Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@apio/authentication-utils
Advanced tools
@apio/authentication-utils
A lightweight utility library for handling role-based authorization checks in Apio IoT applications.
@apio/authentication-utils
A lightweight utility library for handling role-based authorization checks in Apio IoT applications.
Table of Contents
- Installation
- Usage
- API Reference
- Authorization System
- Examples
- Type Definitions
- Contributing
- License
Installation
npm install @apio/authentication-utils
or using yarn:
yarn add @apio/authentication-utils
Usage
This package supports both CommonJS and ES Module imports.
CommonJS
const { hasAuthorization } = require('@apio/authentication-utils');
ES Modules
import { hasAuthorization } from '@apio/authentication-utils';
API Reference
hasAuthorization(wantedAuthorizations, authorizations, projectId)
Checks if a user has the required permissions for a specific project.
Parameters
wantedAuthorizations{Array<String>|String}- The permission(s) to check for. Can be a single string or an array of strings.authorizations{Array<Role>}- Array of role objects containing user's permissions for different projects.projectId{String}- The ID of the project to check permissions for.
Returns
{Boolean}- Returnstrueif the user has all the requested permissions,falseotherwise.
Authorization System
Permission Format
Permissions follow a dot-notation format, typically structured as:
domain.resource.action
Examples:
apio.core.plants.readapio.core.plants.writeapio.admin.users.delete
Wildcard Permissions
The system supports wildcard permissions using the * character:
apio.core.*- Grants all permissions underapio.coreapio.core.plants.*- Grants all actions on plants*- Grants all permissions (superadmin)
Negated Permissions
Permissions can be negated by prefixing them with -. Negated permissions take precedence over positive permissions:
permissions: [
'apio.core.*', // Grants all core permissions
'-apio.core.plants.delete' // Except deleting plants
]
Examples
Basic Usage
const hasAuthorization = require('@apio/authentication-utils');
const userRoles = [
{
projectId: 'project-123',
permissions: ['apio.core.plants.read', 'apio.core.plants.write']
},
{
projectId: 'project-456',
permissions: ['apio.core.*', '-apio.core.users.delete']
}
];
// Check single permission
const canRead = hasAuthorization('apio.core.plants.read', userRoles, 'project-123');
console.log(canRead); // true
// Check multiple permissions
const canManage = hasAuthorization(
['apio.core.plants.read', 'apio.core.plants.write'],
userRoles,
'project-123'
);
console.log(canManage); // true
// Check permission that doesn't exist
const canDelete = hasAuthorization('apio.core.plants.delete', userRoles, 'project-123');
console.log(canDelete); // false
Wildcard Example
const adminRoles = [
{
projectId: 'project-789',
permissions: ['apio.core.*'] // Has all core permissions
}
];
Negated Permissions Example
const limitedAdminRoles = [
{
projectId: 'project-999',
permissions: [
'apio.*', // All permissions
'-apio.admin.*', // Except admin permissions
'-apio.core.users.delete' // And cannot delete users
]
}
];
const canDeleteUsers = hasAuthorization(
'apio.core.users.delete',
limitedAdminRoles,
'project-999'
);
console.log(canDeleteUsers); // false
const canReadPlants = hasAuthorization(
'apio.core.plants.read',
limitedAdminRoles,
'project-999'
);
console.log(canReadPlants); // true
Type Definitions
Role Object Structure
interface Role {
projectId: string;
permissions: string[];
}
Function Signature
function hasAuthorization(
wantedAuthorizations: string | string[],
authorizations: Role[],
projectId: string
): boolean;
Best Practices
- Use specific permissions when possible rather than wildcards for better security control.
- Order matters for negated permissions - they always take precedence.
- Case-insensitive - All permission checks are case-insensitive for consistency.
- Validate inputs - The function filters out non-string permissions automatically.
Error Handling
The function handles edge cases gracefully:
- Returns
falseif no role is found for the specified project - Filters out invalid (non-string) permissions
- Handles single string or array input for
wantedAuthorizations
Contributing
Contributions are welcome! Please feel free to submit a Pull Request to the GitHub repository.
License
ISC © Apio IoT
FAQs
A lightweight utility library for handling role-based authorization checks in Apio IoT applications.
The npm package @apio/authentication-utils receives a total of 0 weekly downloads. As such, @apio/authentication-utils popularity was classified as not popular.
We found that @apio/authentication-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 13 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025