PASETO: Platform-Agnostic SEcurity TOkens for Node.js with no dependencies.
| v1 | v2 | v3 | v4 | |
|---|---|---|---|---|
| local | ✅ | ❌ | ✅ | ❌ |
| public | ✅ | ✅ | ✅ | ✅ |
If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.
Installing paseto
npm install paseto
Usage
const paseto = require('paseto')
// Generic (all versions) APIs
const { decode } = paseto
// PASETO Protocol Version v1 specific API
const { V1 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
// PASETO Protocol Version v2 specific API
const { V2 } = paseto // { sign, verify, generateKey }
// PASETO Protocol Version v3 specific API
const { V3 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
// PASETO Protocol Version v4 specific API
const { V4 } = paseto // { sign, verify, generateKey }
// errors utilized by paseto
const { errors } = paseto
const { V4: { sign } } = paseto
(async () => {
{
const token = await sign({ sub: 'johndoe' }, privateKey)
// v4.public.eyJzdWIiOiJqb2huZG9lIiwiaWF0IjoiMjAyMS0wOC0wM1QwNTozOTozNy42NzNaIn3AW3ri7P5HpdakJmZvhqssz7Wtzi2Rb3JafwKplLoCWuMkITYOo5KNNR5NMaeAR6ePZ3xWUcbO0R11YLb02awO
}
})()
const { V4: { verify } } = paseto
(async () => {
{
const payload = await verify(token, publicKey)
// { sub: 'johndoe', iat: '2019-07-01T15:22:47.982Z' }
}
})()
| Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ | Node.js version supported |
|---|---|---|---|---|
| 3.x.x | ✅ | ✅ | ✅ | >= 16.0.0 |
| 2.x.x | ✅ | ❌ | ❌ | ^12.19.0 || >=14.15.0 |
| 1.x.x | ✅ | ❌ | ❌ | >= 12.0.0 |
Yes. Everything that's either exported in the TypeScript definitions file or documented is subject to Semantic Versioning 2.0.0. The rest is to be considered private API and is subject to change between any versions.
It is only built for Node.js environment versions >=16.0.0
FAQs
PASETO for Node.js with no dependencies
The npm package paseto receives a total of 31,148 weekly downloads. As such, paseto popularity was classified as popular.
We found that paseto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.