npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

create-authenik8-app

v2.4.3

Published

⚡ Fast Express + TypeScript auth starter with secure JWT, refresh rotation, Redis, RBAC, OAuth & Prisma. Powered by the Authenik8 Identity Engine.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thesbdthesbd

Keywords

clicreate-appexpressnodetypescriptprismaauthauthenticationscaffoldboilerplatestarterbackendjwtredisapinodejs-cliproject-generatorfullstack-backend

Readme

NPM Downloads OpenSSF Scorecard CI Coverage

subtitle

Demo

See a real generated example → create-authenik8-app-example

Usage

Create a new project:

bash
npx create-authenik8-app my-app

cd my-app

redis-server --daemonize yes

npm run dev

Your production-ready auth backend will be ready in 50 seconds.

What you get instantly

• A fully working Express authentication starter with:

• JWT authentication (access + refresh tokens) with secure rotation

• Secure refresh token rotation

• Redis-based token storage

• Role-Based Access Control (RBAC)

• TypeScript setup

• Express server preconfigured

• Clean scalable folder structure

• .env file generated automatically

• Production extras (PM2 cluster, Helmet, rate limiting, memory guards)

Why create-authenik8-app

Most developers waste days (or weeks) on:

• Manual JWT setup

• Secure refresh token handling

• Redis session configuration

• Proper access control

Authenik8 provides all of this out of the box so you can start building your API immediately.

Requirements

• Node.js 18+

• Redis (required for refresh tokens & security features)

Redis (Local)

Bash

redis-server --daemonize yes

Environment Variables

Generated automatically:

The CLI generates these automatically:

JWT_SECRET=your-secret
REFRESH_SECRET=your-refresh-secret
REDIS_HOST=127.0.0.1
REDIS_PORT=6379

RBAC Example

Example of a protected route:

app.get("/admin", auth.requireAdmin, (req, res) => {
  res.json({ message: "Admin only route" });
});

Testing

  • Full test suite with 80% coverage (actively improving)

  • CI runs tests + coverage on every push and PR

How It Works (Key Concept)

Authenik8 is not just another auth library. It is an auth system generator. At its core is the Identity Engine (authenik8-core) that treats authentication as an

identity resolution problem:

• Unifies credentials (email/password) + OAuth providers

• Prevents duplicate identities

• Handles account linking intelligently

• Normalizes data across providers

This design makes future additions (MFA, WebAuthn, etc.) much cleaner.

Powered by

authenik8-core (v1.0.29) battle-tested identity & token engine

Production Enhancements

• PM2 cluster mode + auto-restart

• Memory usage guardrails

• Security middleware (Helmet, rate limiting, etc.)

The Identity Engine

At the heart of Authenik8 is the Identity Engine , a unified authentication core built into authenik8-core.

Why a dedicated Identity Engine?

Traditional auth systems treat login as separate, isolated flows:

• Email/password goes one way

• Google OAuth another way

• GitHub yet another

This leads to duplicate accounts, inconsistent data, fragile linking logic, and security gaps.

The Identity Engine solves this by treating authentication as an identity resolution problem instead of just credential validation.

What the Identity Engine does

Unified Identity Resolution
It intelligently resolves any login method (credentials, OAuth, or future strategies) into a single, consistent user identity in your system.

Smart Account Linking
Automatically detects when a user already exists (via email or other signals) and offers secure linking instead of creating duplicates.

Profile Normalization
Converts provider-specific data (Google profile, GitHub profile, etc.) into your app’s clean, unified user schema.

Secure Token Lifecycle Management
Handles JWT access + refresh tokens with rotation, JTI-based replay protection, and Redis-backed stateful control.

  • Consistent Security Layer
    Applies the same high-security rules (rate limiting, IP awareness, session controls) across all authentication methods.

OAuth Through the Identity Engine

OAuth (Google, GitHub, and more coming) is not implemented as direct Passport.js-style routes. Instead:

  1. The provider callback is received

  2. The Identity Engine resolves/normalizes the profile

  3. It decides: login existing user, link to existing account, or create new identity

  4. Returns consistent tokens and user data

This design makes adding new providers or authentication methods much cleaner and more secure.

Authenik8 vs Passport.js

| Aspect | Authenik8 | Passport.js | |---------------------------|----------------------------------------------------|------------------------------------------| | Purpose | Full auth system generator | Authentication middleware | | Setup Time | ~30 seconds (complete project) | Hours to days | | JWT + Refresh Tokens | Secure rotation + replay protection built-in | Manual implementation required | | OAuth | Unified via Identity Engine (smart linking) | Separate strategies per provider | | RBAC | Built-in middleware | Not included | | Production Features | PM2, Helmet, rate limiting, memory guards | None (you add them) | | Identity Management | Centralized Identity Engine | None | | Flexibility | Medium (opinionated & extensible) | Very high | | Best For | Fast, secure, consistent backends | Maximum customization |

Passport.js is a great flexible tool, but it leaves you to build secure JWT, refresh logic, OAuth linking, and RBAC yourself. Authenik8 gives you a complete, production-ready authentication system from day one.

Benefits for you

• No more duplicate user headaches

• Consistent security behavior across all login methods

• Easier future-proofing (MFA, WebAuthn, enterprise SSO, etc.)

• Cleaner, more maintainable codebase in your generated project

The Identity Engine is what makes Authenik8 feel like a coherent authentication system rather than a collection of routes and middleware.

Notes

• This generates a starter project, not a full framework

• Redis is mandatory for security features

• authenik8-core is closed-source for security reasons (implementation details)

Roadmap

• Advanced RBAC (custom roles/permissions)

• webAuthn

• MFA

• Production presets