77 modules · 111,100+ lines · replaces 60+ npm packages · Web7-L6 AAA
The complete JavaScript toolkit built from scratch — no React, no Express, no Zod.
forge/moat module · 50 defensive primitives in 12 categories — Bloom · CountMinSketch · HyperLogLog · CRDTs · CBOR · Merkle · Shamir · JWE · JSON Patch · 77 modules · 112,700+ lines
ViewTransitions, DrawSVG, MagneticEffect, DecayPhysics, CSSVariableAnimator · 77 modules · 111,100+ lines
policy, trace, replay, simulator · 77 modules · 111,100+ lines
DisputeArbitration, SettlementHistory, DISPUTE_STATES, DISPUTE_OUTCOMES · 61 modules
PresenceHeartbeat, CRDTConflictLog, transformOp() · 49 modules
memory, consent, provenance, zkml, conformance · AMP negotiate() + revoke() verbs
_internal/ primitives · crypto + binary + time de-duplicated across 6–8 modules
forge/client/signal works
import/require
sideEffects: false · tree-shakeable by default
One framework. Zero dependencies. Every category of tool you need — in a single, consistent API.
A fresh project pulls 800+ packages before you write a single line. Half of them you've never heard of. All of them you're responsible for.
Upgrade one library and watch three others shatter. Major migrations rewrite entire architectures and burn weeks of sprint capacity.
colors.js. node-ipc. event-stream. Malicious packages hit production at scale. Every dependency is a door you don't control.
Shipping React + Router + State + Forms + Charts + Animations easily crosses 600 KB before your actual product code even loads.
Every library has its own mental model. Axios differs from fetch, Prisma from Knex, Zustand from Redux. Context-switching kills velocity.
Security patches trickle through 6+ hops before reaching you. Your app stays vulnerable for weeks waiting on upstream maintainers.
We catalogued 100 ways HBForge is measurably better than the React, Node.js, and Next.js defaults — each with a zero-dependency solution.
See 100 Wins →No boilerplate. No config files. No framework decisions to make.
One package. All 77 modules. No peer dependencies, no optional installs, no version matrix to manage.
Tree-shakeable by module. Use just the server, just the client, or combine all 16. Everything shares one consistent design language.
Zero external dependencies means zero supply chain risk. One codebase to audit. One team responsible. Total ownership.
Each module is a production-grade replacement for an entire category of npm packages.
Barnes-Hut O(n log n) force sim · bezier flow edges · BFS path-tracer · live search · mini-map · detail panel. Click to inspect. Double-click to focus-zoom.
Scroll to zoom · Drag to pan · Click to inspect · Double-click to zoom-fit · ⟶ Path to trace chains · Esc to reset
"We didn't replace one package. We replaced sixty."
Fine-grained reactivity that updates exactly what changed — bypasses VDOM diffing entirely.
// forge/client — reactive signals import { signal, computed } from '@hyperbridge/forge/client'; // Create a reactive signal const count = signal(50); // Derived computeds — auto-update const doubled = computed(() => count.value * 2 ); const squared = computed(() => count.value ** 2 ); // No re-render. No diff. Just works. count.value = 75; // → all computeds update
"From the first signal() to the last res.json() — it's all HBForge."
Canvas-powered charts rendered entirely by HBForge — no Chart.js, no D3, no Recharts.
Beautiful, accessible notifications with zero configuration. No react-hot-toast, no Sonner.
"What if node_modules was just... empty? That's HBForge."
Real-time client validation + server-side safeParse via the /api/validate endpoint.
// Client-side schema (forge/schema) const { z } = ForgeSchema; const schema = z.object({ name: z.string().min(2), email: z.string().email(), age: z.number().int().optional(), }); // Real-time validation const result = schema.safeParse(data); if (result.success) { // POST to /api/validate // Server also runs safeParse() } // Replaces: Zod, Yup, Joi, Valibot
One file. All 77 modules. Still lighter than a partial React stack.
