npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

openapi-studio-proxy

v2.1.0

Published

Self-hosted CORS proxy for OpenAPI Studio — execute API requests server-side bypassing CORS, with timing breakdowns, size metrics, and seamless PKCE OAuth login. Token stored automatically in ~/.oas/config.json.

Downloads

173

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

efemerefemer

Keywords

openapiproxycorsapi-testingapi-proxycors-proxyopenapi-studiorest-apiswaggerhttp-proxy

Readme

openapi-studio-proxy

Self-hosted execution proxy for OpenAPI Studio — bypass CORS restrictions when testing APIs, with full timing and size metrics.

Quick Start

npx openapi-studio-proxy --token <your-proxy-token>

Generate a proxy token at openapistudio.app/settings?tab=proxyTokens.

Installation

# Run directly (no install)
npx openapi-studio-proxy --port 8787 --token <token>

# Or install globally
npm install -g openapi-studio-proxy
openapi-studio-proxy --port 8787 --token <token>

Options

| Flag | Env Var | Default | Description | |------|---------|---------|-------------| | --port, -p | PROXY_PORT | 8787 | Port to listen on | | --token, -t | PROXY_TOKEN | — | Proxy token from OpenAPI Studio (required) | | --local | — | — | Local mode: validates against http://localhost:4321 | | --dev | — | — | Dev mode: validates against https://dev.openapistudio.com | | --studio-url | OPENAPI_STUDIO_URL | https://openapistudio.app | Custom Studio URL (overrides mode default) | | --allowed-origins | — | Studio + localhost | Comma-separated allowed CORS origins |

Modes

The proxy supports three modes that control which OpenAPI Studio instance it authenticates against.

Production (default)

npx openapi-studio-proxy --token proxy_abc123...

Validates tokens against https://openapistudio.app. Strict TLS — all HTTPS targets must have valid certificates.

Local

npx openapi-studio-proxy --local --token proxy_abc123...

Validates tokens against your local dev server at http://localhost:4321. Run this alongside pnpm dev when developing OpenAPI Studio locally.

  • TLS verification disabled — self-signed certs and non-HTTPS targets are accepted
  • Extra CORS origins allowed: localhost:4321, localhost:3000, localhost:8788 (+ 127.0.0.1 variants)

Dev / Staging

npx openapi-studio-proxy --dev --token proxy_abc123...

Validates tokens against the staging environment at https://dev.openapistudio.com.

  • TLS verification disabled — same relaxed SSL behavior as --local

Custom Studio URL

Use --studio-url to point at any OpenAPI Studio instance. This overrides the URL set by --local or --dev, while keeping the mode's TLS behavior:

# Custom URL with strict TLS (production mode)
npx openapi-studio-proxy --token proxy_abc123... --studio-url https://studio.internal.corp

# Custom URL with relaxed TLS (local mode)
npx openapi-studio-proxy --local --token proxy_abc123... --studio-url http://192.168.1.50:4321

# Custom URL with relaxed TLS (dev mode)
npx openapi-studio-proxy --dev --token proxy_abc123... --studio-url https://staging.example.com

Mode comparison

| | Production | --local | --dev | |---|---|---|---| | Studio URL | https://openapistudio.app | http://localhost:4321 | https://dev.openapistudio.com | | TLS verification | Strict | Disabled | Disabled | | Self-signed certs | Rejected | Accepted | Accepted | | HTTP targets | Allowed | Allowed | Allowed | | Token validation | Required | Required | Required | | /health response | "mode": "production" | "mode": "local" | "mode": "dev" |

Token Management

Proxy tokens are managed in the OpenAPI Studio web UI:

  1. Go to Settings > Proxy Tokens (openapistudio.app/settings?tab=proxyTokens)
  2. Click Create Token — choose a name and expiry period
  3. Copy the token (shown only once) or the ready-to-run setup command
  4. Start the proxy with your token

From the same page you can:

  • Rotate a token (revokes the old one and issues a new one)
  • Revoke a token (proxy disconnects within 5 minutes)
  • View usage stats: request count, last used, last IP

Plan limits apply: Free (2 tokens / 30 days), Shipper (10 / 365 days), Fleet (unlimited).

