Permzplus: A 2KB Zero-Dependency Auth Engine for High-Performance ABAC

I’m 12 and I built a 2KB 0 dependency alternative to CASL!

Developer CreeperGuy released permzplus, a lightweight authentication engine designed to replace CASL. The library maintains a 100/100 Socket quality score while weighing only 2KB.

Why This Matters

Traditional authorization libraries like CASL can introduce significant bundle bloat, often exceeding 100KB, and rely on complex recursive graph-walking for role inheritance. Permzplus addresses this by implementing a one-pass linear scan that converts complex inheritance into O(1) cached lookups, prioritizing performance and supply chain security through zero dependencies.

Key Insights

• Permzplus achieves a 100/100 Socket quality score for supply chain security in 2026.
• The engine utilizes a one-pass linear scan logic instead of traditional recursive graph-walking.
• Complex role-inheritance is transformed into O(1) cached lookups for high-performance authorization.
• The library eliminates 100KB of bloat common in alternative ABAC libraries.
• Permzplus is built with TypeScript and maintains zero external dependencies.

Practical Applications

• Use case: High-performance ABAC implementation requiring O(1) lookup speeds and minimal bundle impact.
• Pitfall: Relying on recursive graph-walking for role resolution which scales poorly compared to linear scans.

References:

• https://dev.to/creeperkid2014/im-12-and-i-built-a-2kb-0-dependency-alternative-to-casl-g4a
• https://github.com/PermzPlus/Permzplus