Import only what you need — per-module sizes
import { signal } from '@hyperbridge/forge/client'const F = await import('@hyperbridge/forge/3d')import '@hyperbridge/forge/client/signals'npx hbforge bundle --only client,auth"111,100+ lines wrote themselves so you'd never write npm install again."
No React. No Vue. No jQuery. Every interaction on this page is powered by HBForge modules.
No peer dependencies. No optional installs. No version matrix. This is what npm install looks like when you only need one package.
$
HBForge ships every HyperBridge internal product. Enterprise clients get the same stack. Developer preview available on request.
🔒 Enterprise only — not on npm yet
Access is by invitation. Request developer preview →
@hyperbridge:registry=https://registry.hbforge.dev //registry.hbforge.dev/:_authToken=hbf_t2_<your-token>
$ npm install @hyperbridge/forge
import { createServer } from '@hyperbridge/forge/server'; const app = createServer(); app.get('/hello', (req, res) => { res.json({ message: 'Hello from HBForge' }); }); app.listen(3000); // Replaces Express, Fastify, Apollo
import { signal, computed, useEffect } from '@hyperbridge/forge/client'; const count = signal(0); const double = computed(() => count.value * 2); useEffect(() => { console.log('count changed:', count.value); }); // Replaces React, React Router, TanStack Query
import { z } from '@hyperbridge/forge/schema'; const UserSchema = z.object({ name: z.string().min(2).max(50), email: z.string().email(), age: z.number().int().min(0).max(120).optional(), }); // Replaces: Zod, Yup, Joi, Valibot const result = UserSchema.safeParse(data);
"Fifteen modules. One vision. Zero dependencies. Total control. That's not a framework — that's a forge."
The complete story behind building the zero-dependency JavaScript framework that replaces 60+ npm packages
Modern JavaScript applications suffer from dependency hell. A typical web project pulls in 300-500 npm packages just to handle:
Each adds complexity, security surface area, bundle size, and maintenance burden.
What if you could build complete, production-ready applications with a single, cohesive framework that includes:
All in 111,100+ lines of pure JavaScript with zero external dependencies.
HBForge was born from frustration. The founding team at HyperBridge Digital spent years building production applications and watching:
We asked: "What if we built everything ourselves?"
v1.0.0 (Initial Launch) — 7,957 lines across 8 core modules (client, server, auth, data, form, animate, notify, schema). Proved the concept: build a real framework without npm.
v2.0.0 (Major Expansion) — 3x growth to 14 modules, adding: PDF generation, full-text search, charts, email/SMTP, testing framework, CLI tools, internationalization.
v3.3.0 — 94,211 lines. 22 complete modules including forge/prime (Web7 + Kynetra Prime), forge/display, forge/wasm (KYRx/ClearScript WASM loader), forge/ai, and forge/3d. 1,200+ documented APIs. Solves 100 real React/Node/Next problems out-of-the-box. BYOA agents, DID identity, Proof-of-Outcome, Vigil audit trail, full WASM runtime.
v3.4.4 — 94,653 lines. Bundle-size overhaul across 5 phases: sideEffects: false for tree-shaking, dual CJS/ESM with 1,400+ named exports, deep subpath imports (forge/client/signal), browser/Node conditional exports (~1 MB saved from browser bundles on server/mail/pdf/cli/test), and shared _internal/ primitives (crypto/binary/time) to de-duplicate across modules.
v4.1.0 — 105,356 lines. Web7-L6 AAA conformance: 30/30 tests passing across 12 spec categories. Five new modules closing Web7 protocol gaps — memory/ (scoped agent memory with fall-through reads), consent/ (append-only hash-chained consent ledger), provenance/ (C2PA 2.0-compatible manifests with selective disclosure), zkml/ (multi-attestor MVP with swappable proof backend), conformance/ (formal test harness). AMP gains negotiate() (multi-round terms) and revoke() (invalidates downstream PoO). Zero new dependencies; all new modules tree-shakeable.
