Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
access-token-api
Advanced tools
access-token-api
A simple api access token support count and ttl,which base on nodejs. It can protect your api,prevent CSRF attacks, api called count with ttl.
examples
install
npm install access-token-api
usage
Single Process
`nodejs`
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(html,token,callback){
//if you want to custom you webtoken inject in hmlt , you can do in this function. example:
var htmlEndIndex = html.indexOf('</html>');
var tokenScript = '<script>window.' + this.config.webTokenVarName + '=' + token + '</script>';
var prevHtml = html.substring(0, htmlEndIndex);
var nextHtml = html.substr(htmlEndIndex);
prevHtml += tokenScript;
prevHtml += nextHtml;
callback(null, prevHtml);
}
});
`web javascript`
//get the token
window[webTokenVarName]
Multi Process
`nodejs`
var redis = require("redis"),
client = redis.createClient(6379,'localhost');
var accessTokenApi = require('access-token-api');
var TokenApi = new accessTokenApi({
//store token in database(provide get , set, remove function)
storeConfig:{
get:function(key,callback){
client.GET(key,function(err,reply){
callback(err,reply);
});
},
set:function(key,data,ttl,callback){
client.PSETEX(key,ttl,data,function(err,reply){
callback(err,reply);
});
},
remove:function(key,callback){
client.DEL(key,function(err,data){
callback(err);
});
}
},
webTokenVarName:'encrypt_api_tokenStr',//default to encrypt_api_tokenStr
webInject:function(){
//if you want to custom you webtoken inject in hmlt , you can do in this function.
}
});
TokenApi.issue(10,10,function(err,token){
//todo
});
TokenApi.verify('token',function(err,count){
//todo
});
storeConfig more params's config please to see
store-ttl
web page can get token by window[webTokenVarName] , default to window.encrypt_api_tokenStr
API
issue
issue random token.
/**
* [issuse token]
* @param {[number]} [token ttl, default unit is second]
* @param {[number]} [token avalid count]
* @return {[string]} [return token]
*/
TokenApi.issue(10,5,function(err,data){
console.log(err,data);
})
//issue given token
TokenApi.issue(10,5,'givenToken',function(err,data){
console.log(err,data);//data is equal 'givenToken'
})
limit
limit function call times with ttl.
/**
* [limit function call some time]
* @param {[number]} [functionkey ttl, default unit is second]
* @param {[number]} [function avalid count]
* @return {[string]} [return err]
*/
// apiname can call 5 times in 10 senconds
TokenApi.limit('apiname', 10, 5,function(err){
if(!err){
//todo
}
})
pass
verify and decline token times, when the token is valid.
TokenApi.pass('token',function(err,data){
console.log(err,data);//err ,data: {code:0, passed: true, count: 2}, when code is zero and passed is true, token is valid.
})
passPromise
verify and decline token times, when the token is valid.
TokenApi.passPromise('token').then(function(data) {
}).catch(function (err) {
})
verify
verify the token
TokenApi.verify('token',function(err,data){
console.log(err,data);
})
remove
remove the token
TokenApi.remove('token',function(err,data){
console.log(err,data);
})
decline
decline the token times
TokenApi.decline('token',function(err,data){
console.log(err);
})
webInject
custom web frontend way to inject token into page
TokenApi.webInject('html','token',function(err,html){
console.log(err);
})
test
//test
1. redis-server
2. npm test
//coverage
npm run cov
publish log
-
0.2.1 add api passPromise , other api support promise.
-
0.2.0 add api limit , which one key can call some times with ttl.
-
0.1.0 issuse api support issue given token.
FAQs
encrypt you api
The npm package access-token-api receives a total of 57 weekly downloads. As such, access-token-api popularity was classified as not popular.
We found that access-token-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 Jul 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025