Passport.js, rewritten. TypeScript, zero dependencies, actually maintained.
Drop-in replacement. Change one import line. Your strategies, middleware, and session config all work as before.
TypeScript-first. Full type definitions, not bolted-on @types. Written in TypeScript from the ground up.
Zero dependencies. The original Passport pulls in pause and passport-strategy. This fork needs nothing.
// Before
import passport from 'passport';
// After — that's it
import passport from '@lorb/passport';npm install @lorb/passportPassport.js is the most popular Node.js auth library — and it's effectively abandoned. Issues pile up, PRs go unreviewed, and the codebase is stuck in CommonJS-era JavaScript with undocumented bugs.
This fork:
- Rewrites everything in TypeScript
- Ships ESM + CJS dual builds
- Drops all runtime dependencies
- Fixes session restore bugs present in the original
- Works with Express 4 and 5
import passport from '@lorb/passport';
import express from 'express';
import session from 'express-session';
const app = express();
app.use(session({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser((user, done) => done(null, user.id));
passport.deserializeUser((id, done) => {
User.findById(id).then(user => done(null, user));
});All 500+ existing Passport strategies work unchanged.
import { Strategy as LocalStrategy } from 'passport-local';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
passport.use(new LocalStrategy((username, password, done) => {
// your auth logic
}));
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: '/auth/google/callback',
}, (accessToken, refreshToken, profile, done) => {
// your auth logic
}));
app.post('/login', passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login',
}));import passport, {
type Authenticator,
type AuthenticateOptions,
type AuthenticationError,
} from '@lorb/passport';Original passport |
@lorb/passport |
|
|---|---|---|
| Language | JavaScript | TypeScript |
| Module | CJS only | ESM + CJS |
| Dependencies | 2 | 0 |
| Session restore | Buggy | Fixed |
| Express 5 | Broken | Works |
| Maintained | No (last meaningful commit 2021) | Yes |
| Node.js | >= 0.4 (untested) | >= 18 |
Same as Passport.js — passport.use(), passport.authenticate(), passport.serializeUser(), passport.deserializeUser(), passport.initialize(), passport.session().
Additionally exports: Authenticator, SessionStrategy, SessionManager, AuthenticationError, and all TypeScript types.
𖦹 MIT — Lorb.studio