Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@stigg/sidecar

Package Overview
Dependencies
Maintainers
27
Versions
91
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@stigg/sidecar

Stigg sidecar

latest
npmnpm
Version
3.94.0
Version published
Maintainers
27
Created
Source

Stigg Sidecar Service

What does Stigg Sidecar do?

Stigg Sidecar is a tiny service that runs alongside the main application, acting as a proxy between the host and the Stigg API, while ensuring low latency entitlement checks, handles caching and provides simplified access to real-time data.

The benefits of deploying the Sidecar:

  • Less CPU consumption and memory footprint for the host application when compared to embedding the SDK directly
  • Language neutral API via Protocol Buffers and gRPC
  • Support for in-memory cache or external cache (Redis) for entitlements and usage data
  • Scaled together with the main application, or independently if deployed as a standalone service
  • Synergy with persistent-cache-service if external cache is in use
  • Easy generation of SDK clients in multiple languages, backed by well-known RPC frameworks and tools

Architecture

Architecture

Prerequisites:

  • Docker
  • Redis instance, if redis cache is used

Usage:

Login to AWS ECR:

aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/stigg

Run the service:

docker run  --rm --name stigg-sidecar --memory=1gb --cpus="1" \
  --publish=80:80 --publish=8080:8080 \
  -e SERVER_API_KEY="<SERVER_API_KEY>" \
  public.ecr.aws/stigg/sidecar:latest

Configuration:

Environment VariableTypeDefaultDescription
SERVER_API_KEYString*Environment server API key
API_URLStringhttps://api.stigg.ioStigg API address URL
EDGE_ENABLEDBoolean1Edge API enabled
EDGE_API_URLStringhttps://edge.api.stigg.ioEdge API URL
WS_ENABLEDBoolean1Websocket enabled
WS_URLStringwss://api.stigg.ioWebsocket API URL
REDIS_ENVIRONMENT_PREFIXStringIdentifier of the environment. If provided, Redis cache will be used.
REDIS_HOSTStringlocalhostRedis host address
REDIS_PORTNumber6379Port of your redis
REDIS_DBNumber0DB identifier to use when writing to Redis
REDIS_USERNAMEStringRedis username
REDIS_PASSWORDStringRedis password
REDIS_KEYS_TTL_IN_SECSNumber7 * 24 * 60 * 60Time for entitlements to be cached,
in milliseconds
GRPC_PORTNumber80Service port (HTTP/2)
PORTNumber8443Deprecated TLS service port (HTTP/2 TLS)
METRICS_PORTNumber8080Metrics and health endpoints port (HTTP/1)
ENTITLEMENTS_FALLBACKString``Fallback entitlements in a JSON string format.
HEALTH_ENDPOINT_URLStringlivezHealth endpoint URL
READY_ENDPOINT_URLStringreadyzReady endpoint URL
OFFLINEBooleanEnable offline mode for local development
ENTITLEMENTS_TIMEOUTNumber10 * 1000Entitlements request timeout in milliseconds

*Required fields

Health and Metrics:

The service exposes health and metrics endpoints on HTTP server (default port 8080).

GET /livez

Returns 200 if the service is alive.

Healthy response: {"status":"UP"}

GET /readyz

Returns 200 if the service is ready.

Healthy response: { "status": "UP" }

GET /metrics

Returns Prometheus metrics in text format.

FAQs

Package last updated on 18 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique

Research

Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique

A malicious package uses a QR code as steganography in an innovative technique.

By Olivia Brown  -  Sep 22, 2025