How to use the Biscuit-wasm NPM package

The NodeJS version of Biscuit can be found on Github, and on NPM. It wraps the Biscuit Rust library in WebAsembly, and it provides both CommonJS and EcmaScript module interfaces.

The methods that can fail (like Authorizer.authorize()) will throw an exception, containing a copy of the Rutst library error deserialized from JSON.


In package.json:

    "dependencies": {
        "biscuit-wasm": "0.1.1"

Create a root key

const {KeyPair} = require('@biscuit-auth/biscuit-wasm');

let root = new KeyPair();

Create a token

const {Biscuit, KeyPair} = require('@biscuit-auth/biscuit-wasm');

let builder = Biscuit.builder();
builder.add_authority_check_("check if operation(\"read\");");
let token =;

Create an authorizer

let authorizer = token.authorizer();

authorizer.add_code("allow if user(1234); deny if true;");
var accepted_policy = authorizer.authorize();

Attenuate a token

let block = token.create_block();

// restrict to read only
block.add_check("check if operation(\"read\")");
let attenuated_token = token.append(block);

Seal a token

let sealed_token = token.seal();

Reject revoked tokens


Query data from the authorizer