npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

weysabi-server

v0.16.0

Published

OpenAI-compatible HTTP server for weysabi

Readme

weysabi-server

OpenAI-compatible HTTP server for weysabi. It exposes OpenAI-style endpoints while routing requests through Weysabi's provider failover, circuit breaker, and retry logic.

Usage

import { createWeysabi } from "weysabi";
import { createServer } from "weysabi-server";

const weysabi = createWeysabi({
  groq: { apiKey: process.env.WEYSABI_GROQ_API_KEY },
});

const server = await createServer(weysabi, {
  port: 3000,
  hostname: "127.0.0.1",
});
console.log(`Server on http://${server.hostname}:${server.port}`);

Or via CLI:

weysabi server --host 127.0.0.1 --port 3000

Endpoints

| Method | Path | Description | | ------ | ---------------------- | ---------------------- | | POST | /v1/chat/completions | Chat completion | | GET | /v1/models | List configured models | | GET | /health | Health check | | GET | /v1/admin/stats | Aggregate usage stats | | GET | /v1/admin/usage | Paginated usage data |

Configuration

| Env Var | Default | Description | | --------------------------- | --------- | ------------------------------------- | | WEYSABI_PORT | 3000 | HTTP server port | | WEYSABI_HOST | 0.0.0.0 | HTTP server bind address | | WEYSABI_API_KEY | — | Bearer token auth (disabled if unset) | | WEYSABI_ADMIN_API_KEY | — | Dedicated key enabling admin routes | | WEYSABI_CORS_ORIGINS | * | Comma-separated CORS origins | | WEYSABI_RATE_LIMIT_RPM | 300 | Per-IP rate limit (requests/minute) | | WEYSABI_MAX_BODY_BYTES | 1048576 | Maximum request body size | | WEYSABI_TRUSTED_PROXIES | empty | Comma-separated direct proxy IPs | | WEYSABI_GROQ_API_KEY | — | Groq provider key | | WEYSABI_OPENAI_API_KEY | — | OpenAI provider key | | WEYSABI_ANTHROPIC_API_KEY | — | Anthropic provider key | | WEYSABI_GOOGLE_API_KEY | — | Google Gemini provider key | | WEYSABI_MISTRAL_API_KEY | — | Mistral provider key |

For multi-instance deployments, inject shared rate-limit and idempotency stores. Redis adapters are re-exported by weysabi-server:

import {
  createServer,
  fromIORedis,
  RedisIdempotencyStore,
  RedisRateLimitStore,
} from "weysabi-server";

const redisClient = fromIORedis(redis);
const server = await createServer(weysabi, {
  rateLimitStore: new RedisRateLimitStore(redisClient),
  idempotencyStore: new RedisIdempotencyStore(redisClient),
});

Control-plane store

The server package includes a project-scoped SQLite control-plane store for local development and single-instance self-hosting:

import { createSqliteControlPlaneStore } from "weysabi-server";

const control = createSqliteControlPlaneStore(".weysabi/control.db");
const project = await control.projects.create({
  name: "Support",
  slug: "support",
});

const createdKey = await control.apiKeys.create({
  projectId: project.id,
  name: "runtime",
  scopes: ["chat:write"],
});

console.log(createdKey.secret); // returned only at creation
await control.close();

The store persists only an Argon2id hash and SHA-256 fingerprint for project API keys. Project deletion cascades to managed child resources. Prompt version allocation and publishing use SQLite transactions.

Control-plane databases use versioned migrations. Databases created by the earlier preview schema must be backed up and recreated rather than being opened with the hardened store.

Injected stores remain caller-owned and are not disposed by server.stop().

Deployment

Docker

docker build -t weysabi-server -f packages/server/Dockerfile .
docker run -p 3000:3000 \
  -e WEYSABI_GROQ_API_KEY=gsk-... \
  -e WEYSABI_API_KEY=sk-weysabi-secret \
  weysabi-server

Railway

  1. Connect your repo
  2. Set build command: bun install
  3. Set start command: bun run packages/server/src/start.ts
  4. Add env vars: WEYSABI_GROQ_API_KEY, WEYSABI_API_KEY, etc.
  5. Deploy — Railway detects the Bun runtime automatically

Fly.io

# Use the included Dockerfile
fly launch --dockerfile packages/server/Dockerfile
fly secrets set WEYSABI_GROQ_API_KEY=gsk-... WEYSABI_API_KEY=sk-...
fly deploy

Render

  1. Create a new Web Service
  2. Build command: bun install
  3. Start command: bun run packages/server/src/start.ts
  4. Set env vars in the dashboard
  5. Render auto-detects Bun from the lockfile

Security

  • Auth: Set WEYSABI_API_KEY to require Authorization: Bearer <key> on all endpoints except /health
  • Rate limiting: Per-IP fixed-window limiting (configurable via WEYSABI_RATE_LIMIT_RPM, default 300/min)
  • Distributed state: Shared rate-limit and idempotency stores can be injected for multi-instance deployments
  • Idempotency safety: Reusing a key with a different request returns 409 instead of stale data
  • Proxy safety: Forwarded IP headers are ignored unless the direct peer appears in WEYSABI_TRUSTED_PROXIES
  • Body limits: Completion requests are capped by WEYSABI_MAX_BODY_BYTES
  • Disconnect handling: Client cancellation aborts the upstream provider stream
  • CORS: Configurable origins via WEYSABI_CORS_ORIGINS (comma-separated, default *)
  • No data leakage: Provider API keys never appear in responses