npm - bezzie - Versions diffs - 1.0.1 → 1.0.2 - Mend

bezzie 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +16 -10
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -1,16 +1,22 @@
 # Bezzie
-[![npm downloads](https://img.shields.io/npm/dw/bezzie)](https://www.npmjs.com/package/bezzie)
-> Bezzie is a BFF (Backend for Frontend) OAuth 2.0 library for Cloudflare Workers. It implements [BCP212](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps) — your frontend never sees a JWT.
+**Your BFF's BFF.** OAuth for Cloudflare Workers + Hono, done the safe way.
-**Bezzie** — your BFF's BFF. Handles the Backend for Frontend OAuth pattern so you don't have to.
+If you followed Auth0's SPA guide, your access token lives in the browser — in memory, in a Web Worker, or in localStorage. Any script that runs on your page can reach it. That's not a criticism of Auth0; it's just the default SPA pattern, and it's the one [BCP 212](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps) now recommends against.
-The BFF owns the OAuth flow and issues a session cookie to the frontend instead of handing tokens to the browser.
+Bezzie moves the OAuth flow into your Cloudflare Worker. Tokens stay server-side in KV. The browser gets an `HttpOnly; Secure; SameSite` session cookie — unreadable by JavaScript, unavailable to XSS. Your frontend code gets simpler, not more complicated.
+```typescript
+app.route('/auth', auth.routes())       // login, callback, logout
+app.use('/api/*', auth.middleware())    // protect routes — user available as c.var.user
 ```
-npm install bezzie
-```
+[![npm version](https://img.shields.io/npm/v/bezzie)](https://www.npmjs.com/package/bezzie)
+[![npm downloads](https://img.shields.io/npm/dw/bezzie)](https://www.npmjs.com/package/bezzie)
+[![license](https://img.shields.io/npm/l/bezzie)](https://github.com/neilpmas/bezzie/blob/main/LICENSE)
+[![GitHub](https://img.shields.io/badge/github-neilpmas%2Fbezzie-blue)](https://github.com/neilpmas/bezzie)
+---
 ## Get started in 5 minutes
@@ -66,9 +72,9 @@ Source: [github.com/neilpmas/bezzie-demo](https://github.com/neilpmas/bezzie-dem
 ## Why
-Most OAuth libraries hand tokens directly to the browser. BCP212 says you shouldn't — it's a significant attack surface. Bezzie keeps tokens server-side in Cloudflare KV and gives the browser a session cookie instead.
+There's no open source library for this specific combination (BFF OAuth on Cloudflare Workers). The closest alternatives are Duende BFF (.NET) and `@auth0/nextjs-auth0` — both tied to specific frameworks and neither running at the edge.
-There's no open source library for this specific combination (BFF OAuth on Cloudflare Workers). The closest alternatives are Duende BFF (.NET) and `@auth0/nextjs-auth0` — both tied to specific frameworks.
+Bezzie is framework-agnostic, Workers-native, and ships with adapters for Cloudflare KV, Redis (including Upstash), and in-memory storage.
 ---
@@ -280,7 +286,7 @@ wrangler secret put AUTH0_CLIENT_SECRET
 ## Status
-v0.1.0 — pre-release
+v1.0.1 — stable
 ---

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "bezzie",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "type": "module",
   "sideEffects": false,
   "engines": {
@@ -64,7 +64,7 @@
     "hono": "^4.0.0"
   },
   "devDependencies": {
-    "@cloudflare/vitest-pool-workers": "^0.14.1",
+    "@cloudflare/vitest-pool-workers": "^0.15.1",
     "@cloudflare/workers-types": "^4.20260317.1",
     "@eslint/js": "^10.0.1",
     "@typescript-eslint/eslint-plugin": "^8.0.0",