npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vibrant-auth-middleware

v1.2.1

Published

A Nest.js middleware for authenticating users with JWT.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

grissom6125grissom6125

Keywords

nestjsauthjwtmiddleware

Readme

Vibrant Auth Middleware for Nest.js

A Nest.js middleware for authenticating users with JWT.

Installation

npm install vibrant-auth-middleware-nodejs cookie-parser

Features

  • Supports HS256 and RS256 JWT algorithms.
  • Retrieves token from access_token cookie (requires token_type cookie to be 'Bearer') or Authorization header.
  • Easy integration with Nest.js applications.
  • Configurable with secrets or public keys.

Usage

Import AuthModule into your application module. You must provide both a HS256 secret and an RS256 public key.

import { Module } from '@nestjs/common';
import { AuthModule } from 'vibrant-auth-middleware-nodejs';

@Module({
  imports: [
    AuthModule.forRoot({
      hs256_secret: 'your-hs256-secret',
      rs256_public_key: 'your-rs256-public-key',
    }),
  ],
})
export class AppModule {}

Authentication with AuthGuard (Recommended for HTTP & gRPC)

Use AuthGuard for unified support across HTTP and gRPC contexts.

import { Controller, Get, UseGuards } from '@nestjs/common';
import { AuthGuard } from 'vibrant-auth-middleware-nodejs';

@Controller('users')
@UseGuards(AuthGuard)
export class UserController {
  @Get('profile')
  getProfile() {
    // User is authenticated
  }
}

Authentication with Middleware (HTTP Only)

Apply the AuthMiddleware to your routes. You will also need to use the cookie-parser middleware.

import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
import { AuthMiddleware } from 'vibrant-auth-middleware-nodejs';
import * as cookieParser from 'cookie-parser';

@Module({})
export class AppModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {
    consumer
      .apply(cookieParser(), AuthMiddleware)
      .forRoutes('protected-route');
  }
}

Accessing User Information

The availability of the user object depends on the execution context:

  • HTTP Context: The decoded user information is attached to the request object (req.user).
  • RPC Context: The token is validated, but the user information is NOT attached to the context or data stream automatically. You should handle user identification within your business logic if needed.

HTTP Headers

The middleware/guard looks for the Authorization header with the Bearer scheme:

Authorization: Bearer <your_jwt_token>

HTTP Cookies

If using cookies, BOTH cookies are required:

  1. access_token: The JWT token.
  2. token_type: Must be set to Bearer.

Example (Setting cookies in Express/NestJS):

res.cookie('access_token', token, { httpOnly: true });
res.cookie('token_type', 'Bearer', { httpOnly: true });

gRPC Metadata

For gRPC requests, the Authorization metadata key is checked:

const metadata = new Metadata();
metadata.add('Authorization', 'Bearer <your_jwt_token>');

The AuthModule.forRoot() method accepts a configuration object with the following properties:

  • hs256_secret (string): The secret key for HS256. This is a required field.
  • rs256_public_key (string): The public key for RS256. This is a required field.

License

This project is licensed under the ISC License.