Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

access-policy

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

access-policy

Encodes and decodes policy JSON files for use with web applications.

latest
Source
npmnpm
Version
3.1.0
Version published
Maintainers
1
Created
Source

Access Policy Encoder/Parser

Statements Format

{
  "statements": [ //Array
    {
      "effect": "deny", // String
      "action": "*", // String or Array
      "resource": [ // String or Array
        "/user/${user.id}/*"
      ],
      "condition": { // Object
        "equals": { // Object
          "key": "value"
        }
      },
      "restiction": {
        "equals": { // Object
          "key": "value"
        }
      }
    }
  ]
}

Statement

  • effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use deny.
  • action: The HTTP action (GET, POST, PUT, DELETE)
  • resource: The URL that is being accessed
  • condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
  • restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.

Encoding

Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.

Template Format

When encoding a policy variables are provided via template literal style strings.

{
    "key": "${value}"
}

Parsing

Accepted Data

The following object is what the parser expects to recieve.

{
    Action: 'GET',
    Resource: 'user/12345',
    property: 'value',
    property2: {
      key: 'value',
      key2: 'value'
    }
}

Required

The following properties are required for validation:

  • Method: The http method for the request (GET, POST, PUT, DELETE)
  • Resource: The pathname of the requesting URL

Optional

Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.

// Template
{
  "statements": [
    {
      "effect": "deny",
      "action": "*",
      "resource": [
        "/user/${user.id}/*"
      ],
      "restiction": {
        "equals": {
          "account_id": "${accountId}"
        }
      }
    }
  ]
}

// Data
{
  Action: "GET",
  Resource: "/user/1234",
  accountId: "5678"
}

Keywords

JWT
policy

FAQs

Package last updated on 27 Jul 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Announcing Socket Fix 2.0

Product

Announcing Socket Fix 2.0

Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.

By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg  -  Sep 10, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.