paseto
PASETO: Platform-Agnostic SEcurity TOkens for Node.js no dependencies.
Implemented Protocol Versions
| v1 | v2 | v3 | v4 |
---|
local | ✅ | ❌ | ✅ | ❌ |
public | ✅ | ✅ | ✅ | ✅ |
Support
If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.
Documentation
Usage
Installing paseto
npm install paseto
Usage
const paseto = require('paseto')
const { decode } = paseto
const { V1 } = paseto
const { V2 } = paseto
const { V3 } = paseto
const { V4 } = paseto
const { errors } = paseto
Producing tokens
const { V4: { sign } } = paseto
(async () => {
{
const token = await sign({ sub: 'johndoe' }, privateKey)
}
})()
Consuming tokens
const { V4: { verify } } = paseto
(async () => {
{
const payload = await verify(token, publicKey)
}
})()
FAQ
Supported Library Versions
Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ | Node.js version supported |
---|
3.x.x | ✅ | ✅ | ✅ | >= 16.0.0 |
2.x.x | ✅ | ✅ until 2022-04-30 | ❌ | ^12.19.0 || >=14.15.0 |
1.x.x | ✅ | ❌ | ❌ | >= 12.0.0 |
Semver?
Yes. Everything that's either exported in the TypeScript definitions file or
documented is subject to
Semantic Versioning 2.0.0. The rest is to be considered
private API and is subject to change between any versions.
How do I use it outside of Node.js
It is only built for Node.js environment versions >=16.0.0