npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

whoworked

v0.5.0

Published

Official TypeScript SDK for the WhoWorked API.

Readme

whoworked

Official TypeScript SDK for the WhoWorked API.

npm install whoworked

Quick start

import { WhoWorked } from "whoworked";

const client = new WhoWorked({
  apiKey: process.env.WHOWORKED_API_KEY,
});

const page = await client.entries.list({
  workspace_id: "wsp_01HQ...",
});

for (const entry of page.data) {
  console.log(entry.description, entry.duration_seconds);
}

Authentication

The SDK accepts either an API key or an OAuth access token.

// Server-side, your own workspace:
const client = new WhoWorked({ apiKey: process.env.WHOWORKED_API_KEY });

// Third-party integration, end-user's workspace:
const client = new WhoWorked({ accessToken: oauthTokens.access_token });

// Rotate tokens after refresh:
client.setAccessToken(newAccessToken);

Get an API key from your workspace settings. For OAuth integrations, see OAuth flow below.

Pagination

List endpoints return a single page plus a cursor. Use .paginate(...) for auto-pagination:

for await (const entry of client.entries.list.paginate({ workspace_id })) {
  console.log(entry.id);
}

Or page manually:

const page = await client.entries.list({ workspace_id, limit: 100 });
if (page.pagination.has_more) {
  const next = await client.entries.list({
    workspace_id,
    cursor: page.pagination.next_cursor,
  });
}

Errors

Errors are typed and instanceof-checkable:

import {
  WhoWorkedError,
  RateLimitError,
  ValidationError,
  NotFoundError,
  AuthenticationError,
} from "whoworked";

try {
  await client.entries.create({ workspace_id, body });
} catch (e) {
  if (e instanceof RateLimitError) {
    await sleep(e.retryAfter * 1000);
  } else if (e instanceof ValidationError) {
    console.error("Bad request:", e.message, e.requestId);
  } else if (e instanceof WhoWorkedError) {
    console.error("API error:", e.code, e.requestId);
  }
}

All errors expose .status, .code, .message, .requestId, .docsUrl. Include the requestId when reporting bugs — we use it to look up server logs.

Retries

The SDK retries automatically on 429 (honoring Retry-After) and 5xx, with exponential backoff + jitter. Configure with maxRetries:

const client = new WhoWorked({
  apiKey: process.env.WHOWORKED_API_KEY,
  maxRetries: 5, // default 2
});

OAuth flow

For third-party integrations that need access to other users' workspaces, use the OAuth authorization code + PKCE flow:

import { OAuth } from "whoworked";

// 1. On a "Connect WhoWorked" button click, build the authorize URL:
const { url, codeVerifier, state } = await OAuth.startAuth({
  clientId: "oauth_app_...",
  redirectUri: "https://yourapp.com/oauth/callback",
  scopes: ["entries:read", "entries:write"],
});

// Save `codeVerifier` and `state` (e.g., in a session cookie).
// Redirect the user to `url`.

// 2. In your callback handler:
const code = new URL(request.url).searchParams.get("code");
const tokens = await OAuth.exchangeCode({
  code,
  codeVerifier, // recovered from session
  clientId: "oauth_app_...",
  redirectUri: "https://yourapp.com/oauth/callback",
});
// { access_token, refresh_token, expires_in, token_type, scope }

// 3. Use the access token:
const client = new WhoWorked({ accessToken: tokens.access_token });

// 4. Refresh when the access token expires:
const fresh = await OAuth.refresh({
  refreshToken: tokens.refresh_token,
  clientId: "oauth_app_...",
});
client.setAccessToken(fresh.access_token);

Runtimes

  • Node 18+
  • Browsers (modern, globalThis.fetch + crypto.subtle)
  • Cloudflare Workers
  • Vercel Edge
  • Deno
  • Bun

Examples

See examples/ for runnable scripts.

License

Proprietary — Copyright (c) 2025 WhoWorked. All rights reserved. See LICENSE.md.