auth-spec
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 22 GitHub stars
Code Fail
- network request — Outbound network request in packages/auth-testing-library/src/cli.tsx
- network request — Outbound network request in packages/auth-testing-library/src/client.ts
- Hardcoded secret — Potential hardcoded credential in packages/auth-testing-library/src/test-cases-magic-link.ts
Permissions Pass
- Permissions — No dangerous permissions requested
This toolkit provides Claude Code skills designed to generate custom authentication code from scratch. It serves as an educational starting point for implementing user sign-up, sign-in, and security best practices across various web frameworks and databases.
Security Assessment
The overall risk is rated as High. While the tool does not request dangerous system permissions, the automated scan discovered a critical failure: a potential hardcoded secret inside a magic link test case. Hardcoded credentials in source code are a severe security risk, even if intended solely for testing, as they can easily be leaked. Additionally, the codebase makes outbound network requests within its client and CLI files. Developers should manually inspect these network calls to ensure no sensitive user data or environment variables are being silently exfiltrated to external servers before integrating this into any project.
Quality Assessment
The project demonstrates strong active maintenance, with its most recent push occurring today. It has a small but present level of community trust with 22 GitHub stars. However, the repository currently lacks a license file. Despite the README claiming it uses the MIT license, the absence of an actual license file in the repository means the legal terms of use and distribution remain officially undefined, which poses a compliance risk for commercial or enterprise use.
Verdict
Use with caution. The active maintenance is promising, but you must strictly audit and remove the hardcoded credentials and review the outbound network requests before using this tool.
Create your own auth skills collection
auth-spec
A toolkit that helps you build authentication from scratch.
Installation
As a Claude Code plugin
Add the marketplace and install the plugin:
/plugin marketplace add himself65/auth-spec
/plugin install auth@himself65-auth-spec
Or test it locally by cloning the repo:
git clone https://github.com/himself65/auth-spec.git
claude --plugin-dir ./auth-spec
After installing, run /reload-plugins to activate. Skills are namespaced under auth:, e.g. /auth:create-auth.
What is this?
When you build a web app, users need to sign up, sign in, and sign out. This project provides Claude Code skills that can generate auth code for you as a starting point. It works with any language or framework — TypeScript, Python, Go, Rust, Kotlin, and more.
Why build auth from scratch?
This project follows a simple rule: write your own auth code. No plug-and-play auth libraries like NextAuth, Passport, or Lucia. You only need three things:
- A web framework (Express, Next.js, FastAPI, etc.)
- A database library (Prisma, Drizzle, SQLAlchemy, etc.)
- A password hashing library (bcrypt, argon2, etc.)
Writing auth yourself helps you understand how it actually works — password hashing, sessions, cookies, and security best practices.
Project Structure
auth-spec/
└── skills/
├── create-auth/ # Generates auth code for your project
└── security-best-practice/ # Audits & hardens your auth security
Getting Started
Prerequisites
- Node.js version 18 or higher (we recommend version 22 — see
.nvmrc) - pnpm package manager — if you don't have it, install with
npm install -g pnpm
Setup
# 1. Clone the repo
git clone <repo-url>
cd auth-spec
# 2. Install dependencies
pnpm install
# 3. Build everything
pnpm run build
License
MIT
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found