Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@opencrvs/toolkit

Package Overview
Dependencies
Maintainers
4
Versions
8003
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@opencrvs/toolkit

OpenCRVS toolkit for building country configurations

npmnpm
Version
1.9.8-rc.9a5a91f
Version published
Maintainers
4
Created
Source

OpenCRVS toolkit

OpenCRVS toolkit for building country configurations.

File structure

src/
  events/ # re-exports events module from commons package
  scopes/ # re-exports scopes module from commons package
  conditionals/ # provides tools for easily formulating complex conditionals and deduplication rules
  api/ # provides an API wrapper for OpenCRVS APIs with strict typing and validation

Getting started

Development using yarn link

# tsconfig.json references commons. when `tsc --build` is run, both are built.
> yarn build:all
# If you miss this part you might face issues with types.
> cd dist
> yarn link

Internal dependencies

When adding internal package as dependency, understand that:

  • Internal packages cannot be direct dependencies. Toolkit is published through npm, and dependency cannot be resolved.
  • Packages may have dependencies that require strict order of installation. Ensure installations are run in proper order in pipeline and scripts.

@opencrvs/events

Toolkit "re-exports" TRPC router to allow for easy client interaction.

@opencrvs/commons

Toolkit "re-exports" common definitions (e.g. events, conditionals) and make them available through npm.

Releasing and buiding

While developing

  • Update version number in package.json
  • yarn build:all
  • npm publish

Through version control

  • Update version number in package.json
  • Create a pull request
  • Once merged, github action will get triggered.

Gotchas, good to know

  • All dependencies of the functions and moduless used from packages/commons must be also defined in the package.json of the toolkit. Otherwise someone installing the package will get errors.
  • Package is published and should be used without knowledge of rest of the monorepo
  • Package exposes /events, /scopes directory, with types, from packages/commons through the library, others are excluded.
  • If the above directories have subdirectories, the types are not exposed by default. The compiled JavaScript is available though through esbuild. See build.sh on how to expose subdirectories:
# Build common events
npx esbuild src/events/index.ts --bundle --format=cjs --outdir=./dist/events --allow-overwrite --packages=external
mkdir -p ./dist/commons/events
cp -r ../commons/build/dist/common/events/*.d.ts ./dist/commons/events
mkdir -p ./dist/commons/events/state # <-- create the subdirectory
cp -r ../commons/build/dist/common/events/state/*.d.ts ./dist/commons/events/state # <-- copy the types over

FAQs

Package last updated on 13 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

Research

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

By Socket Research Team  -  Feb 20, 2026
Socket Joins the OpenJS Foundation

Company News

Socket Joins the OpenJS Foundation

Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

By Sarah Gooding  -  Feb 19, 2026