PASETO: Platform-Agnostic SEcurity TOkens for Node.js with no dependencies.

Implemented Protocol Versions

v1 v2 v3 v4 local ✅ ❌ ✅ ❌ public ✅ ✅ ✅ ✅

If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.

Installing paseto

npm install paseto

const paseto = require ( 'paseto' ) const { decode } = paseto const { V1 } = paseto const { V2 } = paseto const { V3 } = paseto const { V4 } = paseto const { errors } = paseto

Producing tokens

const { V4 : { sign } } = paseto ( async () => { { const token = await sign({ sub : 'johndoe' }, privateKey) } })()

Consuming tokens

const { V4 : { verify } } = paseto ( async () => { { const payload = await verify(token, publicKey) } })()

Supported Library Versions

Version Security Fixes 🔑 Other Bug Fixes 🐞 New Features ⭐ Node.js version supported 3.x.x ✅ ✅ ✅ >= 16.0.0 2.x.x ✅ ✅ until 2022-04-30 ❌ ^12.19.0 || >=14.15.0 1.x.x ✅ ❌ ❌ >= 12.0.0

Yes. Everything that's either exported in the TypeScript definitions file or documented is subject to Semantic Versioning 2.0.0. The rest is to be considered private API and is subject to change between any versions.

How do I use it outside of Node.js

It is only built for Node.js environment versions >=16.0.0