Product
Secure Your AI-Generated Code with Socket MCP
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
By Alexandros Kapravelos - May 28, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
svelte-session-manager
Advanced tools
svelte-session-manager
Session store for svelte (currently only for JWT)
usage
import { derived } from 'svelte';
import { Session, login } from 'svelte-session-manager';
// use localStorage as backing store
let session = new Session(localStorage);
// session may still be valid
if(!session.isValid) {
await login(session, 'https://mydomain.com/authenticate', 'a user', 'a secret');
}
session.isValid; // true when auth was ok or localStorage token is still valid
export const values = derived(
session,
($session, set) => {
if (!session.isValid) {
set([]); // session has expired no more data
} else {
fetch('https://mydomain.com/values', {
headers: {
...session.authorizationHeader
}
}).then(async data => set(await data.json()));
}
return () => {};
}
,[]);
// $values contains fetch result as long as session has not expired
run tests
export BROWSER=safari|chrome|...
npm|yarn test
The test runs the following requests against the server
- successful auth
curl -X POST -d '{"username":"user","password":"secret"}' 'http://[::]:5000/api/login'
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbnRpdGxlbWVudHMiOiJhLGIsYyIsImlhdCI6MTYwNDY2NDI0NywiZXhwIjoxNjA0NjY0MjYyfQ.qyjeoCuXO0iyYwSxM2sM02_BVhaZobRmEWam1M8Hzkx51nbsAuTR8G1rNgz1COo_KvbCU7LwZt7qnSEFB1tcwyDA1eBxwc2Wb7JxWgQ50m1IWkr2JCgY1seWRJRcwZBXiTRtiPqhzofP-l3S-CBluzU48cd4yzoPayczLkKuPK4"}
- invalid credentials
curl -X POST -d '{"username":"user","password":"wrong"}' 'http://[::]:5000/api/login'
{"message":"Unauthorized"}
Live Example
API
Table of Contents
login
Bring session into the valid state by calling the authorization endpoint and asking for a access_token. Executes a POST on the endpoint url expecting username, and password as json
Parameters
sessionSession to be openedendpointstring authorization urlusernamestring id of the userpasswordstring user credentialstokenmapObject token names in response to internal known values (optional, defaultdefaultTokenMap)
Returns string error message in case of failure or undefined on success
handleFailedResponse
Extract error description from response.
Parameters
responseFetchResponse
Returns string
SessionData
Data as preserved in the backing store.
Type: Object
Properties
msecsRequiredForRefresh
Time required to execute a refresh
Type: number
Session
User session. To create as session backed by browser local storage.
let session = new Session(localStorage);
or by browser session storage
let session = new Session(sessionStorage);
Parameters
storeSessionData (optional, defaultlocalStorage)
Properties
entitlementsSet<string>subscriptionsSet<Object> store subscriptionsexpirationDateDate when the access token expiresaccess_tokenstring token itselfrefresh_tokenstring refresh token
update
Consume auth response data and reflect internal state.
Parameters
dataObject
refresh
Refresh with refresh_token.
Returns boolean true if refresh was succcessfull false otherwise
authorizationHeader
Http header suitable for fetch.
Returns Object header The http header.
Returns string header.Authorization The Bearer access token.
isValid
As long as the expirationTimer is running we must be valid.
Returns boolean true if session is valid (not expired)
invalidate
Remove all tokens from the session and the backing store.
hasEntitlement
Check presence of an entitlement.
Parameters
namestring of the entitlement
Returns boolean true if the named entitlement is present
subscribe
Fired when the session changes.
Parameters
subscriptionFunction
decode
Extract and decode the payload.
Parameters
tokenstring
Returns Object payload object
install
With npm do:
npm install svelte-session-manager
license
BSD-2-Clause
FAQs
Session store for svelte (currently only for JWT)
The npm package svelte-session-manager receives a total of 534 weekly downloads. As such, svelte-session-manager popularity was classified as not popular.
We found that svelte-session-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
NIST Under Federal Audit for NVD Processing Backlog and Delays
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
By Sarah Gooding - May 27, 2025
Research
Security News
60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
By Kirill Boychenko - May 23, 2025