Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@corbado/node-sdk
Advanced tools
This Node.js SDK eases the integration of Corbado's passkey-first authentication solution.
The Corbado Node SDK provides convenient access to the Corbado Backend API from applications written in Node.js.
:warning: The Corbado Node.js SDK is commonly referred to as a private client, specifically designed for usage within closed backend applications. This particular SDK should exclusively be utilized in such environments, as it is crucial to ensure that the API secret remains strictly confidential and is never shared.
:rocket: Getting started | :hammer_and_wrench: Installation | :books: Advanced | :speech_balloon: Support & Feedback
Use the following command to install the Corbado Node.js SDK:
npm install @corbado/node-sdk
To create a Node.js SDK instance you need to provide your Project ID
and API secret
which can be found at the Developer Panel.
const Corbado = require('@corbado/node-sdk');
const projectID = process.env.CORBADO_PROJECT_ID;
const apiSecret = process.env.CORBADO_API_SECRET;
const config = new Corbado.Config(projectID, apiSecret);
const sdk = new Corbado.SDK(config);
import {SDK, Config} from '@corbado/node-sdk';
const projectID = process.env.CORBADO_PROJECT_ID;
const apiSecret = process.env.CORBADO_API_SECRET;
const config = new Config(projectID, apiSecret);
const sdk = new SDK(config);
A list of examples can be found in the integration tests here.
The Corbado Node.js SDK provides the following services:
authTokens
for managing authentication tokens needed for own session management (examples)emailMagicLinks
for managing email magic links (examples)emailOTPs
for managing email OTPs (examples)sessions
for managing sessionssmsOTPs
for managing SMS OTPs (examples)users
for managing users (examples)validations
for validating email addresses and phone numbers (examples)To use a specific service, such as sessions
, invoke it as shown below:
corbado.sessions().getCurrentUser(req);
The Corbado Node.js SDK throws exceptions for all errors. The following errors are thrown:
BaseError
for failed assertions and configuration errors (client side)ServerError
for server errors (server side)If the Backend API returns a HTTP status code other than 200, the Corbado Node.js SDK throws a ServerError
. The ServerError
class provides convenient methods to access all important data:
try {
// Try to get non-existing user with ID 'usr-123456789'
const user = sdk.users().get('usr-123456789');
} catch (error: ServerError) {
// Show HTTP status code (404 in this case)
console.log(error.getHttpStatusCode());
// Show request ID (can be used in developer panel to look up the full request
// and response, see https://app.corbado.com/app/logs/requests)
console.log(error.getRequestID());
// Show full request data
console.log(error.getRequestData());
// Show runtime of request in seconds (server side)
console.log(error.getRuntime());
// Show validation error messages (server side validation in case of HTTP
// status code 400 (Bad Request))
console.log(error.getValidationMessages());
// Show full error data
console.log(error.getError());
}
If you encounter any bugs or have suggestions, please open an issue.
Join our Slack channel to discuss questions or ideas with the Corbado team and other developers.
You can also reach out to us via email at vincent.delitz@corbado.com.
Please report suspected security vulnerabilities in private to security@corbado.com. Please do NOT create publicly viewable issues for suspected security vulnerabilities.
FAQs
This Node.js SDK eases the integration of Corbado's passkey-first authentication solution.
The npm package @corbado/node-sdk receives a total of 168 weekly downloads. As such, @corbado/node-sdk popularity was classified as not popular.
We found that @corbado/node-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.