npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

frtrss

v0.7.0

Published

A lightweight, type-safe authorization library for JavaScript/TypeScript applications

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jugglingthebitsjugglingthebits

Keywords

authorizationpermissionstypescriptabacaccess-control

Readme

frtrss

frtrss logo

A type-safe attribute-based access control (ABAC) authorization library for TypeScript applications.

Features

  • Type-safe, intuitive API for defining permissions
  • Field-level permissions with nested path support
  • Allow and deny permissions
  • Serialization/deserialization support
  • Optional validation support with zod
  • Safe default "deny all"
  • Full browser and Node.js compatibility with CommonJS and ES Modules support
  • Tree-shakeable for optimal bundle size
  • Complete TypeScript definitions

Installation

npm install frtrss

Zod is an optional peer dependency. If you want to use schema validation (recommended), install zod:

npm install zod

If you don't install zod, frtrss will fall back to basic runtime validation.

Basic Usage

import { PermissionBuilder, ResourceDefinition } from "frtrss";

interface User {
  id: string;
  role: "admin" | "editor" | "user";
}

interface Document {
  id: string;
  metadata: {
    title: string;
    status: "draft" | "published" | "archived";
    version: number;
  };
  content: string;
}

type DocumentActions = "read" | "write";

// Define the object type mapping
type ObjectTypes = {
  document: ResourceDefinition<Document, DocumentActions>;
};

// Create permissions with allow and deny rules
const permissions = new PermissionBuilder<ObjectTypes>()
  // Allow editors to read published documents with version >= 2
  .allow<User>({ id: "1", role: "editor" })
  .to(["read", "write"])
  .on("document") // document name is statically typed
  .fields(["metadata.title", "content"])    
  .when({
    field: "metadata.status", // field name is statically typed
    operator: "eq",
    value: "published",
  })
  .when({
    field: "metadata.version",
    operator: "gte",
    value: 2,
  })
  // But deny write access to published documents
  .deny<User>({ id: "1", role: "editor" })
  .to("write")
  .on("document")
  .fields(["content"])
  .when({
    field: "metadata.status",
    operator: "eq",
    value: "published",
  })
  .build();

// Check permissions
const canRead = permissions.check({
  subject: { id: "1", role: "editor" },
  action: "read",
  object: "document",
  field: "content",
  data: {
    metadata: { 
      status: "published",
      version: 3
    },
  },
}); // true

const canWrite = permissions.check({
  subject: { id: "1", role: "editor" },
  action: "write",
  object: "document",
  field: "content",
  data: {
    metadata: { 
      status: "published",
      version: 3
    },
  },
}); // false - denied by explicit deny rule

API Documentation & Use Cases

See API.md.

Attribute-Based Access Control (ABAC)

frtrss implements Attribute-Based Access Control (ABAC), a flexible and powerful authorization model that evaluates permissions based on attributes/properties of:

  • The subject (user/service requesting access)
  • The object (resource being accessed)
  • The action (operation being performed)
  • The environment (context of the request)

This approach allows for more dynamic and fine-grained access control compared to traditional role-based systems, enabling complex permission rules based on data properties and conditions.

frtrss vs casl.js

  • simpler and more intuitive API
  • more type safety and developer experience
  • doesn't rely on class reflection for object types
  • more explicit about field-level permissions
  • zod schema validation

Development

# Install dependencies
npm install

# Run tests
npm test

# Build the package
npm run build

# Run linter
npm run lint

# Type check
npm run typecheck

License

MIT