Security News
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems
RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.
By Sarah Gooding - Jun 05, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@supertokens-plugins/rownd-nodejs
Advanced tools
SuperTokens Rownd User Migration Plugin
This plugin facilitates the migration of users and sessions from Rownd to SuperTokens.
Installation
npm install @supertokens-plugins/rownd-nodejs
Quick Start
Backend Configuration
Initialize the plugin in your SuperTokens backend configuration.
[!IMPORTANT] This plugin requires the
SessionandUserMetadatarecipes to be initialized in your SuperTokens configuration.
import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";
import UserMetadata from "supertokens-node/recipe/usermetadata";
import RowndMigrationPlugin from "@supertokens-plugins/rownd-nodejs";
SuperTokens.init({
appInfo: {
// your app info
},
recipeList: [
Session.init(),
UserMetadata.init(),
// your other recipes
],
experimental: {
plugins: [
RowndMigrationPlugin.init({
rowndAppKey: process.env.ROWND_APP_KEY,
rowndAppSecret: process.env.ROWND_APP_SECRET,
enableDebugLogs: process.env.ENABLE_DEBUG_LOGS === "true",
}),
],
},
});
API Endpoint
The plugin exposes a single endpoint:
[!IMPORTANT] The plugin always migrates users and sessions into the
publictenant. Rownd users with multiple supported login methods are rejected unless SuperTokens account linking is enabled in the target environment.
Migrate
- POST
/plugin/rownd/migrate - Headers:
Authorization: Bearer <Rownd_JWT> - Description: Validates the Rownd JWT, ensures the user is migrated to SuperTokens in the
publictenant, syncs Rownd user data to SuperTokens UserMetadata, and then creates a new SuperTokens session for that user.
Debug Logging
Set enableDebugLogs: true in the plugin config to enable debug logging.
Telemetry
Telemetry is optional. If telemetry is omitted from the plugin config, no telemetry is emitted.
The plugin emits exactly one telemetry event per /migrate call result.
Event shape
Each event includes endpoint outcome data only (not step-by-step events), including:
operation:migrateoutcome:successorerrordurationMstenantId(when available)rowndUserId(when available)superTokensUserId(when available)migrationState:already-migratedorimported-during-request(when available)- for errors:
error.messageanderror.name
[!NOTE] Telemetry failures never fail migration endpoints. Errors in telemetry reporting are swallowed.
Provider: OpenTelemetry
RowndMigrationPlugin.init({
rowndAppKey: process.env.ROWND_APP_KEY,
rowndAppSecret: process.env.ROWND_APP_SECRET,
telemetry: {
provider: "opentelemetry",
},
});
[!IMPORTANT] This plugin uses
@opentelemetry/apionly. You still need to initialize OpenTelemetry SDK/exporters in your app for spans to be exported.
Provider: Axiom
RowndMigrationPlugin.init({
rowndAppKey: process.env.ROWND_APP_KEY,
rowndAppSecret: process.env.ROWND_APP_SECRET,
telemetry: {
provider: "axiom",
token: process.env.AXIOM_TOKEN!,
dataset: process.env.AXIOM_DATASET!,
// optional, defaults to https://api.axiom.co/v1/datasets
// url: "https://api.axiom.co/v1/datasets",
},
});
Provider: Custom
RowndMigrationPlugin.init({
rowndAppKey: process.env.ROWND_APP_KEY,
rowndAppSecret: process.env.ROWND_APP_SECRET,
telemetry: {
provider: "custom",
factory: () => ({
recordEvent: async (event) => {
// send to your telemetry backend
},
}),
},
});
Bulk Import Script
The package includes a bulk migration script for importing Rownd users into SuperTokens.
The script now runs directly from a YAML config file that lives beside the script:
- config file:
packages/rownd-nodejs/scripts/config.yaml - script:
packages/rownd-nodejs/scripts/bulkMigrate.ts
Usage
- Edit
scripts/config.yamlwith your Rownd and SuperTokens credentials. - Run the script from
packages/rownd-nodejs.
npm run bulk-import
The script:
- fetches users from Rownd page by page
- validates the Rownd payload shape with
zod - maps users with
mapRowndUserToSuperTokens - imports them into SuperTokens in bounded batches
- writes a checkpoint file so the run can resume later
Config File
All runtime config is read from scripts/config.yaml.
There is no environment variable parsing.
Keywords
FAQs
Rownd User Migration Plugin for SuperTokens
The npm package @supertokens-plugins/rownd-nodejs receives a total of 333 weekly downloads. As such, @supertokens-plugins/rownd-nodejs popularity was classified as not popular.
We found that @supertokens-plugins/rownd-nodejs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 27 Apr 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.
By Sarah Gooding - Jun 04, 2026
Security News
Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog
Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.
By Sarah Gooding - Jun 03, 2026