npm.io
0.3.2 • Published 10h ago

@nauth-toolkit/core

Licence
MIT
Version
0.3.2
Deps
5
Size
3.9 MB
Vulns
0
Weekly
0

nauth-toolkit

npm version license: MIT docs

Authentication that lives in your codebase.

nauth-toolkit is an embedded TypeScript authentication library for Node.js. It runs inside your server process, stores all data in your own database, and makes zero external API calls. No per-user fees, no vendor lock-in — you own the code and the data.

Works with NestJS, Express, and Fastify. Frontend SDKs for Angular and vanilla TypeScript (React, Vue, Svelte).

What it handles

  • Email + password — signup, login, configurable password policies, email and phone verification, forgot/change password
  • Social OAuth — Google, Apple, Facebook with web redirect and native mobile token flows, automatic account linking
  • Multi-factor authentication — TOTP (authenticator apps), SMS codes, email OTP, WebAuthn passkeys, recovery codes
  • Adaptive MFA — risk-based enforcement triggered by new devices, location changes, or anomalous login patterns
  • JWT lifecycle — access + refresh tokens, rotation with reuse detection, configurable delivery via HttpOnly cookies or JSON
  • Sessions — concurrent session limits, device tracking with fingerprinting, IP geolocation, trusted device management, revocation
  • Security — Argon2id hashing, CSRF protection, per-IP and per-user rate limiting, account lockout, audit trail for every security event
  • reCAPTCHA — v3 and Enterprise integration
  • OpenAPI — auto-generated schema from your configuration

How it works

One TypeScript config object defines your entire auth policy — signup rules, MFA enforcement, social providers, session limits, rate limits, token delivery. At startup, nauth-toolkit reads this config and bootstraps all services, middleware, and flows. Your routes stay thin: call authService.signup(dto) and get a result. Multi-step flows (email verification, MFA, password changes) use a challenge-based architecture that returns verification states instead of errors.

Packages

Package Purpose
@nauth-toolkit/core Auth engine — all business logic, framework-agnostic
@nauth-toolkit/nestjs NestJS module — guards, decorators, interceptors
@nauth-toolkit/client Frontend SDK (vanilla JS/TS)
@nauth-toolkit/client-angular Angular SDK
Storage & Database
Package Purpose
@nauth-toolkit/database-typeorm-postgres PostgreSQL via TypeORM
@nauth-toolkit/database-typeorm-mysql MySQL / MariaDB via TypeORM
@nauth-toolkit/storage-redis Redis / Dragonfly session storage
@nauth-toolkit/storage-database Database-backed session storage
Providers
Package Purpose
@nauth-toolkit/mfa-totp TOTP / authenticator apps
@nauth-toolkit/mfa-sms SMS one-time codes
@nauth-toolkit/mfa-email Email one-time codes
@nauth-toolkit/mfa-passkey Passkeys / WebAuthn / FIDO2
@nauth-toolkit/social-google Google OAuth
@nauth-toolkit/social-apple Sign in with Apple
@nauth-toolkit/social-facebook Facebook Login
@nauth-toolkit/email-nodemailer Email via Nodemailer / SMTP
@nauth-toolkit/email-console Console email output (dev)
@nauth-toolkit/sms-aws-sns SMS via AWS SNS
@nauth-toolkit/sms-twilio SMS via Twilio
@nauth-toolkit/sms-console Console SMS output (dev)
@nauth-toolkit/recaptcha reCAPTCHA v3 / Enterprise

Examples

Runnable sample applications live in examples/:

Example Stack
demo-nestjs NestJS + TypeORM + PostgreSQL (most complete)
starter-express Express + TypeORM + PostgreSQL
starter-fastify Fastify + TypeORM + PostgreSQL
demo-angular Angular frontend using @nauth-toolkit/client-angular
starter-react React + Vite frontend using @nauth-toolkit/client

Development

This is a pnpm workspace monorepo (pnpm only — npm/yarn are blocked by a preinstall hook):

pnpm install
pnpm build:all   # build every package in dependency order
pnpm test:all    # run all test suites
pnpm lint        # lint all workspaces

See CONTRIBUTING.md for the full development workflow and docs/ARCHITECTURE.md for the architecture reference.

Documentation nauth.dev
Live demo demo.nauth.dev
Source & community github.com/noorixorg/nauth-toolkit
npm npmjs.com/org/nauth-toolkit

Telemetry

nauth-toolkit collects anonymous usage data (configuration shape only — no PII, IPs, or secrets) to guide development. Opt out anytime with NAUTH_TELEMETRY_DISABLED=1. See nauth.dev/docs/concepts/telemetry for exactly what is sent.

License

MIT

Keywords