“Permissions shouldn't feel like building a nuclear reactor.”
— Every developer buried in JSON access trees
🔥 What's the problem?
In every project with users, roles, and permissions, you eventually hit something like this:
{
"user": {
"profile": {
"read": true,
"edit": false
},
"settings": {
"change": true
}
},
"order": {
"delivery": {
"cancel": true
}
}
}
😵💫 Massive, nested JSON
🤯 Redundant data (false/null/undefined)
🧩 Pain to store in JWTs, sessions, or URLs
🧨 Breaks when schema changes
🚀 Enter scode-acl
scode-acl (Structured Compressed ACL) is a schema-driven, ultra-compact access control tool built with TypeScript. It compresses permission data into string-encoded indexes like "0 3 7", verifiable by schema hash.
🛡 Core ideas:
✅ Schema → dot paths → compressed string
✅ Only stores
truepermissions✅ Validates schema with
crc32orsha256✅ Works great in JWTs, cookies, URLs, mobile apps
✅ Full access check API
⚙️ Flat Mode Example
import { createFlatSCode } from "scode-acl";
const schema = {
user: {
profile: ["read", "update"],
settings: ["change"],
},
order: {
delivery: ["cancel"],
},
};
const access = {
user: {
profile: { read: true },
settings: { change: true },
},
order: {
delivery: { cancel: true },
},
};
const formatter = createFlatSCode(schema);
const { access: accessString, schemaHash } = formatter.encodeAccess(access);
console.log(accessString); // → "0 3 5"
🔍 Parse access string
formatter.parseAccess(accessString, schemaHash);
// → ['user.profile.read', 'user.settings.change', 'order.delivery.cancel']
✅ Check a permission
formatter.hasAccess("user.profile.read", accessString);
// → true
⚡ Performance Comparison
Format
Encode Time
Size (30+ permissions)
JSON
~8ms
~300 bytes
scode-acl
~1.2ms
~16–28 bytes
It’s basically JWT-safe and sessionStorage-ready.
🔌 Use Cases
✅ JWT tokens — fits easily in payload
✅ GraphQL/REST auth guards
✅ Admin panels — cleaner than boolean spaghetti
✅ Mobile/web apps — tiny access footprint
✅ Firebase custom claims / access tokens
🔮 Why is it useful?
Only
truepermissions are storedSchema hash ensures backward compatibility
Tiny strings — easier to debug than full JSON
Supports Flat and Nested encoding
100% TypeScript — type-safe, fast, and portable
🛠 Install
npm install scode-acl
🛣 Roadmap
Wildcard permissions (
user.profile.*)Role groups (
admin,viewer)GUI schema editor (Web playground)
Schema → TS type generator
🔗 Links
🤝 Maintainer: @diyor-dev on LinkedIn
🧠 Final thoughts
Most ACL systems are heavy, bloated, or overcomplicated.
scode-acl is a minimalistic alternative designed to be:
🧩 Small enough to fit in a token.
🔍 Clear enough to read as a dot path.
🧠 Smart enough to validate itself.
If you're building systems that deal with auth, access control, roles, or modular UIs — try scode-acl.
Use it, fork it, improve it.
And if you’ve been burned by ACL complexity before —
you’ll probably find this very refreshing.
Top comments (1)
very nice