Real-Time Status

Once your proxy is running, OpenAPI Studio tracks its status in real time:

  • Heartbeat: The proxy pings Studio every 5 minutes with its URL, version, and uptime
  • Online indicator: A green pulse dot appears next to your proxy in Settings and the executor panel
  • Cross-tab sync: Status updates propagate via Firebase Firestore — all open tabs and devices see changes instantly
  • Executor dropdown: When you select "Private Proxy" mode, a dropdown shows all your proxies with live status (online/offline/unknown)

If the proxy stops or the token is revoked, the status flips to offline within 10 minutes.

Endpoints

GET /health

Returns proxy status:

{
  "status": "ok",
  "version": "1.3.0",
  "mode": "production",
  "uptime": 3600,
  "user": "your-username"
}

In --local or --dev mode, the response also includes studioUrl:

{
  "status": "ok",
  "version": "1.3.0",
  "mode": "local",
  "uptime": 120,
  "user": "dev-user",
  "studioUrl": "http://localhost:4321"
}

POST /execute

Proxies an HTTP request to any target API.

Headers: Authorization: Bearer <token>

Request body:

{
  "url": "https://api.example.com/users",
  "method": "GET",
  "headers": { "Accept": "application/json" },
  "body": null
}

Response: Full response with timing breakdown and size metrics:

{
  "id": "abc123",
  "status": 200,
  "statusText": "OK",
  "headers": { "content-type": "application/json" },
  "body": "{...}",
  "durationMs": 142.5,
  "sizeBytes": 1024,
  "timing": {
    "prepareMs": 0.1,
    "dnsLookupMs": 12.3,
    "tcpHandshakeMs": 15.2,
    "sslHandshakeMs": 22.1,
    "waitingMs": 85.4,
    "downloadingMs": 7.2,
    "totalMs": 142.5
  },
  "sizes": {
    "requestHeaders": 256,
    "requestBody": 0,
    "responseHeaders": 512,
    "responseBody": 1024,
    "responseBodyUncompressed": 1024
  }
}

Deployment

Docker (recommended for servers)

# Pull from GitHub Container Registry
docker pull ghcr.io/omazyai/openapi-studio-proxy:latest

# Run
docker run -d \
  --name openapi-proxy \
  -p 8787:8787 \
  -e PROXY_TOKEN=proxy_abc123... \
  ghcr.io/omazyai/openapi-studio-proxy:latest

Docker Compose

services:
  proxy:
    image: ghcr.io/omazyai/openapi-studio-proxy:latest
    ports:
      - "8787:8787"
    environment:
      - PROXY_TOKEN=proxy_abc123...
    restart: unless-stopped

PM2 (persistent process)

npm install -g openapi-studio-proxy
pm2 start openapi-studio-proxy -- --port 8787 --token proxy_abc123...
pm2 save

Systemd

[Unit]
Description=OpenAPI Studio Proxy
After=network.target

[Service]
ExecStart=/usr/bin/openapi-studio-proxy --port 8787 --token proxy_abc123...
Restart=always
RestartSec=5
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target

Publishing (maintainers)

npm

cd packages/openapi-studio-proxy
npm login
npm publish

After publishing, npx openapi-studio-proxy works globally.

Docker image (automated)

Docker images are built and pushed automatically by GitHub Actions on tagged releases:

git tag proxy-v1.3.0
git push origin proxy-v1.3.0

This triggers the proxy-docker.yml workflow which builds and pushes to ghcr.io/omazyai/openapi-studio-proxy with tags: 1.3.0, 1.3, 1, latest.

After the first push, set the package to Public in GitHub Package Settings.

How It Works

Browser (OpenAPI Studio)
  │
  ├─ Browser Fetch (default) ──→ Target API    (may CORS block)
  ├─ Cloud Proxy ($9/mo)     ──→ /api/execute ──→ Target API
  └─ Self-Hosted Proxy (free) ──→ localhost:8787 ──→ Target API
       │
       openapi-studio-proxy (your machine or server)
       ├─ Validates token on startup
       ├─ Heartbeats every 5 min (reports URL, version, IP)
       └─ Forwards requests server-side (no CORS)

The proxy validates your token against OpenAPI Studio on startup, then forwards API requests server-side — avoiding browser CORS restrictions entirely. Responses include detailed timing metrics (DNS lookup, TCP/SSL handshake, TTFB, download) and size breakdowns.

Superadmin Dashboard

System administrators can monitor all proxy tokens across all users at /admin/proxy:

  • Total tokens, active proxies (24h), total requests, unique users
  • Token table with search by name, email, URL
  • Revoke any token (proxy disconnects within 5 minutes)

License

MIT