Paseto
PASETO (Platform-Agnostic SEcurity TOkens) for Node.js with no dependencies
> [!IMPORTANT] > This project is now archived. It may get revived when v5 and v6 protocol versions get released and their underlying crypto becomes readily available in Web Cryptography API implementations across JavaScript runtimes. The project is written primarily in JavaScript, distributed under the MIT License license, first published in 2019. Key topics include: decode, decrypt, encrypt, paseto, sign.
[!IMPORTANT]
This project is now archived. It may get revived when v5 and v6 protocol versions get released and their underlying crypto becomes readily available in Web Cryptography API implementations across JavaScript runtimes.
paseto
PASETO: <strong>P</strong>latform-<strong>A</strong>gnostic <strong>SE</strong>curity <strong>TO</strong>kens for Node.js with no dependencies.
Supported Library Versions
| Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ |
|---|---|---|---|
| v3.x | Security Policy | ❌ | ❌ |
Implemented Protocol Versions
| v1 | v2 | v3 | v4 | |
|---|---|---|---|---|
| local | ✅ | ❌ | ✅ | ❌ |
| public | ✅ | ✅ | ✅ | ✅ |
Documentation
Usage
Installing paseto
consolenpm install paseto
Usage
jsconst paseto = require('paseto') // Generic (all versions) APIs const { decode } = paseto // PASETO Protocol Version v1 specific API const { V1 } = paseto // { sign, verify, encrypt, decrypt, generateKey } // PASETO Protocol Version v2 specific API const { V2 } = paseto // { sign, verify, generateKey } // PASETO Protocol Version v3 specific API const { V3 } = paseto // { sign, verify, encrypt, decrypt, generateKey } // PASETO Protocol Version v4 specific API const { V4 } = paseto // { sign, verify, generateKey } // errors utilized by paseto const { errors } = paseto
Producing tokens
jsconst { V4: { sign } } = paseto (async () => { { const token = await sign({ sub: 'johndoe' }, privateKey) // v4.public.eyJzdWIiOiJqb2huZG9lIiwiaWF0IjoiMjAyMS0wOC0wM1QwNTozOTozNy42NzNaIn3AW3ri7P5HpdakJmZvhqssz7Wtzi2Rb3JafwKplLoCWuMkITYOo5KNNR5NMaeAR6ePZ3xWUcbO0R11YLb02awO } })()
Consuming tokens
jsconst { V4: { verify } } = paseto (async () => { { const payload = await verify(token, publicKey) // { sub: 'johndoe', iat: '2019-07-01T15:22:47.982Z' } } })()
FAQ
Semver?
Yes. Everything that's either exported in the TypeScript definitions file or
documented is subject to
Semantic Versioning 2.0.0. The rest is to be considered
private API and is subject to change between any versions.
How do I use it outside of Node.js
It is only built for Node.js environment versions >=16.0.0
Contributors
Showing top 6 contributors by commit count.
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Related Repositories
wader/fq
jq for binary formats - tool, language and decoders for working with binary and text formats
mathiasbynens/he
A robust HTML entity encoder/decoder written in JavaScript.
aserbao/AndroidCamera
🔥🔥🔥自定义Android相机(仿抖音 TikTok),其中功能包括视频人脸识别贴纸,美颜,分段录制,视频裁剪,视频帧处理,获取视频关键帧,视频旋转,添加滤镜,添加水印,合成Gif到视频,文字转视频,图片转视频,音视频合成,音频变声处理,SoundTouch,Fmod音频处理。 Android camera(imitation Tik Tok), which includes video editor,audio editor,video face recognition stickers, segment recording,video cropping, video frame processing, get the first video frame, key frame, video rotation, add filter Mirror ,add watermark ,add gif to video, add text to video, picture to video, audio and video synthesis, audio change processing, SoundTouch, Fmod audio processing.
kn007/silk-v3-decoder
[Skype Silk Codec SDK]Decode silk v3 audio files (like wechat amr, aud files, qq slk files) and convert to other format (like mp3). Batch conversion support.
0Chencc/CTFCrackTools
The next-generation CTF Swiss Army Knife powered by Rust & Tauri. Features a visual node-based workflow and local AI intelligence for extreme performance and automation.China's first CTFTools framework.
fabiocaccamo/python-benedict
:blue_book: dict subclass with keylist/keypath support, built-in I/O operations (base64, csv, html, ini, json, pickle, plist, query-string, toml, xls, xml, yaml), s3 support and many utilities.