v4.2.3 — 111,100+ lines. Physics engine: new physics/ module — Barnes-Hut O(n log n) N-body (2D + 3D), force-directed graph layout with phyllotaxis init, XPBD constraint solver, SPH fluid, inline Web Worker protocol. 77 modules total, 1,399+ APIs, still zero dependencies, fully tree-shakeable.
v4.4.0 (Current) — 112,700+ lines. forge/moat: new defensive-primitives module — 50 production-grade algorithms in 12 categories (BloomFilter, CountMinSketch, HyperLogLog, CuckooFilter, MinHash, GCounter, PNCounter, GSet, ORSet, LWWRegister, Lamport/Vector/Hybrid logical clocks, CBOR, MessagePack, base32/base58/varint, MerkleTree with proofs, Shamir secret sharing, Hashcash PoW, ConsistentHash ring, JSONPointer, JSONPatch, JSONMergePatch, JSONPath, AdaptiveTimeout, Bulkhead, HedgedRequest, RetryPolicy with decorrelated jitter, URLPatternMatcher, RangeParser, ContentNegotiator, sseStream, LSH, ReservoirSampling, ExponentialBackoff, RingBuffer, PriorityQueue, SkipList, SegmentTree, DiffMyers, PatchApply, Phonetic, NGrams, PEM, ASN.1 DER, JWK, JWE A256GCM). All 50 verified with 49/49 smoke tests. 77 modules, zero dependencies.
v4.3.0 — 111,100+ lines. animate v4.1: +3,195 lines, 5 new subsystems — ViewTransitions (View Transition API + FLIP polyfill, crossfade, pageTransition, sharedElementTransition, routeTransition), DrawSVG (stroke draw/undraw, SVGDrawGroup, drawText, traceSVG, pulseSVG, drawOnScroll, SVGPathFollower), MagneticEffect (cursor attraction/repulsion, MagneticField, magneticCursor, magneticOrbit, magneticRipple, magneticLine), DecayPhysics (decay, inertiaEl, InertiaTracker, momentumScroll, snapTo, rubberBand, elasticBounce), CSSVariableAnimator (animateVar, springVar, MotionVarGroup, cssVarTimeline, watchVar, oklch color interpolation, cssThemeTransition). 77 modules, 1,399+ APIs, zero dependencies.
No third-party code means no supply chain attacks. You control everything.
Tiny bundles. No redundant polyfills. Fast load times and instant startup.
Single npm package. No version conflicts. No nested node_modules hell.
All modules designed together. Consistent APIs. Better DX than mixing libraries.
Own your entire tech stack. No waiting for upstream fixes. Debug everything.
One codebase. One update cycle. No transitive dependency issues.
HBForge is production-ready and battle-tested. Built by engineers who use it daily in real applications. We're committed to:
The evolution of HBForge — built in-house, shipped without npm, grown release by release into the most complete zero-dependency JavaScript framework ever written.
Could a production-quality JavaScript framework exist without a single npm dependency? We bet the answer was yes. Eight modules, every line written by hand.
client server auth data
form animate notify schema
14 modules. PDF generation from scratch. A full-text BM25 search engine. SVG chart rendering with no canvas libraries. Raw SMTP over a Node socket. All written from zero.
pdf search chart mail
test cli
+ 8 from v1.0
Entire existing codebase rewritten and expanded 5×. Added WebGL2 3D engine, progressive web app primitives, AI tooling, internationalization — all zero-dependency, all in pure JS.
pwa ai 3d i18n
+ 14 from v2.0 (all 5× expanded)
HBForge becomes the L6 application layer of the Web7 stack. Kynetra Prime, DID identity, AMP routing, Proof-of-Outcome, Vigil audit trail, and a full WASM host runtime for KYRx (L1) and ClearScript (L5) modules. 100 React/Node/Next problems solved out-of-the-box.
