Other runtimes than Node (Browser, Bun, Deno, Serverless Workers)

[MickL]

This library looks amazing! However, it states Node.js specifically but I am wondering if it works in other runtimes too:

• Browser (bundle size?)
• Bun
• Deno
• Serverless Workers (e.g. Cloudflare Workers, Lambda Edge)

Especially for the browser the same roles and checks need to be used to display/hide UI elements. For comparison, CASL offers Vue, React and Angular libraries.

[phellipeandrade]

Thank you for the question! Below is a breakdown of how rbac works across different runtimes and how it compares to libraries like CASL.

Multi-Runtime Support

Although the rbac project’s README highlights Node.js, the core is pure TypeScript/JavaScript with no dependencies on Node-only APIs (fs, process, etc.), so it works in any environment that supports ESM modules.

Browser

Yes — the library runs fully in the browser and is suitable for UI-level authorization (show/hide UI elements, conditional rendering, feature gating, etc.).

Live React example:
https://codesandbox.io/p/sandbox/rbac-rbac-react-example-cltmmh

Bundle size (ESM output):

• ~73.3 kB unminified
• ~16.5 kB minified
• ~16.5 kB minified + gzip

This footprint makes it appropriate for client-side deployment without a large impact on bundle budgets.

Bun

Bun supports ESM and is broadly compatible with Node/JS standards. Since rbac does not rely on Node-only APIs, it runs without modifications under Bun.

Deno

Deno supports ESM modules natively. You can import rbac directly (with paths adjusted if needed), and the library works because it doesn’t depend on Node built-ins.

Serverless / Edge Runtimes

Environments like Cloudflare Workers, Lambda@Edge, and Vercel Edge Functions support JavaScript ESM and do not require Node built-ins. rbac runs in these contexts as well because it only uses standard JavaScript features.

UI Framework Integration

Unlike CASL, which provides framework-specific packages for Vue, React, and Angular, rbac focuses on core authorization logic only. It does not ship official bindings for UI frameworks, but it can be integrated cleanly by writing small helpers (hooks, directives, context providers, etc.) using the same role definitions. This enables consistent behavior across frontend and backend without duplicating rule definitions.

Short Summary

Environment	Supported	Notes
Browser	Yes	ESM; lightweight bundle
Bun	Yes	ESM support
Deno	Yes	Pure ESM
Cloudflare/Edge Functions	Yes	ESM; no Node built-ins required
UI Framework Bindings	Integrable	No official packages, but easy to integrate

Comparison with CASL

CASL offers ready-made integrations for major UI frameworks. rbac does not include those, but it maintains a small core and lets you reuse authorization rules across clients and servers with custom integration patterns.