Monthly Downloads: 0
Programming language: TypeScript
License: Apache License 2.0
Tags: Authorization    
Latest version: v5.19.2

node-casbin alternatives and similar modules

Based on the "Authorization" category.
Alternatively, view node-casbin alternatives based on common mentions on social networks and blogs.

  • CASL

    CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
  • oso

    Oso is a batteries-included framework for building authorization in your application.

Do you think we are missing an alternative of node-casbin or a related project?

Add another 'Authorization' Module



NPM version NPM download install size codebeat badge GitHub Actions Coverage Status Release Gitter

๐Ÿ’– Looking for an open-source identity and access management solution like Okta, Auth0, Keycloak ? Learn more about: Casdoor

News: still worry about how to write the correct node-casbin policy? Casbin online editor is coming to help!

[casbin Logo](casbin-logo.png)

node-casbin is a powerful and efficient open-source access control library for Node.JS projects. It provides support for enforcing authorization based on various access control models.

All the languages supported by Casbin:

golang java nodejs php
Casbin jCasbin node-Casbin PHP-Casbin
production-ready production-ready production-ready production-ready
python dotnet c++ rust
PyCasbin Casbin.NET Casbin-CPP Casbin-RS
production-ready production-ready beta-test production-ready




```shell script


npm install casbin --save


yarn add casbin

## Get started

New a `node-casbin` enforcer with a model file and a policy file, see [Model](#official-model) section for details:

// For Node.js:
const { newEnforcer } = require('casbin');
// For browser:
// import { newEnforcer } from 'casbin';

const enforcer = await newEnforcer('basic_model.conf', 'basic_policy.csv');

Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.

Add an enforcement hook into your code right before the access happens:

const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.

// Async:
const res = await enforcer.enforce(sub, obj, act);
// Sync:
// const res = enforcer.enforceSync(sub, obj, act);

if (res) {
  // permit alice to read data1
} else {
  // deny the request, show an error

Besides the static policy file, node-casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

const roles = await enforcer.getRolesForUser('alice');

See Policy management APIs for more usage.

Policy management

Casbin provides two sets of APIs to manage permissions:

  • Management API: the primitive API that provides full support for Casbin policy management.
  • RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

Official Model


Policy persistence


Policy consistence between multiple nodes


Role manager



This project exists thanks to all the people who contribute.


Thank you to all our backers! ๐Ÿ™ [Become a backer]


Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]


This project is licensed under the [Apache 2.0 license](LICENSE).


If you have any issues or feature requests, please contact us. PR is welcomed.

*Note that all licence references and agreements mentioned in the node-casbin README section above are relevant to that project's source code only.