prime
display
wasm
+ 19 modules (all further hardened)
30/30 tests passing across 12 Web7 spec categories. Five new modules close the protocol gap — scoped agent memory, append-only consent ledger, C2PA 2.0 provenance, zkML attestations, and a formal conformance harness. AMP gains negotiate() and revoke(). Zero new dependencies; all modules tree-shakeable.
memory
consent
provenance
zkml
conformance
Four new modules give agents the governance and observability they need for production. policy/ declarative guardrail engine, trace/ structured telemetry with PoO linking, replay/ deterministic re-execution from trace, simulator/ multi-agent scenario sandbox. Still zero dependencies, fully tree-shakeable.
policy
trace
replay
simulator
Built by HyperBridge Digital's founding team
Chief Executive Officer
CEO & Founder of HyperBridge Digital. Full-stack architect designing the HBForge ecosystem. Based in Chennai, India.
Chief Technology Officer
Co-founder & CTO. Core architect of HBForge's 18-module framework and zero-dependency philosophy. Leads technical innovation.
HBForge delivers competitive performance with zero dependency overhead.
React + Express + Prisma + Zod + ...
One framework. Everything built-in. Web7-L6 AAA.
@hyperbridge/forge/server ships WebApp — a Fetch-API-native HTTP layer with the same ergonomics as Hono.
One app instance, every modern runtime. Zero new dependencies.
WebApp:param · * wildcardawait next())c.json · c.text · c.html · c.redirectc.req.param · query · json · formData.json() / .text() safely twiceapp.route(path, sub)html`` tagged template — auto-escape + raw() opt-outonError + notFound hooksapp.listen(3000)@hono/node-serverhono + adaptersimport { Hono } from 'hono' import { serve } from '@hono/node-server' import { cors } from 'hono/cors' const app = new Hono() app.use('*', cors()) app.get('/users/:id', (c) => { return c.json({ id: c.req.param('id') }) }) serve({ fetch: app.fetch, port: 3000 })
const { WebApp, webCors } = require('@hyperbridge/forge/server') const app = new WebApp() app.use('*', webCors()) app.get('/users/:id', (c) => { return c.json({ id: c.req.param('id') }) }) app.listen(3000) // no adapter needed
WebApp instance also speaks
WebSockets, JWT, sessions, cron, GraphQL, OpenAPI, and tRPC-style RPC
from one zero-dependency module — features Hono leaves to the ecosystem.
All 25 examples →
HBForge implements the complete Web7 L6 specification. Run the suite yourself: require('@hyperbridge/forge/conformance').runConformance()
negotiate() (multi-round term negotiation) and revoke() (invalidates downstream PoO). isRevoked() / listRevocations().The same full-stack app. One version using the modern JS ecosystem. One using HBForge.
"dependencies": { "react": "^18.2", // UI "react-dom": "^18.2", "react-router-dom": "^6", "express": "^4", // Server "cors": "^2", "helmet": "^7", "prisma": "^5", // ORM "@prisma/client": "^5", "passport": "^0.7", // Auth "jsonwebtoken": "^9", "framer-motion": "^11", // Animations "chart.js": "^4", // Charts "nodemailer": "^6", // Email "zod": "^3", // Validation "pdfmake": "^0.2", // PDF "lunr": "^2", // Search "i18next": "^23", // i18n "jest": "^29", // Tests "commander": "^12" // CLI // ...and ~780 more transitive }
"dependencies": { "@hyperbridge/forge": "^3.0" } // That's it. // All 77 modules. One package. // 0 transitive dependencies. // 111,100+ lines of battle-tested code. // One team to trust. // One codebase to audit. // One API to learn. // npm audit: found 0 vulnerabilities // // ✓ UI (replaces React) // ✓ Server (replaces Express) // ✓ ORM (replaces Prisma) // ✓ Auth (replaces Passport) // ✓ Animate (replaces Framer) // ✓ Charts, PDF, Search, // Mail, i18n, CLI, Test...
