npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nanvc

v2.1.0

Published

Lightweight TypeScript client for HashiCorp Vault with typed KV v2, AppRole, response wrapping, and database secrets support.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ionutzailicionutzailic

Keywords

vaulthashicorp-vaultvault-clientvault-http-clienthttp-clienthashicorpsecretssecret-managementkvkv-v2vault-kvvault-kv-v2approlevault-approleresponse-wrappingdatabase-secretsvault-databasetypescripttypescript-vault-clientnodenodejsesm

Readme

nanvc

build status code coverage npm downloads

nanvc is a lightweight TypeScript client for the HashiCorp Vault HTTP API. It is built for Node.js applications that need typed Vault access without a large framework around secrets, auth, or infrastructure automation.

Use it for typed KV v1/KV v2 secret workflows, AppRole authentication, response wrapping, system policy helpers, database secrets, optional request logging, and raw Vault API calls when you need an escape hatch.

Full documentation: zailic.github.io/nanvc

Why nanvc

  • Typed Vault client for TypeScript: exported request and response types for the v2 client surface.
  • KV shortcuts that feel like the Vault CLI: read, write, delete, and list support KV v1 by default and KV v2 with { engineVersion: 2 }.
  • Focused high-level APIs: helpers for AppRole, KV v1, KV v2, system policies, response wrapping, and database secrets.
  • Raw API escape hatch: RawVaultClient lets you call unsupported Vault endpoints without leaving the same client setup.
  • Result-based error handling: use tuple-style results or .unwrap(), .unwrapOr(), and related helpers.
  • Production-friendly basics: ESM, Node.js >=20, optional TLS/mTLS, and opt-in request lifecycle logs.

Install

npm install nanvc
import { VaultClientV2 } from 'nanvc';
const vault = new VaultClientV2();
await vault.write('secret/apps/demo', { password: 's3cr3t' }).unwrap();
const secret = await vault.read<{ password: string }>('secret/apps/demo').unwrap();

Common Workflows

KV v2

await vault.write(
    'secret-v2',
    'apps/demo',
    { apiKey: 'dev-key' },
    { engineVersion: 2 },
).unwrap();

const value = await vault.read<{ apiKey: string }>(
    'secret-v2',
    'apps/demo',
    { engineVersion: 2 },
).unwrap();

For the full versioned KV workflow, including patch, metadata, history, soft-delete, undelete, destroy, automatic deletion, and CAS examples, see the versioned KV guide.

AppRole

const login = await vault.auth.loginWithAppRole({
    role_id: process.env.VAULT_ROLE_ID,
    secret_id: process.env.VAULT_SECRET_ID,
}).unwrap();

See the runnable VaultClientV2 AppRole example.

Response Wrapping

const wrapped = await vault.sys.wrapping.wrap(
    { role_id: '...', secret_id: '...' },
    '5m',
).unwrap();

const unwrapped = await vault.sys.wrapping.unwrap(wrapped.wrap_info.token).unwrap();

See the request wrapping example.

Database Secrets

await vault.secret.db.configureConnection('database', 'postgres', {
    plugin_name: 'postgresql-database-plugin',
    connection_url: 'postgresql://{{username}}:{{password}}@localhost/postgres',
    allowed_roles: ['readonly'],
}).unwrap();

const creds = await vault.secret.db.generateCredentials('database', 'readonly').unwrap();

Error Handling

VaultClientV2 and RawVaultClient return a promise-like Result<T>. You can use tuple-style handling:

const [secret, error] = await vault.read<{ password: string }>('secret/apps/demo');

if (error) {
    console.error(error.message);
} else {
    console.log(secret.password);
}

Or use helpers:

const secret = await vault.read<{ password: string }>('secret/apps/demo').unwrap();
const fallback = await vault.read('secret/missing').unwrapOr({ password: 'fallback' });

Read more in the error handling guide.

Raw Vault API

When a high-level helper does not cover an endpoint yet, call Vault directly:

const info = await vault.raw.get('/sys/host-info').unwrap();

See the VaultClientV2 API reference for the full typed surface.

Logging

Logging is disabled by default. Enable request lifecycle logs with:

NANVC_LOG_LEVEL=debug node app.js

Supported levels are error, warn, info, and debug. Logs include method, URL, status, and duration, but never tokens or request/response bodies.

Client Versions

New development is focused on VaultClientV2, the typed client built on RawVaultClient. The original VaultClient remains available for compatibility and for optional mTLS support.

Original client documentation:

CommonJS consumers can load this ESM-only package with dynamic import():

const { VaultClientV2 } = await import('nanvc');

Links

Requirements

  • Node.js >=20
  • ESM project or dynamic import() from CommonJS

License

MIT