PASETO: Platform-Agnostic SEcurity TOkens for Node.js with no dependencies.
| v1 | v2 | v3 | v4 | |
|---|---|---|---|---|
| local | ✅ | ❌ | ✅ | ❌ |
| public | ✅ | ✅ | ✅ | ✅ |
If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.
Installing paseto
npm install pasetoUsage
const paseto = require('paseto')
// Generic (all versions) APIs
const { decode } = paseto
// PASETO Protocol Version v1 specific API
const { V1 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
// PASETO Protocol Version v2 specific API
const { V2 } = paseto // { sign, verify, generateKey }
// PASETO Protocol Version v3 specific API
const { V3 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
// PASETO Protocol Version v4 specific API
const { V4 } = paseto // { sign, verify, generateKey }
// errors utilized by paseto
const { errors } = pasetoconst { V4: { sign } } = paseto
(async () => {
{
const token = await sign({ sub: 'johndoe' }, privateKey)
// v4.public.eyJzdWIiOiJqb2huZG9lIiwiaWF0IjoiMjAyMS0wOC0wM1QwNTozOTozNy42NzNaIn3AW3ri7P5HpdakJmZvhqssz7Wtzi2Rb3JafwKplLoCWuMkITYOo5KNNR5NMaeAR6ePZ3xWUcbO0R11YLb02awO
}
})()const { V4: { verify } } = paseto
(async () => {
{
const payload = await verify(token, publicKey)
// { sub: 'johndoe', iat: '2019-07-01T15:22:47.982Z' }
}
})()| Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ | Node.js version supported |
|---|---|---|---|---|
| 3.x.x | ✅ | ✅ | ✅ | >= 16.0.0 |
| 2.x.x | ✅ | ❌ | ❌ | ^12.19.0 || >=14.15.0 |
| 1.x.x | ✅ | ❌ | ❌ | >= 12.0.0 |
Yes. Everything that's either exported in the TypeScript definitions file or documented is subject to Semantic Versioning 2.0.0. The rest is to be considered private API and is subject to change between any versions.
It is only built for Node.js environment versions >=16.0.0