Open Source ยท MIT License

Auth that just works.

Copy one folder into your Express.js project. Configure what you need. Get 16 production-ready endpoints instantly.

Get Started โ†’ View on GitHub
server.ts
// That's it. 3 lines to add auth to your project. import { createConfig, createAuthModule } from './auth/index.js'; const config = createConfig({ session: { secure: false } }); app.use('/auth', createAuthModule(config));

Features

Everything you need. Nothing you don't.

All features are disabled by default. Enable only what your project needs โ€” zero bloat.

๐Ÿ”

Email & Password Auth

Register, login, logout with argon2id hashing. Secure by default.

๐Ÿ“ฑ

Session Management

Server-side sessions with httpOnly cookies. List and revoke devices.

๐Ÿ”‘

Password Recovery

Forgot password flow with secure, hashed, single-use tokens.

โœ‰๏ธ

Email Verification

6-digit OTP verification. Console adapter for dev, Nodemailer for prod.

๐ŸŒ

Google OAuth 2.0

No Passport.js. Direct implementation with automatic account linking.

๐Ÿ“Š

Login History

Track every login with device info, IP address, and timestamps.

๐Ÿ”’

Account Lockout

Temporary lock after failed attempts. Auto-expires, no admin needed.

๐Ÿ“

Audit Logging

Structured JSON logs for every auth event. Debug and monitor easily.

๐Ÿ›ก๏ธ

OWASP Compliant

Helmet, CSRF protection, enumeration prevention, rate limiting.

How It Works

Three steps. That's it.

1

Download

Download the latest release from GitHub Releases. Copy src/auth/ into your project โ€” you own the code.

2

Configure

Call createConfig() with the features you need. Everything is opt-in. Add SESSION_SECRET to your .env.

3

Mount

One line: app.use('/auth', createAuthModule(config)). Your existing MongoDB connection and routes are untouched.

Why

Stop rewriting auth from scratch.

Every Express project needs auth. Why write 500+ lines every time?

โœ• Without ModularAuth-Kit

auth.ts โ€” you write all of this
// User model, password hashing, session store, // login controller, register controller, // forgot-password, reset-password, email service, // CSRF middleware, rate limiter, cookie config, // session rotation, account lockout logic, // Google OAuth flow, input validation, // error handling, audit logging... // // 500+ lines. Every. Single. Project. // And you still forget enumeration protection.

โœ“ With ModularAuth-Kit

server.ts โ€” you write this
import { createConfig, createAuthModule } from './auth/index.js'; const config = createConfig({ session: { secure: false }, passwordRecovery: { enabled: true }, emailVerification: { enabled: true }, loginHistory: { enabled: true }, sessionManagement: { enabled: true }, security: { accountLockout: { enabled: true }, }, }); app.use('/auth', createAuthModule(config));

๐Ÿค– AI-Powered

Let your AI agent do the integration.

Paste a single prompt to your AI coding agent (Cursor, Copilot, Gemini). The agent analyzes your project, asks what you need, and wires everything up automatically.

0 AI checks if your project is compatible (Express + MongoDB)
1 AI reads your project files โ€” understands structure, deps, DB setup
2 Asks only what it can't figure out from the code
3 Installs missing deps, configures, mounts, verifies โ€” done
Get the AI Prompt โ†’
AI agent output
โœ… I've analyzed your project: โ€ข Express 5.x found in src/app.ts โ€ข MongoDB connected via mongoose.connect() โ€ข Missing deps: argon2, zod โœ… Installed 2 packages โœ… Added SESSION_SECRET to .env โœ… Added 4 lines to src/app.ts โœ… TypeScript: 0 errors โœ… Server started on :3000 โœ… POST /auth/register โ€” 201 โœ… POST /auth/login โ€” 200 โœ… GET /auth/me โ€” 200 Auth is ready. 16 endpoints available.
16
API Endpoints
0
Config Required
3
Lines to Integrate
100%
TypeScript

Built With

Modern stack. No legacy baggage.

โœ“ Express.js 5.x โœ“ TypeScript 5.x โœ“ MongoDB + Mongoose 9 โœ“ argon2id Hashing โœ“ Zod Validation โœ“ Helmet Security โœ“ OWASP Top 10 โœ“ Zero npm Vulnerabilities

Ready to stop writing auth?

Download. Configure. Ship.

Get Started โ†’ View Source