npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

tokauthjs

v1.0.0

Published

File-based registration and token authentication helper.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

crane_010crane_010

Keywords

authauthenticationregistrationtokentokensloginuseruserspasswordpbkdf2uuidfilefile-storagenodenodejs

Readme

tokauthjs

Lightweight file-backed registration and token authentication utilities for Node.js projects.

Features

  • Email/password registration with PBKDF2 password hashing and per-user salts.
  • Token-based authentication with configurable token lifetime.
  • File storage automatically created for users and tokens.
  • Helper methods to verify tokens, fetch user details, and revoke tokens.

Installation

npm install tokauthjs

Quick Start

const path = require('path');
const { FileAuthManager } = require('tokauthjs');

async function main() {
  const auth = new FileAuthManager({
    usersFilePath: path.join(__dirname, 'storage', 'users.json'),
    tokensFilePath: path.join(__dirname, 'storage', 'tokens.json'),
    tokenTtlSeconds: 60 * 60, // optional, defaults to 24 hours
  });

  // Register a user
  await auth.registerUser({
    email: '[email protected]',
    password: 'strongpassword',
    username: 'ExampleUser', // optional
  });

  // Authenticate the user
  const { token, user } = await auth.authenticate({
    email: '[email protected]',
    password: 'strongpassword',
  });

  console.log('Access token:', token);
  console.log('User details:', user);

  // Fetch user details later using the token
  const userFromToken = await auth.getUserByToken(token);
  console.log('User from token:', userFromToken);
}

main().catch(console.error);

API

new FileAuthManager(options)

| Option | Type | Required | Description | | ------ | ---- | -------- | ----------- | | usersFilePath | string | Yes | Path to the JSON file storing user records. | | tokensFilePath | string | Yes | Path to the JSON file storing issued tokens. | | tokenTtlSeconds | number | No | Token time-to-live in seconds. Default is 24 hours. Use null/0 for no expiry. |

registerUser({ email, password, username })

Registers a new user. The email must be unique. Returns the public user profile.

authenticate({ email, password })

Validates credentials, issues a new token, and returns { token, user }.

getUserByToken(token)

Returns the public user profile associated with the token. Throws if the token is invalid or expired.

getUserIdFromToken(token)

Returns the user ID associated with the token.

revokeToken(token)

Deletes the token, preventing further use.

listActiveTokens(userId)

Lists non-expired tokens for the specified user ID.

Notes

  • Passwords are hashed with PBKDF2 (sha512, 100k iterations). Store the password securely and never log it.
  • JSON files are created automatically if missing. Ensure the running process has read/write access.
  • For production scenarios, consider swapping the file storage out for a database. The class can serve as a reference implementation.