
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
authentique
Advanced tools
Framework-agnostic authentication stack with adapters for MySQL, Supabase, Mongodb and Sqlite and social providers
Framework-Agnostic User Authentication Package – Semantq Native
A lightweight, framework-agnostic authentication system supporting:
npm install authentique
Run interactive setup:
npm run setup
You’ll be prompted for:
Example:
? Choose your database: MySQL
? Select email provider: Resend
? Include built-in auth UI? Yes
✅ Configuration complete!
Ensure your .env file contains required variables:
# Database (MySQL example)
DB_ADAPTER=mysql
DB_MYSQL_HOST=localhost
DB_MYSQL_PORT=3306
DB_MYSQL_USER=root
DB_MYSQL_PASSWORD=yourpassword
DB_MYSQL_NAME=auth_db
# Authentication
JWT_SECRET=your_secure_secret_here
JWT_ACCESS_EXPIRY=15m
# Email (Resend example)
EMAIL_DRIVER=resend
RESEND_API_KEY=re_123456789
EMAIL_FROM=noreply@yourdomain.com
Confirm generated config files:
ls config/
# Should show:
# authentique.config.js
# databases.js
# env-loader.js
Authentique uses a simple migration system to manage your database schema over time. Migrations are organized by adapter in:
src/adapters/databases/<adapter>/migrations/
For example for MySQL:
src/adapters/databases/mysql/migrations/
Each migration file must export an up(pool) function to apply changes, and optionally a down(pool) function to rollback.
To run all pending migrations:
npx authentique-migrate
This will:
migrations table (and create it if missing).js migration files in the adapter’s migrations/ directorymigrations tablemigrations tableTo rollback the latest migration:
npx authentique-migrate rollback
To rollback a specific number of recent migrations:
npx authentique-migrate rollback <number>
Examples:
Rollback the last 1 migration:
npx authentique-migrate rollback
Rollback the last 3 migrations:
npx authentique-migrate rollback 3
Rollback all applied migrations:
npx authentique-migrate rollback 999
Note: Only migrations with a down(pool) function can be rolled back. Migrations without one will be skipped with a warning.
// src/adapters/databases/mysql/migrations/0001-create-users.js
export async function up(pool) {
await pool.query(`
CREATE TABLE users (
id INT PRIMARY KEY AUTO_INCREMENT,
email VARCHAR(255) UNIQUE NOT NULL
)
`);
}
export async function down(pool) {
await pool.query(`DROP TABLE IF EXISTS users`);
}
Applied migrations are tracked in a migrations table:
SELECT * FROM migrations;
Each entry records the migration filename and when it was run.
| Command | Description | Example |
|---|---|---|
npx authentique-migrate | Runs all pending migrations not yet recorded in the migrations log. | npx authentique-migrate |
npx authentique-migrate rollback | Rolls back the latest applied migration. | npx authentique-migrate rollback |
npx authentique-migrate rollback <number> | Rolls back the specified number of latest applied migrations. | npx authentique-migrate rollback 2 |
npx authentique-migrate rollback 999 | Rolls back all applied migrations (safe upper limit). | npx authentique-migrate rollback 999 |
Migrations are stored per adapter:
src/adapters/databases/<adapter>/migrations/
http://localhost:3000config/auth.jssrc/adapters/databases/mysql/migrations/FAQs
Framework-agnostic authentication stack with adapters for MySQL, Supabase, Mongodb and Sqlite and social providers
The npm package authentique receives a total of 4 weekly downloads. As such, authentique popularity was classified as not popular.
We found that authentique demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.