New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@cushin/api-runtime

Package Overview
Dependencies
Maintainers
1
Versions
20
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cushin/api-runtime

Runtime utilities for Cushin API codegen - types, schemas, and HTTP client

latest
npmnpm
Version
5.0.9
Version published
Maintainers
1
Created
Source

@cushin/api-runtime

Runtime utilities for Cushin API codegen - provides type-safe HTTP client and schema helpers that can be used in both browser and Node.js environments.

Features

  • 🌐 Browser-compatible - No Node.js dependencies, works in any JavaScript environment
  • 🔐 Built-in auth - Token management with automatic refresh
  • 📝 Type-safe - Full TypeScript support with Zod schema validation
  • 🎯 Lightweight - Minimal bundle size, only depends on ky and zod

Installation

npm install @cushin/api-runtime ky zod

Usage

Define your API configuration

import { defineConfig, defineEndpoint } from "@cushin/api-runtime";
import { z } from "zod";

export const apiConfig = defineConfig({
  baseUrl: "https://api.example.com",
  endpoints: {
    getUser: defineEndpoint({
      path: "/users/:id",
      method: "GET",
      params: z.object({ id: z.string() }),
      response: z.object({
        id: z.string(),
        name: z.string(),
        email: z.string(),
      }),
    }),
  },
});

Create API client

import { createAPIClient } from "@cushin/api-runtime";
import { apiConfig } from "./api-config";

const client = createAPIClient(apiConfig, {
  getTokens: async () => ({
    accessToken: localStorage.getItem("token") || "",
  }),
  onAuthError: () => {
    // Redirect to login
  },
  onRefreshToken: async () => {
    // Refresh your token
  },
});

// Use the client
const user = await client.getUser({ id: "123" });

Key Components

createAPIClient(config, authCallbacks?)

Creates a type-safe API client with automatic token injection and refresh.

defineConfig(config)

Helper function to define your API configuration with type inference.

defineEndpoint(config)

Helper function to define individual endpoints with full type safety.

Why separate from @cushin/api-codegen?

The runtime code needs to be imported by your web application, while the code generation tools (@cushin/api-codegen) contain Node.js-specific code (file system, path manipulation, etc.) that cannot be bundled for the browser.

By separating the runtime into its own package:

  • ✅ Your web app can import runtime code without bundling Node.js dependencies
  • ✅ Smaller bundle size for your application
  • ✅ Clear separation of concerns

Related Packages

  • @cushin/api-codegen - CLI tool to generate type-safe API clients
  • @cushin/codegen-cli - Shared CLI utilities

License

MIT

Keywords

api
runtime
client
typescript
type-safe

FAQs

Package last updated on 09 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026