Developer builds lightweight Node.js library for hierarchical role-based access control
A developer has released nested-rbac, an open-source Node.js library designed to handle hierarchical role-based access control (RBAC) without requiring a separate authorization service. The library addresses a common gap in SaaS applications where flat RBAC tools fail to cascade permissions across nested resource structures such as organization, team, project, and task. Unlike heavyweight Zanzibar-style engines such as OpenFGA or SpiceDB, nested-rbac operates entirely in-process and requires no external infrastructure. It supports wildcard permissions, explicit deny rules, ad-hoc grants, and an Express middleware integration, backed by full TypeScript types and 121 automated tests. The package is available on npm and GitHub, where the author is welcoming feedback and contributions.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in