TypeScript icon, indicating that this package has built-in type declarations

    5.15.1 • Public • Published


    NPM version NPM download install size codebeat badge GitHub Actions Coverage Status Release Gitter

    💖 Looking for an open-source identity and access management solution like Okta, Auth0, Keycloak ? Learn more about: Casdoor


    News: still worry about how to write the correct node-casbin policy? Casbin online editor is coming to help!

    casbin Logo

    node-casbin is a powerful and efficient open-source access control library for Node.JS projects. It provides support for enforcing authorization based on various access control models.

    All the languages supported by Casbin:

    golang java nodejs php
    Casbin jCasbin node-Casbin PHP-Casbin
    production-ready production-ready production-ready production-ready
    python dotnet c++ rust
    PyCasbin Casbin.NET Casbin-CPP Casbin-RS
    production-ready production-ready beta-test production-ready



    # NPM
    npm install casbin --save
    # Yarn
    yarn add casbin

    Get started

    New a node-casbin enforcer with a model file and a policy file, see Model section for details:

    // For Node.js:
    const { newEnforcer } = require('casbin');
    // For browser:
    // import { newEnforcer } from 'casbin';
    const enforcer = await newEnforcer('basic_model.conf', 'basic_policy.csv');

    Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.

    Add an enforcement hook into your code right before the access happens:

    const sub = 'alice'; // the user that wants to access a resource.
    const obj = 'data1'; // the resource that is going to be accessed.
    const act = 'read'; // the operation that the user performs on the resource.
    // Async:
    const res = await enforcer.enforce(sub, obj, act);
    // Sync:
    // const res = enforcer.enforceSync(sub, obj, act);
    if (res) {
      // permit alice to read data1
    } else {
      // deny the request, show an error

    Besides the static policy file, node-casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

    const roles = await enforcer.getRolesForUser('alice');

    See Policy management APIs for more usage.

    Policy management

    Casbin provides two sets of APIs to manage permissions:

    • Management API: the primitive API that provides full support for Casbin policy management.
    • RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

    Official Model

    Policy persistence

    Policy consistence between multiple nodes

    Role manager


    This project exists thanks to all the people who contribute.


    Thank you to all our backers! 🙏 [Become a backer]


    Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]


    This project is licensed under the Apache 2.0 license.


    If you have any issues or feature requests, please contact us. PR is welcomed.




    npm i casbin


    DownloadsWeekly Downloads






    Unpacked Size

    544 kB

    Total Files


    Last publish


    • nodece
    • hsluoyz
    • dreamdevil00
    • chalin
    • kingiw
    • zxilly