Security News
crates.io Ships Security Tab and Tightens Publishing Controls
crates.io adds a Security tab backed by RustSec advisories and narrows trusted publishing paths to reduce common CI publishing risks.
By Sarah Gooding - Jan 27, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
@kilpi/core
Advanced tools
@kilpi/core
Kilpi Core · Kilpi is the authorization framework for full-stack TypeScript applications, designed for flexible, powerful, agnostic, intuitive and developer friendly authorization.
🐢 Kilpi — Authorization made simple
Kilpi is the open-source TypeScript authorization library designed for developers who need flexible, powerful, and intuitive authorization.
Designed and created by Jussi Nevavuori with ❤️ in Brisbane & Helsinki
Features
- Server-first authorization
- Framework agnostic
- Auth provider agnostic
- Policies as code
- Async policies
- Supports any authorization model
- Protected queries
- Plugin API & Library
- Developer friendly API
- 100% Type-safe
Installation guides
...or any other framework - Kilpi is easy to integrate into any TypeScript application.
Examples
Define policies declaratively and authorize actions with one line
// Kilpi.ts
export const Kilpi = createKilpi({
// (1) Connect your authentication provider with subject adapter
async getSubject() {
return myAuthProvider.getCurrentUser();
},
// (2) Define all policies
policies: {
documents: {
update(user, doc: Document) {
if (!user) return deny({ message: "Unauthenticated" });
return user.id === doc.ownerId ? grant(user) : deny();
},
},
},
});
// (3) Protect with one-liners
// Option 1: Succeed or throw
const user = await Kilpi.authorize("documents:update", document);
// Option 2: Authorization as boolean
const isAuthorized = await Kilpi.isAuthorized("posts:comment", post);
// Option 3: Full authorization decision object with all metadata
const decision = await Kilpi.getAuthorizationDecision("comments:delete", comment);
Continue learning about
- Plugins
- Protecting queries, actions, UI, pages, routes, ...
- Components
And much more.
FAQs
Kilpi Core · Kilpi is the authorization framework for full-stack TypeScript applications, designed for flexible, powerful, agnostic, intuitive and developer friendly authorization.
The npm package @kilpi/core receives a total of 22 weekly downloads. As such, @kilpi/core popularity was classified as not popular.
We found that @kilpi/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consent.
By Kush Pandya - Jan 27, 2026
Security News
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
By Sarah Gooding - Jan 23, 2026