npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

wiki-plugin-useraccesstokens

v0.1.0

Published

Federated Wiki plugin for managing User Access Tokens (API tokens) for programmatic authentication

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cgalocgalobortsebbortsebwikicafewikicafe

Keywords

wikifederated wikipluginuser access tokensapi tokensauthenticationsecurityauthorization

Readme

Federated Wiki - UserAccessTokens Plugin

This plugin allows users to create, manage, and revoke User Access Tokens. User Access Tokens, also known elsewhere as "API tokens" or "personal access tokens", offer a way to authenticate users without requiring them to enter their username and password for every request. This allows for interactions with FedWiki through scripts or other applications while maintaining security.

Implementation Notes

  • Token generation:
    • Generate cryptographically secure random tokens (32+ bytes) using crypto with a secure hashing algorithm (e.g., bcrypt or Argon2).
    • Include a token type prefix fwuat- to distinguish User Access Tokens from other types of tokens in the system.
  • Token storage:
    • Store tokens in the file system, specifically in the site's status subdirectory in a file named user-access-tokens.json.
  • Token format:
    • Each token should be a JSON object with the following structure:
      {
  "name": "TOKEN_NAME",
  "user": "USERNAME",
  "tokenHash": "UNIQUE_TOKEN_STRING",
  "displayHint": "LAST_FOUR_CHARACTERS_OF_TOKEN",
  "created": "DATE_STRING_ISO8601",
  "expires": "DATE_STRING_ISO8601",
  "lastUsed": "DATE_STRING_ISO8601",
  "revoked": false, // or true
  "scopes": ["site:read", "site:write"] // optional, for future use
}
      • name: A human-readable name for the token. This must be unique for the site.
      • user: The username of the user who created the token.
      • tokenHash: A unique, securely generated token string stored in a hashed format using a secure hashing algorithm (e.g., bcrypt or Argon2).
      • displayHint: The last four characters of the token, used for display purposes. Helps users identify tokens without revealing the full token.
      • created: The date and time when the token was created, in ISO 8601 format.
      • expires: The date and time when the token will expire, in ISO 8601 format. If not set, the token does not expire.
      • lastUsed: The date and time when the token was last used, in ISO 8601 format.
      • revoked: A boolean indicating whether the token has been revoked.
      • scopes: An array of strings representing the scopes assigned to the token. If empty, the token has full access. This is a placeholder for future enhancements.
  • Token management:
    • Provide UI and API endpoints for creating, listing, revoking, and deleting tokens.
    • Return the full token only once (upon creation) to the user. Make sure to inform the user to store it securely, as it will not be retrievable later.
    • Tokens will not work if they are expired, revoked, or deleted.
    • The user may GET a token or list of tokens, however, the hashed token string should be stripped from the response to prevent accidental exposure.
  • Token usage:
    • Tokens should be included in the Authorization HTTP header of API requests, using the Bearer scheme.
  • Token validation and security:
    • Check only tokens with the fwuat- prefix.
    • Tokens should be treated as sensitive information. They should not be logged or exposed in any way.
    • Implement rate limiting to prevent abuse of the API using tokens. This is necessary because tokens can be used without user interaction.
    • Tokens should only be transmitted over secure connections (HTTPS) to prevent interception.

Build

npm install npm run build

License

MIT