npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

bob-auth

v0.4.0

Published

A high-performance, stateless authentication SDK. Use this package to integrate user registration, sign-in, and verification into your application.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

knightsitknightsit

Keywords

Readme

@bob/auth (BobAuth Public SDK)

A high-performance, stateless authentication SDK. Use this package to integrate user registration, sign-in, and verification into your application.

🚀 Quick Start for AI Agents & Developers

1. Installation

npm install @bob/auth

2. Configure Environment

Your app needs three primary variables, which will be issued by the BobAuth team. You will be given a set for development/testing and another set for production.

Local Development (.env.local)

# Issued by BobAuth for your specific application
BOB_AUTH_ID=your_dev_app_id
BOB_AUTH_KEY=your_dev_auth_key
BOB_AUTH_URL=https://cool-dove-824.convex.cloud

Production

Issued by BobAuth for your specific application in production

BOB_AUTH_ID=your_prod_app_id BOB_AUTH_KEY=your_prod_auth_key BOB_AUTH_URL=https://adventurous-pheasant-246.convex.cloud

  • SECURITY: Your BOB_AUTH_KEY should never be exposed in a public frontend. For production, perform the appSignin step in a backend function or use an ephemeral token approach.

🛠️ Usage Guide

Initialize and Authorize

BobAuth uses a Stateless Token model. You must first authorize your application to receive an appToken before making user requests.

import { BobAuthClient } from "@bob/auth";

const bob = new BobAuthClient({
  backendUrl: process.env.BOB_AUTH_URL
});

// 1. Authorize your App (Call this once on app init or backend side)
await bob.signin(
  process.env.BOB_AUTH_ID, 
  process.env.BOB_AUTH_KEY
);

User Signup

Allows a new user to register. Returns a userId and a pin (for simulation; in production, BobAuth sends this via email).

const { result, error } = await bob.userSignup({
  email: "[email protected]",
  password: "SecurePassword123!",
  firstName: "Justin"
});

if (result) {
  // Save result.userId and show PIN entry UI
}

Email Verification

Verify the user's account using the PIN.

await bob.userVerifyEmail({
  userId: "user_123",
  pin: "123456"
});

User Sign-in

Obtain a user identity and session.

const loginResult = await bob.userSignin({
  email: "[email protected]",
  password: "SecurePassword123!",
  ipAddress: "127.0.0.1"
});

if (loginResult.result) {
  console.log("Logged in user:", loginResult.result.current.user.firstName);
}

🛡️ Security Architecture

Stateless Performance

Unlike traditional auth, BobAuth user mutations do not require a database lookup to verify the application. The appToken is a cryptographically sealed payload that the server verifies instantly, ensuring zero performance penalty for high-traffic apps.

Credentials at Rest

Application authKeys are encrypted at rest on the BobAuth server. However, you must protect your authKey locally. Never commit it to git.

Suspensions & IP Blocking

BobAuth automatically handles brute-force protection. If your app receives error: "ip-blocked", the client's IP has been temporarily restricted due to too many failed attempts across different users.