Legion Registry API

Base URL: https://legion-registry.hexabhhexabbh.workers.dev/api/v1
All endpoints return JSON. Authenticated endpoints require Authorization: Bearer lgn_…

Authentication

POST

/auth/signup

Create a new account. Returns an API token.

curl -X POST https://legion-registry.hexabhhexabbh.workers.dev/api/v1/auth/signup \

  -H "Content-Type: application/json" \

  -d '{"username":"alice","email":"alice@example.com","password":"hunter2xx"}'

{ "success": true, "token": "lgn_…", "user": { "username": "alice", … } }

POST

/auth/login

curl -X POST https://legion-registry.hexabhhexabbh.workers.dev/api/v1/auth/login \

  -d '{"username":"alice","password":"hunter2xx"}'

GET

/auth/me 🔑 auth

Get the authenticated user's profile.

Packages

GET

/packages

List all packages. Query params: sort (downloads|name|recent|newest), page, limit (max 100), q (filter).

GET

/packages/:name

Get full package metadata. Increments download count.

GET

/packages/:name/versions

List all published versions with timestamps.

GET

/packages/:name/:version/download

Get download metadata for a specific version. Use latest for the latest version.

POST

/packages/publish 🔑 auth

Publish a new package or a new version. Body:

{"name":"legion-mylib","version":"1.0.0","description":"…","license":"MIT","keywords":["…"],"readme":"# …","dependencies":{"legion-http":"^1.0.0"}}

DELETE

/packages/unpublish 🔑 auth

Unpublish a package you own. Body: {"name":"legion-mylib"}

Search

GET

/search?q=:query&limit=20

Full-text search with relevance scoring. Searches name, description, keywords, and author. Returns ranked results.

curl "https://legion-registry.hexabhhexabbh.workers.dev/api/v1/search?q=http&limit=10"

Users

GET

/users/:username

Get public user profile.

GET

/users/:username/packages

Get all packages published by a user.

Tokens

GET

/tokens🔑 auth

List your API tokens (shows prefix only, not full value).

POST

/tokens🔑 auth

Create a new token. Body: {"name":"CI token","scopes":["read","publish"]}. Returns full token value (shown once).

DELETE

/tokens/:id🔑 auth

Revoke a token by its short ID (last 8 chars).

Stats

GET

/stats

Registry-wide statistics: total packages, downloads, users, popular packages.

{ "success": true, "packages": 8, "downloads": 23000, "users": 3, "popular": […] }

Audit

POST

/audit

Check your dependencies for issues. Body: {"dependencies":{"legion-http":"^1.0.0"}}

{ "success": true, "advisories": [], "scanned": 1, "clean": true }

CLI Reference

legion pkg install <pkg>Install a package

legion pkg install <pkg>@<ver>Install a specific version

legion pkg remove <pkg>Uninstall a package

legion pkg listList installed packages

legion pkg search <query>Search the live registry

legion pkg info <pkg>Show package metadata

legion pkg init [name]Initialize a new project

legion pkg publishPublish to the registry

legion pkg loginAuthenticate (interactive)

legion pkg login --token lgn_…Authenticate with token

legion pkg whoamiShow current user

legion pkg logoutClear stored credentials

legion pkg auditAudit dependencies

Error codes

Status	Meaning
400	Bad request — invalid input or missing fields
401	Unauthorized — token missing or invalid
403	Forbidden — you don't own this resource
404	Not found — package or user doesn't exist
409	Conflict — username taken or version already published
429	Rate limited — slow down your requests
500	Server error — report to the team