Feature Announcement
Password-Protected Snippets
Share code with selective access. Auto-generated passwords, enterprise security, seamless CLI integration.
Not all code should be public. Internal utilities, client deliverables, preview components — these need controlled distribution without the overhead of private repositories.
Password protection for pastecn snippets lets you share code with specific people while keeping it off public search results and away from unintended viewers.
How it works
Toggle password protection
When creating a snippet, enable the "Password Protection" toggle. A secure 16-character password is generated automatically.
Copy and share
The password is shown once during creation. Copy it and share it securely with your intended audience. You can regenerate a different password if needed.
Access with password
Recipients can immediately see the snippet URL and metadata. To view the code content, they enter the password in the inline lock container, or configure authentication in their project for CLI installation.
Web access
When someone visits a protected snippet URL, they immediately see the snippet metadata (URL, CLI command, file names) but the code content is locked. Each file shows a password input to unlock inline. Sessions last until the browser tab closes.
Protected Content
Enter password to view code
CLI integration
Protected snippets work seamlessly with shadcn CLI. Configure authentication once in your project and install components normally.
Step 1: Add password to environment
Step 2: Configure registry authentication
{
"$schema": "https://ui.shadcn.com/schema.json",
"registries": {
"@pastecn": {
"url": "https://pastecn.com/r/{name}.json",
"headers": {
"Authorization": "Bearer ${PASTE_PASSWORD}"
}
}
}
}Step 3: Install as usual
Standard authentication
This follows the official shadcn CLI registry authentication specification. The same pattern works for any custom registry that requires authentication.
Use cases
Internal team utilities. Share components within your organization without making them publicly discoverable.
Client deliverables. Provide custom components to clients with controlled access.
Preview releases. Share pre-release components with selected testers before public announcement.
Sensitive examples. Protect snippets containing configuration examples or internal patterns.
Educational content. Distribute course materials or premium examples to paid students.
Security details
Password protection is designed with security as a first-class concern.
Bcrypt password hashing
Passwords are hashed using bcrypt with cost factor 10. No plaintext passwords are stored or logged.
Rate limiting
Brute force attacks are prevented via Vercel Firewall rate limiting. 5 unlock attempts per snippet per IP address per 15 minutes.
Session management
Web sessions use httpOnly cookies that expire after 24 hours. Sessions are cleared when the browser tab closes.
Optional feature
Password protection is completely optional. Existing snippets remain public and work exactly as before. Enable protection only when you need controlled access.
Public snippets continue to be cached aggressively for performance. Protected snippets use private cache control headers to prevent unauthorized caching.