next-auth
by
nextauthjs

Description: Authentication for the Web.

View on GitHub ↗

Summary Information

Updated 9 minutes ago
Added to GitGenius on November 13th, 2024
Created on January 27th, 2018
Open Issues & Pull Requests: 588 (+0)
Number of forks: 4,040
Total Stargazers: 28,296 (+0)
Total Subscribers: 112 (+0)

Issue Activity (beta)

Open issues: 388
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 690 days
Stale 30+ days: 386
Stale 90+ days: 381

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • triage (2,246)
  • bug (1,562)
  • question (1,500)
  • invalid reproduction (679)
  • providers (510)
  • enhancement (462)
  • docs (392)
  • adapters (292)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: N/A
Mean response time: 264.3 days
90th percentile: 994.2 days
Tracked items: 1,460

Most active contributors

Detailed Description

NextAuth.js is an open-source authentication library built on standard Web APIs that provides flexible authentication solutions for modern JavaScript applications across any framework, platform, and runtime. Written in TypeScript, the project serves as a comprehensive authentication toolkit designed to work with Next.js, Nuxt, Remix, SvelteKit, Solid.js, and other JavaScript frameworks. The repository is now part of Better Auth, though the maintainers recommend new projects start with Better Auth unless they require specific features like stateless session management without a database.

The library supports a wide range of authentication mechanisms including OAuth 2.0 and OpenID Connect providers, with built-in support for many popular sign-in services. It offers email and passwordless authentication options, passkeys and WebAuthn support, and can function with or without a database backend. This flexibility allows developers to implement stateless authentication with various backend systems including Active Directory and LDAP, or to use traditional database adapters supporting MySQL, MariaDB, Postgres, Microsoft SQL Server, MongoDB, SQLite, and GraphQL.

Security is a core design principle of NextAuth.js. The library implements CSRF token protection on POST routes for sign-in and sign-out operations, uses restrictive cookie policies by default, and encrypts JSON Web Tokens with A256CBC-HS512 encryption. It features tab and window synchronization along with session polling to support short-lived sessions, and the developers have worked to align the implementation with Open Web Application Security Project guidance.

The project maintains active community engagement with significant issue and pull request activity. GitGenius tracking data shows 1460 total items with a median response latency of 0.0 hours, indicating rapid community responsiveness. The most frequently applied issue labels are triage with 1104 occurrences, bug with 873, and invalid reproduction with 413. The core maintainers include balazsorban44 with 401 tracked events, ndom91 with 280 events, and ThangHuuVu with 81 events. The repository shares contributors with major projects including Microsoft's VSCode and TypeScript repositories as well as the Rust language project, suggesting it attracts experienced developers from across the ecosystem.

The codebase emphasizes type safety throughout, with TypeScript as the primary language. The library is designed to be secure by default while promoting passwordless sign-in mechanisms and allowing advanced configuration for custom authentication routines, token encoding and decoding, cookie security policies, and session validation logic. The project maintains an ISC license and welcomes community contributions through its established contributing guidelines.

next-auth
by
nextauthjsnextauthjs/next-auth

Repository Details

Fetching additional details & charts...