npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

trustplane-sdk

v0.4.1

Published

Trustplane SDK (JS) for generating request proof headers

Downloads

283

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

mergematter-ownermergematter-owner

Keywords

Readme

Trustplane JS SDK (v0.3.1)

Minimal SDK to generate Trustplane proof headers.

Install

npm install trustplane-sdk

Usage

const { sign } = require('trustplane-sdk');

const out = sign({
  tenantId: 'mergematter.io',
  apiId: 'api_demo',
  clientId: 'client_demo',
  keyId: 'key_demo',
  privateKey: '<private_key_b64url>',
  method: 'GET',
  path: '/orders',
  body: ''
});

console.log(out.headers);

Verify headers (auth plane)

Call the Auth Plane header-native verifier directly (no JSON body):

const { verifyHeaders } = require('trustplane-sdk');

const res = await verifyHeaders({
  authBaseUrl: 'https://auth.trustplane.mergematter.io',
  tenantId: 'mergematter.io',
  apiId: 'api_demo',
  clientId: 'client_demo',
  keyId: 'key_demo',
  privateKey: '<private_key_b64url>',
  method: 'GET',
  path: '/orders',
  body: '',
});

console.log(res.status, res.data && res.data.decision);

Browser (async)

import { signAsync } from "trustplane-sdk";

const out = await signAsync({
  tenantId: "mergematter.io",
  apiId: "api_demo",
  clientId: "client_demo",
  keyId: "key_demo",
  privateKey: "<private_key_b64url>",
  method: "GET",
  path: "/orders",
  body: ""
});

Config file

const { fromFile } = require('trustplane-sdk');

const client = fromFile('./trustplane.json');
const out = client.sign({
  method: 'GET',
  path: '/orders',
  body: '',
  privateKey: '<private_key_b64url>'
});

Auto-enroll (CSR + OIDC / AWS IID)

Auto-enroll with a workload identity token. The SDK will fetch a GCP metadata token if TP_OIDC_TOKEN is not set, or use AWS IID when proofKind: 'aws_iid'.

const { onboard } = require('trustplane-sdk');

const res = await onboard({
  baseUrl: 'https://control.trustplane.mergematter.io',
  authBaseUrl: 'https://auth.trustplane.mergematter.io',
  tenantId: 'new_tenant',
  clientId: 'new_tenant_client',
  apiId: 'api_demo_2',
  scopes: ['read:demo'],
  proofKind: 'oidc',
  proofAuto: true,
  proofAud: 'trustplane-enroll',
  autoApprove: true,
  verify: true,
});

console.log(res.publicKeyB64Url, res.privateKeyB64Url);

To use a token explicitly:

const { enrollRequest } = require('trustplane-sdk');

const res = await enrollRequest({
  baseUrl: 'https://control.trustplane.mergematter.io',
  tenantId: 'new_tenant',
  clientId: 'new_tenant_client',
  publicKeyB64Url: '<public_key_b64url>',
  scopes: ['read:demo'],
  proofKind: 'oidc',
  proofPayload: '<oidc_jwt>',
  autoApprove: true,
});

// AWS IID (EC2/ECS on EC2)
const res2 = await enrollRequest({
  baseUrl: 'https://control.trustplane.mergematter.io',
  tenantId: 'new_tenant',
  clientId: 'new_tenant_client',
  publicKeyB64Url: '<public_key_b64url>',
  scopes: ['read:demo'],
  proofKind: 'aws_iid',
  proofAuto: true,
  autoApprove: true,
});

Auto-approve retry: if the response includes `auto_approve_reason` with a token
error, the SDK fetches a fresh proof once and retries automatically.

Blindfold verify (one call)

const { blindfoldVerify, fromFile } = require('trustplane-sdk');

const res = await blindfoldVerify({
  authBaseUrl: 'https://auth.trustplane.mergematter.io',
  tenantId: 'new_tenant',
  apiId: 'api_demo_2',
  clientId: 'client_demo',
  privateKey: '<private_key_b64url>',
  method: 'GET',
  path: '/orders',
  body: '',
});

console.log(res.status, res.data);

Blindfold uses a blind OPRF exchange under the hood and only sends a blinded input to the Auth Plane.

You can also load auth_base_url from trustplane.json:

const { fromFile } = require('trustplane-sdk');

const client = fromFile('./trustplane.json');
const res = await client.blindfoldVerify({
  method: 'GET',
  path: '/orders',
  body: '',
  privateKey: '<private_key_b64url>'
});

Integration test (against auth plane)

TP_AUTH_BASE_URL=https://auth.trustplane.mergematter.io \
TP_TENANT_ID=<tenant_id> \
TP_API_ID=<api_id> \
TP_CLIENT_ID=<client_id> \
TP_PRIVATE_KEY=<private_key_b64url> \
TP_VERIFY_HEADERS=true \
TP_MODE=core \
npm run test:integration

For blindfold APIs, use TP_MODE=blindfold.