npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

hamzcore

v1.0.1

Published

Core logic package with license validation (blocklist)

Downloads

208

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

hamzosofthamzosoft

Keywords

licensevalidationmongodbjwtcrypto

Readme

hamzcore

Core logic package with license validation. Uses blocklist logic:

  • By default: allow (record usage and return allowed)
  • Block only when key, domain, or (key, domain) is explicitly in the blocklist

Package (hamzcore)

Install

cd hamzcore
npm install
npm run build

Usage in your app

const { connectDb, validateLicense, assertLicense } = require("hamzcore");

// Database (checks license before connecting; reads LICENSE_KEY from env)
await connectDb(process.env.MONGODB_URI);

// Or license only:
const { allowed } = await validateLicense(process.env.LICENSE_KEY, "your-domain.com");
await assertLicense(process.env.LICENSE_KEY, "your-domain.com");

Exports

  • connectDb(uri) – MongoDB connection with license gate (reads LICENSE_KEY, domain from env)
  • validateLicense, assertLicense – License validation
  • encryptText, decryptText – Crypto utilities
  • signAccessToken, signRefreshToken, verifyAccessToken, verifyRefreshToken, sign2FAToken, verify2FAToken – JWT utilities

Environment variables (required by the main app)

  • LICENSE_KEY – Your license key (read from env in hamzcore)
  • LICENSE_DOMAIN or APP_URL or VERCEL_URL – Domain for validation

The license server URL is hardcoded to https://www.hamzosoft.com. API may return { isActive: true } or { allowed: true }.

License server (/server)

Standalone TypeScript Node.js server that validates licenses using a blocklist.

Run

# From hamzcore root:
npm run server
# Or with hot reload:
npm run server:dev

# Or from server folder:
cd server
npm install && npm run build
node dist/server.js
# Or: PORT=4000 node dist/server.js

API

POST /api/validate

{ "key": "your-license-key", "domain": "example.com" }

Response (default = allowed) – use isActive or allowed:

{ "isActive": true }

or

{ "allowed": true }

Response (when blocked):

{ "isActive": false, "reason": "Blocked by administrator" }

Blocklist

Edit server/blocklist.json:

{
  "blockedKeys": ["revoked-key-1"],
  "blockedDomains": ["unauthorized-site.com"],
  "blockedPairs": [{ "key": "key1", "domain": "bad.com" }]
}
  • blockedKeys – Block any use of these keys
  • blockedDomains – Block any key on these domains
  • blockedPairs – Block specific (key, domain) combinations

Usage log

The server records each validation in server/usage.json (or in-memory if file write fails). Use this to see which domains are using which keys.

Repository structure

hamzcore/                     # NPM package (separate folder & repo)
├── src/
│   ├── index.ts
│   ├── license.ts
│   ├── db.ts
│   ├── crypto.ts
│   └── jwt.ts
├── dist/                     # Package build output
├── server/                   # License validation server (TypeScript)
│   ├── server.ts
│   ├── tsconfig.json
│   ├── blocklist.json
│   └── dist/                 # Server build output
├── package.json
├── tsconfig.json
└── README.md

Where to keep this

Recommended: create a separate GitHub/GitLab repo and push this folder:

cd hamzcore
git init
git add .
git commit -m "Initial hamzcore package"
git remote add origin <your-repo-url>
git push -u origin main

Publish to npm

cd hamzcore
npm run build
npm login
npm publish

For scoped packages (e.g. @hamzosoft/hamzcore): change "name" in package.json to @hamzosoft/hamzcore and run npm publish --access public. For private packages, use npm publish with an npm Pro/Teams account.

Check if name is taken: npm view hamzcore – if 404, the name is available.