npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

rupt

v2.26.0

Published

Library for monitoring and preventing account sharing in web apps.

Downloads

19,955

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ahmedsabilahmedsabil

Keywords

account sharing preventionruptruptjsrupt.jsrupt-jsaccount sharingmultiple logins

Readme

Rupt JavaScript SDK

This Quick start guide will walk you through the steps to integrate Rupt into your app or website using JavaScript. By the end of this guide, you will have a fully working account-sharing detection mechanism integrated into your website.

Installation

yarn add rupt

or if using npm

npm install --save rupt

Import

import Rupt from "rupt";

Note the common js version can be found in rupt/common.cjs

Usage

The two main things you need to do are:

  1. Attach devices to accounts. Ideally, you should do this on every page once.
  2. Detach devices from accounts. You should do this when the user logs out.

Doing these two things will allow Rupt to associate devices with accounts and detect behaviors that indicate account sharing. For more on this, see How account sharing prevention works?

Attach a device

First import the script (only if you installed using a package manager)

import Rupt from "rupt";

Call the attach function to link the device to the account. You must pass the client_id and a account.

const { device_id } = await Rupt.attach({
  client_id: `client_id`,
  account: `account_id`,
  redirect_urls: {
    logout_url: "https://your-logout-url.com",
    new_account_url: "https://your-create-new-account-url.com",
  },
});

Ideally, you should call the attach function on every page as soon as you have the account id available. For more on this refer to the advanced section: When and where to call the attach function?

Detach a device

By default, devices are automatically detached if they are not used for 1 week. You can change this behavior in the dashboard settings.

But you should also call the detach function when the user logs out. This will ensure that Rupt has the most up-to-date information about the devices associated with the account. To do this, call the detach function like so:

await Rupt.detach({
  client_id: `client_id`,
  account: `account_id`,
  device: `device_id`,
});

The device field takes the device ID returned in the attach function response as device_id. Finally, when a detach function is called, it triggers the logout flow so the user will be redirected to the callbacks.logout_url in the target device. Ensure you have set the logout_url in the redirect_urls object when calling the attach function. For more, see Signing the user out

Get signals

When using the Rupt API, you need to pass signals to the API to identify the device. To get the signals, call the getSignals function like so:

await Rupt.getSignals();

Fingerprint a device

To fingerprint a device, call the fingerprint function like so:

await Rupt.fingerprint({
  client_id: `client_id`,
});

This will return a fingerprint ID. For more on this, see Fingerprint a device.

Get fingerprint hash

To get the fingerprint hash, call the getHash function like so:

const [hash, last_hash] = await Rupt.getHash();

This will return an array with the first element being the current fingerprint hash and the second element being the last fingerprint hash.

That's it. To learn more, visit the documentation