@smithery/biscuit
Advanced tools
Cloudflare Workers adapter for @biscuit-auth/biscuit-wasm.
The upstream package targets bundlers (wasm-pack --target bundler), which expect the bundler to handle WASM instantiation. Cloudflare Workers import .wasm files as pre-compiled WebAssembly.Module objects, so this package manually instantiates the module and wires it to the JS glue code.
import {
Biscuit,
KeyPair,
AuthorizerBuilder,
biscuit,
block,
authorizer,
generateKeyPair,
} from "@smithery/biscuit"
// Generate keys
const { privateKey, publicKey } = generateKeyPair()
// Mint a token using the tagged template helper
const builder = biscuit`user("alice"); check if time($t), $t <= ${new Date(Date.now() + 3600_000)};`
const token = builder.build(privateKey)
// Attenuate with a restriction block
const restricted = token.appendBlock(
block`check if operation($op), ["read"].contains($op);`
)
// Verify
const auth = authorizer`time(${new Date()}); operation("read"); allow if true;`
const verifier = auth.buildAuthenticated(restricted)
verifier.authorize() // throws if checks fail
| Path | Contents |
|---|---|
@smithery/biscuit | All biscuit-wasm classes, tagged template helpers, generateKeyPair() |
@smithery/biscuit/shim | Raw WASM shim re-exports only |
The shim (src/shim.ts) does three things:
.wasm binary as a CF Workers WebAssembly.Module__wbg_* / __wbindgen_* glue functions from the JS bindingsThis is ~60 lines of code. Everything else is re-exported from @biscuit-auth/biscuit-wasm.
The shim imports internal files from @biscuit-auth/biscuit-wasm (module/biscuit_bg.js and module/biscuit_bg.wasm) that are not listed in the package's exports field. Modern bundlers (including Wrangler's esbuild) enforce exports strictly and refuse to resolve these subpaths.
A pnpm patch at patches/@biscuit-auth__biscuit-wasm@0.6.0.patch adds the missing subpath exports. If you upgrade @biscuit-auth/biscuit-wasm, regenerate the patch with pnpm patch and verify the shim still bundles under wrangler dev.
FAQs
Cloudflare Workers adapter for @biscuit-auth/biscuit-wasm
The npm package @smithery/biscuit receives a total of 109 weekly downloads. As such, @smithery/biscuit popularity was classified as not popular.
We found that @smithery/biscuit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.
Research
/Security News
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Security News
ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act begins enforcing software supply chain requirements.