v0.9.4

v0.9.4 (2026-03-31)

• fix(deps): pin axios to 1.14.0 and fix brace-expansion audit vulnerability (#363) - details

What's Changed

• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 in the dependencies group by @dependabot[bot] in #346
• chore(deps): bump the dependencies group across 1 directory with 3 updates by @dependabot[bot] in #348
• chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 in the dependencies group by @dependabot[bot] in #349
• chore(deps-dev): bump @types/node from 25.3.3 to 25.3.5 in the dependencies group by @dependabot[bot] in #350
• chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in #355
• chore(deps): bump codecov/codecov-action from 5.5.2 to 5.5.3 in the dependencies group by @dependabot[bot] in #357
• ci: pr conventional commits validator by @SoulPancake in #353
• chore(deps-dev): bump the dependencies group with 3 updates by @dependabot[bot] in #352
• chore(deps): bump picomatch by @dependabot[bot] in #358
• chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in #359
• chore(deps): bump the dependencies group with 2 updates by @dependabot[bot] in #360
• fix(deps): pin axios to 1.14.0 and fix brace-expansion audit vulnerability by @Siddhant-K-code in #363
• chore(release): v0.9.4 by @SoulPancake in #365

Full Changelog: v0.9.3...v0.9.4

v0.9.3

v0.9.3 (2026-02-27)

• feat: add executeApiRequest and executeStreamedApiRequest methods to OpenFgaClient for calling arbitrary API endpoints with full SDK support (authentication, retries, telemetry, error handling). See documentation for more. (#298, #345) - thanks @Abishek-Newar!
• fix: use current SDK version in telemetry meter (#335)
• fix: disable httprequestduration metric by default to avoid high cardinality (#344)
• fix: apply expiry buffer before reusing cached tokens (#331)
• chore!: drop support for Node.js v16 & 18. We recommend updating to a node-runtime that is supported upstream - currently 20 (maintenance), 22 (maintenance), 24 (LTS) and 25 (current). The minimum supported version of Node.js is now v20. This is in line with our stated supported environments

What's Changed

• feat: support custom OIDC token endpoint URL by @mikesouza in #285
• chore(deps-dev): bump the dependencies group with 4 updates by @dependabot[bot] in #323
• fix: use current SDK version in telemetry meter by @aaguiarz in #335
• feat: Add APIExecutor for calling arbitrary API endpoints by @Abishek-Newar in #298
• chore: npm audit fix by @SoulPancake in #341
• fix: apply expiry buffer before reusing cached tokens by @aaguiarz in #331
• fix: make FgaApiAuthenticationError inherit from FgaApiError by @aaguiarz in #327
• fix: honor explicit msg in FgaError constructor by @aaguiarz in #325
• chore: improve api executor flow by @rhamzeh in #345
• chore(deps): upgrade dependencies by @rhamzeh in #248
• release: v0.9.3 by @SoulPancake in #342

New Contributors

• @mikesouza made their first contribution in #285

Full Changelog: v0.9.2...v0.9.3

v0.9.2

v0.9.2 (2026-02-10)

• feat: add support for streamedListObjects.
• chore: remove node url dependency blocking browser usage (#300)
• feat: Report a per-http call metric (#303) - thanks @Abishek-Newar!

What's Changed

• chore(deps): bump the dependencies group across 1 directory with 2 updates by @dependabot[bot] in #279
• chore(deps): bump the dependencies group across 1 directory with 4 updates by @dependabot[bot] in #281
• chore(deps): bump the dependencies group with 3 updates by @dependabot[bot] in #284
• chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in #287
• chore(deps-dev): bump the dependencies group with 3 updates by @dependabot[bot] in #289
• chore(deps): bump the dependencies group across 1 directory with 4 updates by @dependabot[bot] in #295
• chore(deps-dev): bump the dependencies group across 1 directory with 4 updates by @dependabot[bot] in #294
• chore(deps-dev): bump the dependencies group with 3 updates by @dependabot[bot] in #296
• chore(deps-dev): bump the dependencies group across 1 directory with 3 updates by @dependabot[bot] in #299
• chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 in the dependencies group by @dependabot[bot] in #301
• chore(deps-dev): bump the dependencies group with 3 updates by @dependabot[bot] in #302
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the dependencies group by @dependabot[bot] in #308
• chore(deps): bump the dependencies group with 4 updates by @dependabot[bot] in #309
• chore: remove dependency on node url by @rhamzeh in #300
• feat: add support for StreamedListObjects by @daniel-jonathan in #280
• feat: Report a per-http call metric by @Abishek-Newar in #303
• chore(deps): bump the dependencies group with 4 updates by @dependabot[bot] in #310
• chore(ci): do not publish pre-releases as latest by @rhamzeh in #314
• chore(deps): bump axios from 1.13.2 to 1.13.5 in /example/streamed-list-objects in the npm_and_yarn group across 1 directory by @dependabot[bot] in #316
• chore(ci): use npm trusted publishing by @rhamzeh in #315
• release: v0.9.2-beta.1 by @SoulPancake in #313
• chore(ci): test on node@22 and node@24 by @rhamzeh in #247
• release: v0.9.2-beta.3 by @SoulPancake in #318
• chore(ci): ensure latest npm is installed for verified publishing by @rhamzeh in #319
• chore: npm publish fix for github runner by @SoulPancake in #320
• release: v0.9.2 by @SoulPancake in #321

New Contributors

• @daniel-jonathan made their first contribution in #280

Full Changelog: v0.9.1...v0.9.2

v0.9.1

v0.9.1 (2025-11-05)

• feat: add support for handling Retry-After header (#267)
• feat: add support for conflict options for Write operations: (#276)
  The client now supports setting conflict on ClientWriteRequestOpts to control behavior when writing duplicate tuples or deleting non-existent tuples. This feature requires OpenFGA server v1.10.0 or later.
  See Conflict Options for Write Operations for more.

