DEV Community

Tareq El-Ali
Tareq El-Ali

Posted on

Filling the PASETO gap in JavaScript: paseto-kit (v3/v4 + full PASERK)

The gap

PASETO is a "secure alternative to JWT" — no algorithm-confusion footguns, versioned
protocols, sensible defaults. On Node, the reference implementation was panva/paseto.
In March 2025 it was archived read-only. The maintained libraries that remain are v4-only
and don't implement PASERK — the companion standard for serializing, wrapping, and sealing
keys.

So there was no maintained JS library that covered both PASETO and full PASERK. That's
the gap paseto-kit fills.

What's in it

  • PASETO v4 — XChaCha20 + BLAKE2b (local), Ed25519 (public)
  • PASETO v3 — the NIST/FIPS-friendly profile: P-384 / AES-256-CTR / HMAC-SHA384
  • Full PASERK (all 11 types, per version): local/public/secret serialization, lid/pid/sid key IDs, local-wrap/secret-wrap, password wrapping with Argon2id (v4) and PBKDF2 (v3), and seal (X25519 / P-384 ECDH)
  • Registered-claims validation (exp, nbf, iss, aud, sub) with clock tolerance
  • Runtime-agnostic — one build for Node, Deno, Bun, browsers, edge. No node: imports, no Buffer; just Uint8Array + WebCrypto's CSPRNG, on the audited @noble/* primitives

Using it

import { generateKeyPair, sign, verify } from 'paseto-kit';

const { secretKey, publicKey } = generateKeyPair();
const token = sign(secretKey, { role: 'admin' });
const { payload } = verify(publicKey, token);

Need the NIST profile? Everything's mirrored under a v3 namespace, with distinct key types
so a v4 key can never be used on a v3 token:

import { v3 } from 'paseto-kit';
const key = v3.generateLocalKey();
v3.decrypt(key, v3.encrypt(key, { sub: 'u1' }), { validate: { exp: true } });

On correctness

Crypto libraries earn trust by being boring and verifiable. paseto-kit implements no novel
cryptography — it assembles audited primitives per spec, and it's tested against the official
PASETO and PASERK test vectors, including the expect-fail cases (e.g. non-canonical
base64url, which must be rejected to prevent token malleability).

Honest caveat: it's pre-1.0 and has not had an independent third-party security audit.
Review it before production use, and file issues — especially on the crypto.

npm: npm install paseto-kit · repo: https://github.com/Elalitareq/paseto-kit

Top comments (0)