Gathering detailed insights and metrics for @azure/msal-node-extensions
Gathering detailed insights and metrics for @azure/msal-node-extensions
Microsoft Authentication Library (MSAL) for JS
Installations
npm install @azure/msal-node-extensionsDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=16
Node Version
18.20.6
NPM Version
10.8.2
Score
87.9
Supply Chain
97.7
Quality
93.1
Maintenance
100
Vulnerability
99.3
License
Releases
691
@azure/msal-browser v4.18.0
msal-browser-v4.18.0
Updated on Jul 30, 2025
@azure/msal-node v3.6.4
msal-node-v3.6.4
Updated on Jul 23, 2025
@azure/msal-node-extensions v1.5.18
msal-node-extensions-v1.5.18
Updated on Jul 23, 2025
@azure/msal-browser v4.16.0
msal-browser-v4.16.0
Updated on Jul 23, 2025
@azure/msal-common v15.9.0
msal-common-v15.9.0
Updated on Jul 23, 2025
@azure/msal-angular v4.0.16
msal-angular-v4.0.16
Updated on Jul 23, 2025
Languages
8
TypeScript
JavaScript
C++
PowerShell
HTML
Shell
C
SCSS
TypeScript (98.79%)
JavaScript (1.03%)
C++ (0.08%)
PowerShell (0.05%)
HTML (0.04%)
Developer
Download Statistics
Total Downloads
6,503,435
Last Day
3,185
Last Week
46,874
Last Month
172,441
Last Year
1,943,175
GitHub Statistics
MIT License
3,905 Stars
13,464 Commits
2,695 Forks
124 Watchers
194 Branches
1,151 Contributors
Updated on Aug 01, 2025
Maintainers
3
Package Meta Information
Latest Version
1.5.18
Package Id
@azure/msal-node-extensions@1.5.18
Unpacked Size
864.07 kB
Size
279.48 kB
File Count
111
NPM Version
10.8.2
Node Version
18.20.6
Published on
Jul 23, 2025
Total Downloads
Cumulative downloads
Total Downloads
6,503,435
Last Day
4.2%
3,185
Compared to previous day
Last Week
15.6%
46,874
Compared to previous week
Last Month
-3.8%
172,441
Compared to previous month
Last Year
3%
1,943,175
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Microsoft Authentication Extensions for Node
| Getting Started | AAD Docs | Library Reference | Samples |
|---|
- About
- FAQ
- Changelog
- Prerequisites
- Installation
- Usage - Cache Persistence
- Usage - Brokering
- Build and Test
- Samples
- Security Reporting
- License
- Contributing
- Code of Conduct
About
The msal-node-extensions library offers optional features to enhance the capabilities of msal-node:
- Secure mechanisms for client applications to perform cross-platform token cache serialization and persistence
- An interface for acquiring tokens from the native token broker, enabling a higher level of security and SSO with other native applications
Cache Persistence
MSAL Node supports an in-memory cache by default and provides the ICachePlugin interface to perform cache serialization, but does not provide a default way of storing the token cache to disk. Microsoft authentication extensions for node is default implementation for persisting cache to disk across different platforms.
Supported platforms are Windows, Mac and Linux:
- Windows - DPAPI is used for encryption.
- MAC - The MAC KeyChain is used.
- Linux - LibSecret is used for storing to "Secret Service".
Note: It is recommended to use this library for cache persistence support for Public client applications such as Desktop apps only. In web applications, this may lead to scale and performance issues. Web applications are recommended to persist the cache in session.
Brokering
When using the native broker, refresh tokens are bound to the device on which they are acquired on and are not accessible by msal-node or the application. This provides a higher level of security that cannot be achieved by msal-node alone. More information about token brokering can be found here
Prerequisites
The msal-node-extensions library ships with pre-compiled binaries.
Note: If you are planning to do local development on msal-node-extensions itself you may need to install some additional tools. node-gyp is used to compile addons for accessing system APIs. Installation requirements are listed on the node-gyp README
On linux, the library uses libsecret so you may need to install it. Depending on your distribution, you will need to run the following command:
- Debian/Ubuntu:
sudo apt-get install libsecret-1-dev - Red Hat-based:
sudo yum install libsecret-devel - Arch Linux: sudo
pacman -S libsecret
Installation
The msal-node-extensions package is available on NPM.
