DEV Community

zara qureshi
zara qureshi

Posted on

Experimental Hono auth npm package

#npm #discuss #architecture #security

Hey folks 👋

I’ve been working on an authentication system (@zaraqdev/auth-service) and I’m kinda stuck deciding the best architecture. (Yes I know that there are already multiple libraries out there but i just wanted to try my hand out here and see how it could actually work)
I’d love some feedback from people who’ve built auth systems, npm packages, or microservices before.

What I’m Building

I’m making an auth package that devs can drop into their app without having to write all the usual boilerplate (login, register, JWT, email verification, etc).

The idea is:

import { initAuth } from "auth-core";

const auth = initAuth({
  DB_TYPE: "mongo",
  existingConnection: db,
  DATABASE_URL://optional if connection doesnt already exist
});
Enter fullscreen mode Exit fullscreen mode

That’s it.
No extra DB, no huge setup.
Just plug in your DB + go.

I also want to support optional route handlers like:

app.route("/auth", honoAuthRoutes());

or inside Remix:

server.use("/auth/*", honoAuthRoutes());

Basically: auth as a plugin.

What I WANT this project to be

Framework-agnostic

Works with Remix, Hono, Express, etc

Lets users pass their own database connection

Doesn’t force anyone to run an extra server

Issues I’m Running Into

  1. I don’t want my npm package to depend on Hono

I want the core auth logic to be clean, but for testing and route adapters I still need Hono.

Not sure if it should be a peerDependency or what.

  1. Remix + Hono together feels… weird

Right now if someone uses my package in Remix, they have to spin up a Hono server inside their Remix server.

That doesn’t feel right.

  1. Exporting route handlers cleanly

I want the package to export:

core logic

controllers

hono routes

express routes

…without forcing every user to install every framework.
Tricky.

What I Need Advice On

What’s the best way to structure dependencies?
Peer deps? Optional deps? Separate packages?

Is mounting Hono routes inside Remix acceptable?
Or am I doing something cursed?

How would YOU architect this whole thing?
I want it to feel simple for the user but internally clean.

ANY tips, suggestions, warnings are welcome

Honestly, if you’ve built:

auth systems

SDKs

reusable npm packages

framework adapters

I’d really appreciate your thoughts.
I don’t want to overcomplicate this now and regret it later.

Thanks in advance!

Github repo: https://github.com/ZaraQureshi/AuthenticationSystem (server branch has the code that actually works as api)

Top comments (0)