{"id":18664,"library":"pico-auth","title":"Pico Auth","description":"A minimal authentication library (v0.0.43, alpha) providing user/password login, TOTP-based MFA, and impersonation support. Focuses on simplicity and flexibility by letting callers supply custom UserProvider and ImpersonateProvider interfaces. Ships TypeScript types and offers JWT token issuance with refresh tokens. Active development with frequent updates.","status":"active","version":"0.0.43","language":"javascript","source_language":"en","source_url":"https://github.com/alkeicam/pico-auth","tags":["javascript","impersonate","auth","mfa","typescript"],"install":[{"cmd":"npm install pico-auth","lang":"bash","label":"npm"},{"cmd":"yarn add pico-auth","lang":"bash","label":"yarn"},{"cmd":"pnpm add pico-auth","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"ESM-only; no default export.","wrong":"const authenticate = require('pico-auth').authenticate","symbol":"authenticate","correct":"import { authenticate } from 'pico-auth'"},{"note":"Named export for refreshing JWT tokens.","symbol":"refreshToken","correct":"import { refreshToken } from 'pico-auth'"},{"note":"TypeScript type export; case-sensitive.","wrong":"import { userProvider } from 'pico-auth'","symbol":"UserProvider","correct":"import { UserProvider } from 'pico-auth'"},{"note":"camelCase export name.","wrong":"import { mfa_register } from 'pico-auth'","symbol":"mfaRegister","correct":"import { mfaRegister } from 'pico-auth'"}],"quickstart":{"code":"import { authenticate } from 'pico-auth';\n\nconst userProvider = {\n  async getUser(login: string) {\n    // mock: return user from DB\n    return { id: 'user1', passwordHash: 'hashed_pw', name: 'Test User' };\n  },\n  async putUser(user: any) { return user; },\n  userPasswordPath: 'passwordHash',\n};\n\nconst jwtSpecs = {\n  secretKey: process.env.JWT_SECRET || 'changeme',\n  expiryTimeMs: 3600000, // 1 hour\n};\n\nasync function main() {\n  const tokens = await authenticate('user1', 'password123', undefined, undefined, userProvider, undefined, jwtSpecs);\n  console.log('Access token:', tokens.token);\n  console.log('Refresh token:', tokens.refreshToken);\n}\n\nmain().catch(console.error);","lang":"typescript","description":"Demonstrates basic password authentication with custom UserProvider and JWT spec, outputting access and refresh tokens."},"warnings":[{"fix":"Implement getUser to return a user with 'blocked' set to true for blocked users, or use custom logic.","message":"UserProvider.getUser must return a BaseUser typed object with a 'blocked' field optional; otherwise, blocked users are still authenticated if not checked manually.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Ensure impersonateEntity matches your ImpersonateProvider's expectations.","message":"The 'impersonateEntity' parameter in authenticate is typed as any; passing an invalid entity can crash without clear error.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Always pass a number for expiryTimeMs.","message":"JWTSpecs.expiryTimeMs accepts any type; passing a string instead of number may cause runtime errors.","severity":"gotcha","affected_versions":">=0.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Ensure getUser returns a Promise<BaseUser>; if user not found, throw an error instead of returning null.","cause":"UserProvider.getUser returned null or undefined instead of a valid user object.","error":"Error: getUser must return a BaseUser object"},{"fix":"Check that all required arguments are provided: login, password, userProvider, and jwtSpecs.","cause":"authenticate() returned undefined due to missing userProvider or jwtSpecs fields.","error":"TypeError: Cannot destructure property 'token' of undefined"},{"fix":"Ensure jwtSpecs has both secretKey and expiryTimeMs defined.","cause":"jwtSpecs object is missing secretKey property.","error":"Cannot read properties of undefined (reading 'secretKey')"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}