npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

soc-lite-sdk

v0.1.0

Published

SOC-lite Node.js SDK and Express middleware for request inspection, heartbeat sync, and local observability.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

s17mj_09s17mj_09

Keywords

securitysocmiddlewareexpressowaspobservability

Readme

SOC-lite SDK

SOC-lite is a Node.js security middleware package for Express applications. It connects your application to the SOC-lite control plane, pulls signed heartbeat state, syncs threat signatures, inspects requests, and ships sanitized telemetry upstream.

Repository Layout

soc/
  package/
    index.js          # SDK entry point and middleware assembly
    interceptor.js    # Request inspection and blocking logic
    logger.js         # Async buffered log shipping
    worker.js         # Heartbeat and rule background sync
    dashboard.js      # Local observability UI and stats API
  server/
    src/app.js                        # Hardened Express app bootstrap
    src/server.js                     # HTTP server startup and shutdown
    src/routes/api-v1.js              # /heartbeat, /logs, /rules routes
    src/middleware/verify-agent.js    # API key authentication with Redis cache
    src/services/heartbeat.js         # Signed heartbeat generation
    src/services/log-ingest-queue.js  # Async ClickHouse ingestion queue
    src/services/threat-rules.js      # Threat signature loader and validator
    src/db/*.js                       # PostgreSQL, ClickHouse, Redis clients
    db/postgres/schema.sql            # Management schema
    db/clickhouse/security_logs.sql   # Analytics schema

Requirements

  • Node.js >= 20.11.0
  • Express >= 4.18.0 < 6
  • A reachable SOC-lite server URL in SOC_LITE_SERVER_URL
  • A valid project API key in SOC_LITE_API_KEY

Installation

npm install soc-lite-sdk

The SDK does not ship its own third-party runtime dependencies. Your host application must already use Express.

Mandatory Secret Handling

  1. Store the API key in a .env file.
  2. Load the key into process.env.
  3. Pass process.env.SOC_LITE_API_KEY into the SDK.
  4. Never hardcode the API key in source files.
  5. Never commit .env to source control.

Example .env:

SOC_LITE_API_KEY=replace-with-your-project-api-key
SOC_LITE_SERVER_URL=https://soc.example.com

Recommended .gitignore entry:

.env

Quick Start

'use strict';

require('dotenv').config();

const express = require('express');
const createSocLiteMiddleware = require('soc-lite-sdk');

async function main() {
  const app = express();

  app.use(express.json({ limit: '1mb' }));

  const socLite = await createSocLiteMiddleware({
    apiKey: process.env.SOC_LITE_API_KEY,
    panelPath: '/soc-admin',
    mode: 'monitor'
  });

  app.use(socLite);

  app.get('/healthz', (req, res) => {
    res.json({ ok: true });
  });

  app.listen(3000);
}

main().catch((error) => {
  process.stderr.write(`${error.stack || error}\n`);
  process.exit(1);
});

Config Object

createSocLiteMiddleware(config) accepts:

| Field | Type | Required | Default | Description | | --- | --- | --- | --- | --- | | apiKey | string | Yes | None | Project API key. Pass process.env.SOC_LITE_API_KEY. | | panelPath | string | No | '/soc-admin' | Local dashboard route mounted into the host Express app. | | mode | 'monitor' \| 'block' | No | 'monitor' | Requested protection mode. Effective block mode only activates with a valid signed heartbeat. | | trafficLogging | 'off' \| 'incidents' \| 'all' | No | 'incidents' | Controls whether request logs are buffered and shipped to the SOC-lite server. |

Runtime Behavior

  • On startup, the SDK validates the config object and environment.
  • The first signed heartbeat is fetched before middleware becomes active.
  • Threat rules are pulled from the control plane and compiled in memory.
  • Every 5 minutes, the SDK refreshes heartbeat state.
  • Every 1 hour, the SDK refreshes threat rules without restarting the host server.
  • If heartbeat fails 3 times in a row, or the signed heartbeat becomes stale, the SDK falls back to safe monitor/passive behavior.
  • Request logs are buffered in memory and sent upstream asynchronously in batches.

Local Dashboard

When panelPath is set, the SDK mounts:

  • GET {panelPath} for the local single-page dashboard
  • GET {panelPath}/api/stats for live local stats

Operational guidance:

  • Treat the dashboard as sensitive operational telemetry.
  • Do not expose it on a public route without upstream access controls.
  • Prefer internal-only routing, VPN access, or reverse-proxy authentication in production.

Security Guarantees

The current implementation is designed around OWASP-aligned secure coding practices:

  • Strict environment-variable validation with fail-fast startup
  • No raw API key persistence in server storage
  • SHA-256 derived API key matching on the server
  • HMAC-signed heartbeat verification before block mode activation
  • Constant-time signature comparison
  • JSON-only authenticated POST endpoints on the server
  • Bounded request parsing, queue sizes, payload sizes, and background buffers
  • Sanitization and masking of sensitive request fields and headers before logging
  • Fail-safe degradation to passive or monitor mode during control-plane failure
  • Security headers on both the control-plane API and local dashboard
  • Non-blocking logging and background tasks to reduce host application impact

Developer Rules

  • Do not pass secrets as string literals in application code.
  • Do not disable TLS for the SOC-lite server in production.
  • Do not expose the dashboard route to the public internet without access control.
  • Do not modify SDK request inspection state from application code.
  • Do not rely on block mode unless heartbeat is active and signed.

Troubleshooting

SOC-lite requires an apiKey

Cause: config.apiKey was missing or empty.

Fix: Load SOC_LITE_API_KEY from .env and pass process.env.SOC_LITE_API_KEY.

SOC_LITE_SERVER_URL must use https in production

Cause: The SDK was started in production with a non-local HTTP control-plane URL.

Fix: Use HTTPS for the central SOC-lite server, or bind the control plane to localhost only.

The SDK is in passive mode

Possible causes:

  • The heartbeat endpoint is unreachable
  • The heartbeat signature is invalid or expired
  • The project is paused, archived, or over quota
  • Redis session recording failed on the server

Production Checklist

  • .env is excluded from source control
  • SOC_LITE_SERVER_URL uses HTTPS
  • Server-side API keys are stored as one-way derived values
  • PostgreSQL, Redis, and ClickHouse credentials are rotated and least-privileged
  • Reverse proxy enforces TLS and sane request size limits
  • The local dashboard path is protected or kept internal
  • Monitoring is configured for heartbeat failures and queue backpressure