Not a toy framework. Production-grade for every app type.
Multi-tenant auth, subscription billing hooks, role-based dashboards, email workflows, and real-time notifications — all from one framework.
Rich charts, live data tables, form builders, search and filtering — fully reactive without a single external UI library.
HTTP routing, GraphQL, WebSocket, job queues, cron — all in a single server with predictable latency and zero runtime overhead from deps.
Service workers, Web Push (RFC 8291/8292), background sync, and offline caching — install on any device, work without internet.
PDF generation, QR codes, digital signatures, email delivery, templating — the full document pipeline with no external libs.
RTL support, ICU message formatting, plural rules for 20+ languages, locale-aware numbers and dates — built right in.
HBForge is currently powering HyperBridge Digital's own internal products. External access is available exclusively to enterprise clients by invitation — no public npm release yet.
HBForge is battle-tested in production on our own internal platforms. We're opening a limited developer preview to selected engineers and teams who want early access before the public release.
Read the full API reference while you wait — docs are public, access is gated.
Explore the Docs → Enterprise Inquiry ↗
The JavaScript ecosystem convinced us that more dependencies equals more power. It doesn't.
It equals more attack surface, more version conflicts, more things that break at 2 AM.
We spent years watching production apps fail not because of our code — but because of someone
else's package, three levels deep in a dependency tree we never agreed to own.
So we built everything ourselves. Not as a stunt. As a deliberate architectural decision
— that the only software you can truly trust is software you can fully read, understand, and change.
The AI operating system built on top of HBForge. 2× every capability — zero new dependencies. Token-only. BYOA-ready. Fully observable.
Every HBForge module gets an AI twin — auto-generated schemas, intelligent query plans, smart email templates, and vector search on top of forge/data.
No passwords. No sessions. Every agent call is authenticated with a scoped API token — signed, auditable, and time-limited. Full RBAC on every action.
Intelligent model routing across 200+ AI models. Redis-backed caching, predictive pre-fetching, and auto-batching layered on top of forge/data and forge/server.
10 native agents trained by PRIME — plus Bring Your Own Agent. Register any custom agent class and get token auth, telemetry, memory, and model routing for free.
Kynetra Prime authenticates every interaction via scoped API tokens. Tokens carry permissions, TTL, agent scope, and audit trail — they expire, rotate, and revoke automatically.
import { KynetraPrime } from '@hyperbridge/kynetra-prime';
// Token-only — no username/password
const prime = new KynetraPrime({
token: process.env.KP_TOKEN, // scoped API token
agents: ['FORGE', 'SHIELD'],
telemetry: true,
});
// Token is validated, scoped, TTL-checked
const result = await prime.run('FORGE', {
task: 'generate-schema',
input: { table: 'users' },
});Every agent action is traced end-to-end. Token usage, latency percentiles, error rates, model cost per run, and business metric correlation — one unified dashboard.
Register any custom agent class with registerAgent(). It instantly inherits token-scoped auth, full telemetry, memory access, PRIME training, and model routing — no boilerplate.
// 1. Define your agent
class InvoiceAgent {
async run({ input, memory, model }) {
const data = await memory.recall(input.clientId);
return model.generate('draft-invoice', data);
}
}
// 2. Register — gets full Prime infra
prime.registerAgent('INVOICE', InvoiceAgent, {
token: { scope: ['invoices:write'] },
telemetry: true,
trainable: true, // PRIME learns from runs
});
// 3. Run — same API as built-in agents
await prime.run('INVOICE', { clientId: 'c_123' });Kynetra Prime is in private access — available to HBForge enterprise customers.
Request Prime Access ↗ View HBForge ModulesWe know what you're thinking. Here's the honest version.
The framework trusted by enterprises for production-grade applications. Zero dependencies. Total control.
Currently Enterprise Only
Opening to the Developer Community on June 25, 2026