1npm i @azure/msal-node-extensions --save
Usage - Cache Persistence
Getting started
Here is a code snippet on how to configure the token cache.
1const { 2 DataProtectionScope, 3 Environment, 4 PersistenceCreator, 5 PersistenceCachePlugin, 6} = require("@azure/msal-node-extensions"); 7 8// You can use the helper functions provided through the Environment class to construct your cache path 9// The helper functions provide consistent implementations across Windows, Mac and Linux. 10const cachePath = path.join(Environment.getUserRootDirectory(), "./cache.json"); 11 12const persistenceConfiguration = { 13 cachePath, 14 dataProtectionScope: DataProtectionScope.CurrentUser, 15 serviceName: "<SERVICE-NAME>", 16 accountName: "<ACCOUNT-NAME>", 17 usePlaintextFileOnLinux: false, 18} 19 20// The PersistenceCreator obfuscates a lot of the complexity by doing the following actions for you :- 21// 1. Detects the environment the application is running on and initializes the right persistence instance for the environment. 22// 2. Performs persistence validation for you. 23// 3. Performs any fallbacks if necessary. 24PersistenceCreator 25.createPersistence(persistenceConfiguration) 26.then(async (persistence) => { 27 const publicClientConfig = { 28 auth: { 29 clientId: "<CLIENT-ID>", 30 authority: "<AUTHORITY>", 31 }, 32 33 // This hooks up the cross-platform cache into MSAL 34 cache: { 35 cachePlugin: new PersistenceCachePlugin(persistence) 36 } 37 }; 38 39 const pca = new msal.PublicClientApplication(publicClientConfig); 40 41 // Use the public client application as required... 42});
All the arguments for the persistence configuration are explained below:
| Field Name | Description | Required For |
|---|---|---|
| cachePath | This is the path to the lock file the library uses to synchronize the reads and the writes | Windows, Mac and Linux |
| dataProtectionScope | Specifies the scope of the data protection on Windows either the current user or the local machine. | Windows |
| serviceName | This specifies the service name to be used on Mac and/or Linux | Mac and Linux |
| accountName | This specifies the account name to be used on Mac and/or Linux | Mac and Linux |
| usePlaintextFileOnLinux | This is a flag to default to plain text on linux if libsecret fails. Defaults to false | Linux |
Security boundary
On Windows and Linux, the token cache is scoped to the user session, i.e. all applications running on behalf of the user can access the cache. Mac offers a more restricted scope, ensuring that only the application that created the cache can access it, and prompting the user if others apps want access.
Usage - Brokering
Enabling token brokering requires just one new configuration parameter:
1import { PublicClientApplication, Configuration } from "@azure/msal-node"; 2import { NativeBrokerPlugin } from "@azure/msal-node-extensions"; 3 4const msalConfig: Configuration = { 5 auth: { 6 clientId: "your-client-id" 7 }, 8 broker: { 9 nativeBrokerPlugin: new NativeBrokerPlugin() 10 } 11}; 12 13const pca = new PublicClientApplication(msalConfig);
More detailed information can be found in the brokering documentation
Build and Test
If you intend to contribute to the library visit the contributing section for even more information on how.
Building the package locally
To build both the @azure/msal-node-extensions library and @azure/msal-common libraries, run the following commands:
1// Install dev dependencies from root of repo 2npm install 3// Change to the msal-node-extensions package directory 4cd lib/msal-node-extensions/ 5// Build msal-common and msal-node-extensions 6npm run build:all
Running Tests
@azure/msal-node-extensions uses jest to run unit tests and coverage.
1// To run tests 2npm test
Samples
- Auth Code CLI sample with Cache Persistence. This can be run on Windows, Mac and Linux.
- Electron sample with Cache Persistence
- Brokering sample
Security Reporting
If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.
License
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
We Value and Adhere to the Microsoft Open Source Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.