What's Changed

• chore: update SECURITY-INSIGHTS by @aaguiarz in #239
• chore(ci): restrict semgrep workflow permissions to only read contents by @aaguiarz in #240
• chore(deps): upgrade dependencies by @rhamzeh in #241
• chore(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 in the dependencies group by @dependabot[bot] in #226
• chore(ci): remove semgrep workflow by @rhamzeh in #244
• chore(deps-dev): bump @types/node from 24.2.0 to 24.2.1 in the dependencies group across 1 directory by @dependabot[bot] in #246
• chore: create scorecard.yml by @aaguiarz in #245
• ci: update dependabot config by @evansims in #249
• chore(deps-dev): bump the dependencies group with 3 updates by @dependabot[bot] in #251
• chore(deps): bump the dependencies group with 3 updates by @dependabot[bot] in #250
• chore(deps): bump axios from 1.11.0 to 1.12.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #257
• chore(deps): bump the dependencies group across 1 directory with 4 updates by @dependabot[bot] in #258
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @dependabot[bot] in #255
• chore(docs): add scorecard, deepwiki and socket.dev badges by @aaguiarz in #260
• Update SECURITY-INSIGHTS by @aaguiarz in #259
• chore(deps-dev): bump the dependencies group with 4 updates by @dependabot[bot] in #261
• chore: Add docs and tests for sending custom headers by @jimmyjames in #262
• chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 in the dependencies group by @dependabot[bot] in #264
• chore(deps-dev): bump the dependencies group with 4 updates by @dependabot[bot] in #263
• feat: List Stores Name Filter by @jimmyjames in #265
• chore(deps-dev): bump the dependencies group with 2 updates by @dependabot[bot] in #269
• feat: add support for handling Retry-After header by @SoulPancake in #267
• chore: Added a top-level Makefile in js-sdk to simplify running tests and li… by @Abishek-Newar in #277
• chore: reduce generated code by @rhamzeh in #266
• feat: add support for write conflict settings by @phamhieu in #276
• release: v0.9.1 by @rhamzeh in #283

New Contributors

• @aaguiarz made their first contribution in #239
• @SoulPancake made their first contribution in #267
• @Abishek-Newar made their first contribution in #277
• @phamhieu made their first contribution in #276

Full Changelog: v0.9.0...v0.9.1

v0.9.0

v0.9.0 (2025-06-04)

• feat: support client assertion for client credentials authentication (#228)

v0.8.1

v0.8.1 (2025-04-24)

• fix: change check for Node.js environment to fix issue where process.title cannot be read (#222)

v0.8.0

0.8.0 (2025-01-14)

• feat!: add support for server-side BatchCheck method. This is a more efficient way to check on multiple tuples than calling the existing client-side BatchCheck. Using this method requires an OpenFGA v1.8.0+ server.
  • The existing BatchCheck method has been renamed to clientBatchCheck and it now bundles the results in a field called result instead of responses.
  • The existing BatchCheckResponse has been renamed to ClientBatchCheckResponse.
• feat: add support for startTime parameter in ReadChanges endpoint
• feat: support contextual tuples and context in assertions
• feat: support contextual tuples in Expand
• fix: error correctly if apiUrl is not provided - thanks @Waheedsys (#161)
• fix: use provided axios instance in credentials refresh - thanks @Siddhant-K-code (#193)
• fix!: The minimum node version required by this SDK is now v16.15.0
• chore(docs): various cleanup and improvements - thanks @tmsagarofficial (#164), @vil02 (openfga/sdk-generator#424, openfga/sdk-generator#422), @sccalabr (openfga/sdk-generator#433)

BREAKING CHANGES:

• The minimum node version required by this SDK is now v16.15.0
• Usage of the existing batchCheck method should now use the clientBatchCheck method. The existing BatchCheckResponse has been renamed to ClientBatchCheckResponse and it now bundles the results in a field called result instead of responses.

v0.7.0

0.7.0 (2024-08-30)

• feat!: enhancements to OpenTelemetry support (#149)

Checkout the telemetry docs for more on how to enable and configure OpenTelemetry metrics.

BREAKING CHANGE:
This version changes the way in which telemetry is configured and reported. See #149 for additional information.

0.6.3

0.6.3 (2024-08-28)

• fix: set the consistency parameter correctly in OpenFgaClient (#143)

v0.6.2

0.6.2 (2024-07-31)

• feat: add support for specifying consistency when evaluating or reading (#129)
  Note: To use this feature, you need to be running OpenFGA v1.5.7+ with the experimental flag enable-consistency-params enabled.
  See the OpenFGA v1.5.7 release notes for details.