React secure state
React Secure State
A secure and reliable state management tool with fine-grained permission control and ultimate rendering performance. The project is written primarily in TypeScript, distributed under the MIT License license, first published in 2025. Key topics include: access-control, privilege, react, react-context, react-secure-state.
react-secure-state
A secure and reliable state management tool with fine-grained permission control and ultimate rendering performance.
Features:
- π Store: State Management Framework
- π‘οΈ Secure: Field-level Access Control
- π Extreme Performance: Support point-to-point rendering for store data updates
- π Typed: Powerful Type Inference
- π Lightweight: Zero Dependencies
Installation
npm i react-secure-state -S
Usage
react-secure-state is designed to strictly control store data read and write permissions. Developers can explicitly declare and request read or write access to specific fields. If a field is not included in the declared permissions, modifications will not be permitted.
createStore
./store.tsx
tsximport { createStore } from 'react-secure-state'; export interface StoreType { name: string; height: number; } const { StoreProvider, useStoreValues } = createStore<StoreType>(); export { StoreProvider, useStoreValues };
initialize store
./App.tsx
tsximport { StoreProvider } from './store'; import { Child1, Child2 } from './Child'; function App() { const data = { name: 'Bob', height: 180, }; return ( <StoreProvider initialValue={data}> <Child1 /> <Child2 /> </StoreProvider> ); }
use store value
./Child.tsx
tsximport { useStoreValues } from './store'; export function Child1() { // apply field `name` read & write permission // note: `setFieldValue` can only update field `name`, has no permission to update other fields const [values, { setFieldValue }] = useStoreValues(['name']); console.log(data); // data = { name } const handleClick = () => { // has no permission to update other fields setFieldValue('name', 'James'); }; return ( <div> {data.name} <button onClick={handleClick}>update name</button> </div> ); } export function Child2() { // apply field `height` read & write permission // note: `setFieldValue` can only update field `height`, has no permission to update other fields const [values, { setFieldValue }] = useStoreValues(['height']); console.log(data); // data = { height } const handleClick = () => { // has no permission to update other fields setFieldValue('height', 110); }; return ( <div> {data.height} <button onClick={handleClick}>update height</button> </div> ); }
LICENSE
MIT
Contributors
Showing top 1 contributor by commit count.
Related Repositories
hasura/graphql-engine
Blazing fast, instant realtime GraphQL APIs on all your data with fine grained access control, also trigger webhooks on database events.
apache/casbin
Apache Casbin: an authorization library that supports access control models like ACL, RBAC, ABAC.
Permify/permify
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application. β Permify is now part of FusionAuth π
ory/keto
The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
cerbos/cerbos
Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
zenstackhq/zenstack
Modern data layer for TypeScript apps - type-safe ORM, built-in access control, automatic query services