenticate using Yandex Cloud Service Account authorized key JSON files
  • Automatic IAM Token Management: Creates JWT, exchanges it for IAM tokens, and caches them automatically
  • Token Refresh: Automatically refreshes tokens before expiration (5 minute safety margin)
  • Retry Logic: Built-in retry with exponential backoff for IAM API calls
  • Multiple Initialization Methods: From file, environment variable, or direct JSON object

Usage

From File

import { Driver } from '@ydbjs/core'
import { ServiceAccountCredentialsProvider } from '@ydbjs/auth-yandex-cloud'

let driver = new Driver('grpcs://ydb.serverless.yandexcloud.net:2135/database', {
  credentialsProvider: ServiceAccountCredentialsProvider.fromFile('./authorized_key.json'),
})

await driver.ready()

From Environment Variable

import { Driver } from '@ydbjs/core'
import { ServiceAccountCredentialsProvider } from '@ydbjs/auth-yandex-cloud'

// Set YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=/path/to/key.json
let driver = new Driver(connectionString, {
  credentialsProvider: ServiceAccountCredentialsProvider.fromEnv(),
})

await driver.ready()

From JSON Object

import { Driver } from '@ydbjs/core'
import { ServiceAccountCredentialsProvider } from '@ydbjs/auth-yandex-cloud'
import * as fs from 'fs'

let keyData = JSON.parse(fs.readFileSync('authorized_key.json', 'utf8'))

let driver = new Driver(connectionString, {
  credentialsProvider: new ServiceAccountCredentialsProvider(keyData),
})

await driver.ready()

Custom IAM Endpoint

import { ServiceAccountCredentialsProvider } from '@ydbjs/auth-yandex-cloud'

let provider = new ServiceAccountCredentialsProvider(keyData, {
  iamEndpoint: 'https://custom-iam-endpoint.com/iam/v1/tokens',
})

Service Account Key Format

The authorized key JSON file should have the following structure:

{
  "id": "ajexxxxxxxxxxxxxxxxx",
  "service_account_id": "ajexxxxxxxxxxxxxxxxx",
  "created_at": "2023-01-01T00:00:00Z",
  "key_algorithm": "RSA_2048",
  "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
  "public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n"
}

Required fields:

  • id: Key ID
  • service_account_id: Service Account ID
  • private_key: Private key in PEM format

How It Works

  1. JWT Creation: Creates a JWT signed with PS256 (RSA-PSS) algorithm using the private key
  2. IAM Token Exchange: Sends JWT to Yandex Cloud IAM API (https://iam.api.cloud.yandex.net/iam/v1/tokens)
  3. Token Caching: Caches the IAM token and automatically refreshes it before expiration (5 minute safety margin)
  4. YDB Authentication: Uses the IAM token as x-ydb-auth-ticket header for YDB requests

Security

  • Never commit authorized key files to version control
  • Use environment variables or secrets management in production
  • Rotate keys regularly
  • Grant minimal required permissions to Service Accounts

Requirements

  • Node.js >= 20.19
  • Valid Yandex Cloud Service Account authorized key

License

Apache-2.0