Choose your code style

Each developer or team has a preferred coding style. The Passlock client libraries therefore expose multiple entry points. They are functionally equivalent, choose the entrypoint that best fits your style.

TL;DR

We recommend importing the Passlock class from @passlock/browser or @passlock/server:

import { Passlock } from "@passlock/browser";
const passlock = new Passlock({ /* config here */ });
passlock.registerPasskey({ ... });

Use the standalone functions if tree-shakeability is important to you:

import { registerPasskey } from "@passlock/browser";
registerPasskey({ ... }, { /* config here */ });

Passlock class (safe)

Instantiate a Passlock instance, providing the config, then call methods on that instance. The methods don’t throw for expected errors, they return an Result wrapper encompassing the success and error paths. Use the success proprty to narrow the type:

import { Passlock } from "@passlock/browser";

const passlock = new Passlock({ tenancyId });

const result = await passlock.registerPasskey({ username });

if (result.success) {
  console.log(result.value);
} else {
  console.log(result.error);

  // narrow the error
  if (isDuplicatePasskeyError(result.error)) {
    console.log("Duplicate passkey");
  }

  // alternatively narrow using the _tag discriminator
  if (result.error._tag === "@error/DuplicatePasskey") {
    console.log("Duplicate passkey");
  }
}

Passlock class (unsafe)

Instantiate a Passlock instance, providing the config, then call methods on that instance. The methods could throw for expected errors, so you’ll need to catch and narrow the types using one of our type guards:

import { Passlock, isDuplicatePasskeyError } from "@passlock/browser/unsafe";

const passlock = new Passlock({ tenancyId });

try {
  const result = await passlock.registerPasskey({ username });
} catch (error) {
  if (isDuplicatePasskeyError(error)) {
    console.log("Duplicate passkey");
  }
}

Standalone functions (safe)

Import the function and provide the Passlock config as an argument. As with the safe class based approach, these functions don’t throw for expected errors:

import { registerPasskey } from "@passlock/browser";

// provide the config as the final argument
const result = await registerPasskey({ username }, { tenancyId });

if (result.success) {
  console.log(result.value);
} else {
  ...
}

Standalone funstions (unsafe)

Import the function and provide the Passlock config as an argument. As with the unsafe class based approach, these functions can throw:

import {
  registerPasskey,
  isDuplicatePasskeyError
} from "@passlock/browser/unsafe";

try {
  // provide the config as the final argument
  const result = await registerPasskey({ username }, { tenancyId });
} catch (error) {
  if (isDuplicatePasskeyError(error)) {
    console.log("Duplicate passkey");
  }
}

Benefits and tradeoffs

Approach	Benefits	Drawbacks
Class (safe)	Config provided once Strongly typed errors	Not tree-shakeable
Class (unsafe)	Config provided once	Not tree-shakeable Errors must be caught Requires type guards
Functions (safe)	Tree-shakeable Strongly typed errors	Config is duplicated
Functions (unsafe)	Tree-shakeable	Config is duplicated Errors must be caught Requires type guards