npmpackage.info

Gathering detailed insights and metrics for @trpc/server

Other packages similar to @trpc/server

@leight/trpc-server

0.5.72

Set of utils for tRPC server-side.

@hono/trpc-server

0.3.4

tRPC Server Middleware for Hono

@leight/trpc-source-server

0.5.21

Interconnection between trpc and source stuff.

@tevm/server

0.0.1

A TRPC server serving JSON RPC for Tevm vm

Gathering detailed insights and metrics for @trpc/server

@trpc/server - 11.1.2 | npmpackage.info

@trpc/server

🧙‍♀️ Move Fast and Break Nothing. End-to-end typesafe APIs made easy.

11.1.2

37,192

MIT

TypeScript

4.60 kB

63,336,646 5.5

Installations

npm install @trpc/server

Developer Guide

BETA

Typescript

No

Module System

CommonJS, ESM

Node Version

22.11.0

NPM Version

lerna/8.1.2/node@v22.11.0+arm64 (darwin)

Score

98.3

Supply Chain

96.5

Quality

97.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

46

Total

4,572

Closed

887

Merged

3,639

Issues

Open

131

Total

1,238

Closed

1,107

Releases

207

v11.1.2

Updated on Apr 29, 2025

v11.1.0

Updated on Apr 11, 2025

v11.0.4

Updated on Apr 08, 2025

v11.0.3

Updated on Apr 08, 2025

v11.0.2

Updated on Apr 08, 2025

v11.0.1

Updated on Mar 28, 2025

View All 207 releases

Languages

TypeScript

MDX

JavaScript

CSS

TypeScript (80.6%)

MDX (17.23%)

JavaScript (1.11%)

CSS (1.06%)

Developer

trpc

Download Statistics

Total Downloads

63,336,646

Last Day

170,531

Last Week

810,975

Last Month

3,506,960

Last Year

35,097,365

GitHub Statistics

MIT License

37,192 Stars

4,567 Commits

1,357 Forks

88 Watchers

43 Branches

458 Contributors

Updated on May 08, 2025

Bundle Size

12.16 kB

Minified

4.60 kB

Minified + Gzipped

Bundlephobia

Sponsor this package

https://trpc.io/sponsor

Maintainers

View All 458 Contributors

Package Meta Information

Latest Version

11.1.2

Package Id

@trpc/server@11.1.2

Unpacked Size

930.24 kB

Size

204.49 kB

File Count

405

NPM Version

lerna/8.1.2/node@v22.11.0+arm64 (darwin)

Node Version

22.11.0

Published on

Apr 29, 2025

Total Downloads

Cumulative downloads

Total Downloads

63,336,646

Last Day

14.7%

170,531

Compared to previous day

Last Week

-3%

810,975

Compared to previous week

Last Month

3.6%

3,506,960

Compared to previous month

Last Year

58.2%

35,097,365

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

typescript

Dev Dependencies

tRPC

End-to-end typesafe APIs made easy

Demo

`@trpc/server`

Create tRPC routers and connect them to a server.

Documentation

Full documentation for @trpc/server can be found here

Installation

1# npm
2npm install @trpc/server
3
4# Yarn
5yarn add @trpc/server
6
7# pnpm
8pnpm add @trpc/server
9
10# Bun
11bun add @trpc/server

We also recommend installing zod to validate procedure inputs.

Basic Example

1import { initTRPC } from '@trpc/server';
2import {
3  CreateHTTPContextOptions,
4  createHTTPServer,
5} from '@trpc/server/adapters/standalone';
6import { z } from 'zod';
7
8// Initialize a context for the server
9function createContext(opts: CreateHTTPContextOptions) {
10  return {};
11}
12
13// Get the context type
14type Context = Awaited<ReturnType<typeof createContext>>;
15
16// Initialize tRPC
17const t = initTRPC.context<Context>().create();
18
19// Create main router
20const appRouter = t.router({
21  // Greeting procedure
22  greeting: t.procedure
23    .input(
24      z.object({
25        name: z.string(),
26      }),
27    )
28    .query(({ input }) => `Hello, ${input.name}!`),
29});
30
31// Export the app router type to be imported on the client side
32export type AppRouter = typeof appRouter;
33
34// Create HTTP server
35const { listen } = createHTTPServer({
36  router: appRouter,
37  createContext,
38});
39
40// Listen on port 2022
41listen(2022);

High

0/10

Summary

tRPC 11 WebSocket DoS Vulnerability

Affected Versions

>= 11.0.0, < 11.1.1

Patched Versions

11.1.1

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

SAST

Determines if the project uses static code analysis.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-issues.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/lock-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-canary.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/release-canary.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tmp.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/release-tmp.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/subtree.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/subtree.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/subtree.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/subtree.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/subtree.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/subtree.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/subtree.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/subtree.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/subtree.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/trpc/trpc/subtree.yml/main?enable=pin
Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 8 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

58 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv
Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-h452-7996-h45h
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-f7f6-9jq7-3rqj
Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
Warn: Project is vulnerable to: GHSA-hw8r-x6gr-5gjp
Warn: Project is vulnerable to: GHSA-3xq5-wjfh-ppjc
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-223j-4rm8-mrmf
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-9w5j-4mwv-2wj8
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff
Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w
Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Warn: Project is vulnerable to: GHSA-8c93-4hch-xgxp
Warn: Project is vulnerable to: GHSA-f8mp-x433-5wpf
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

5.5

/10

Last Scanned on 2025-04-28

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More