npmpackage.info

Gathering detailed insights and metrics for paseto

Other packages similar to paseto

paseto-ts

2.0.5

PASETO v4 (encrypt, decrypt, sign & verify) in TypeScript

passport-paseto

0.1.0-alpha.2

Paseto passport

paseto-browser

0.1.1

In-browser JavaScript implementation of PASETO

paseto-passport

0.0.1

Passport.js framework that uses Paseto tokens for sessions

Gathering detailed insights and metrics for paseto

paseto - 3.1.4 | npmpackage.info

paseto

PASETO (Platform-Agnostic SEcurity TOkens) for Node.js with no dependencies

3.1.4

481

MIT

JavaScript

52.66 kB

4.2

Installations

npm install paseto

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=16.0.0

Node Version

18.16.0

NPM Version

9.5.1 Pull Requests

Open

0

Total

14

Closed

2

Merged

12

Issues

Open

0

Total

18

Closed

18

Releases

v3.1.4

Updated on Apr 27, 2023

v3.1.3

Updated on Apr 26, 2023

v3.1.2

Updated on Oct 27, 2022

v3.1.1

Updated on Sep 12, 2022

v3.1.0

Updated on Oct 18, 2021

v3.0.1

Updated on Aug 04, 2021

View All 21 releases

Languages

JavaScript

TypeScript

JavaScript (95.95%)

TypeScript (4.05%)

Developer

panva

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

481 Stars

160 Commits

28 Forks

6 Watchers

6 Branches

5 Contributors

Updated on Jul 11, 2025

Sponsor this package

https://github.com/sponsors/panva

Maintainers

View All 5 Contributors

Package Meta Information

Latest Version

3.1.4

Package Id

paseto@3.1.4

Unpacked Size

52.66 kB

Size

11.32 kB

File Count

NPM Version

9.5.1

Node Version

18.16.0

Published on

Apr 27, 2023

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@types/node ava prettier sinon tsd typescript

paseto

PASETO: Platform-Agnostic SEcurity TOkens for Node.js with no dependencies.

Implemented Protocol Versions

	v1	v2	v3	v4
local	✅	❌	✅	❌
public	✅	✅	✅	✅

Support

If you or your business use paseto, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.

Documentation

API Documentation

Usage

Installing paseto

1npm install paseto

Usage

1const paseto = require('paseto')
2
3// Generic (all versions) APIs
4const { decode } = paseto
5
6// PASETO Protocol Version v1 specific API
7const { V1 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
8
9// PASETO Protocol Version v2 specific API
10const { V2 } = paseto // { sign, verify, generateKey }
11
12// PASETO Protocol Version v3 specific API
13const { V3 } = paseto // { sign, verify, encrypt, decrypt, generateKey }
14
15// PASETO Protocol Version v4 specific API
16const { V4 } = paseto // { sign, verify, generateKey }
17
18// errors utilized by paseto
19const { errors } = paseto

Producing tokens

1const { V4: { sign } } = paseto
2
3(async () => {
4  {
5    const token = await sign({ sub: 'johndoe' }, privateKey)
6    // v4.public.eyJzdWIiOiJqb2huZG9lIiwiaWF0IjoiMjAyMS0wOC0wM1QwNTozOTozNy42NzNaIn3AW3ri7P5HpdakJmZvhqssz7Wtzi2Rb3JafwKplLoCWuMkITYOo5KNNR5NMaeAR6ePZ3xWUcbO0R11YLb02awO
7  }
8})()

Consuming tokens

1const { V4: { verify } } = paseto
2
3(async () => {
4  {
5    const payload = await verify(token, publicKey)
6    // { sub: 'johndoe', iat: '2019-07-01T15:22:47.982Z' }
7  }
8})()

FAQ

Supported Library Versions

Version	Security Fixes 🔑	Other Bug Fixes 🐞	New Features ⭐	Node.js version supported
3.x.x	✅	✅	✅	>= 16.0.0
2.x.x	✅	❌	❌	^12.19.0 \|\| >=14.15.0
1.x.x	✅	❌	❌	>= 12.0.0

Semver?

Yes. Everything that's either exported in the TypeScript definitions file or documented is subject to Semantic Versioning 2.0.0. The rest is to be considered private API and is subject to change between any versions.

How do I use it outside of Node.js

It is only built for Node.js environment versions >=16.0.0

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/panva/paseto/test.yml/main?enable=pin
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 2 third-party GitHubAction dependencies pinned

1

SAST

Determines if the project uses static code analysis.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Maintained

Determines if the project is "actively maintained".

0

Fuzzing

Determines if the project uses fuzzing.

Score

4.2

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More