Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@chantouchsek/jwt-redis
Advanced tools
This library completely repeats the entire functionality of the library [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken), with one important addition. Jwt-redis allows you to store the token label in redis to verify validity. The absence of a to
This library completely repeats the entire functionality of the library jsonwebtoken, with one important addition. Jwt-redis allows you to store the token label in redis to verify validity. The absence of a token label in redis makes the token not valid. To destroy the token in jwt-redis, there is a destroy method. This makes it possible to make a token not valid until it expires. Jwt-redis support node_redis client.
Npm
npm install @chantouchsek/jwt-redis
Yarn
yarn add @chantouchsek/jwt-redis
This library is quite fresh, and maybe has bugs. Write me an email to chantouchsek.cs83@gmail.com and I will fix the bug in a few working days.
const redis = require('redis')
const JWTR = require('@chantouchsek/jwt-redis').default
//ES6 import JWTR from '@chantouchsek/jwt-redis';
const redisClient = redis.createClient()
const jwtr = new JWTR(redisClient)
const secret = 'secret'
const jti = 'test'
const payload = { jti }
// Create a token
jwtr.sign(payload, secret)
.then(()=>{
// Token verification
return jwtr.verify(token, secret);
})
.then(()=>{
// Destroying the token
return jwtr.destroy(jti, secret);
});
You can set the lifetime of the token the same way as in the jsonwebtoken library. The label in redis is deleted when the token expires.
// expiresIn - number of seconds through which the token will not be valid
await jwtr.sign({}, 'secret', {expiresIn: expiresIn})
// exp - time at which the token will not be valid
await jwtr.sign({exp: exp}, secret)
For each token, the claims are added jti. Jti is the identifier of the token. You can decide for yourself what it will be equal by adding its values to payload.
const payload = {jti: 'test'}
await jwtr.sign(payload, secret)
If jti is not present, then jti is generated randomly by the library.
You can destroy the token through jti.
await jwtr.destroy(jti)
All methods except the decode method (since it is synchronous) can return a native Promise.
try {
const token = await jwtr.sign({}, secret)
console.log(token);
} catch (e) {
console.log(e)
}
If you want to use Bluebird, then after the promiscilation all the methods of the library will be available that return Promise, Only at the end of each method should you add Async.
const Promise = require('bluebird')
const Redis = require('ioredis')
const redis = new Redis()
const JWTR = require('@chantouchsek/jwt-redis')
//ES6 import JWTR from 'jwt-redis';
const jwtr = new JWTR(redis)
const jwtrAsync = Promise.promisifyAll(jwtr)
jwtrAsync
.signAsync({}, secret)
.then(function (token) {
})
.catch(function (err) {
})
Method for creating a token.
Method for verifying a token
Method for breaking the token
Method for decoding token
jwt-redis fully supports all method options that support the library jsonwebtoken. Therefore, it is better to read their documentation in addition. But there are several options that are available only in jwt-redis.
Also in the options you can specify a prefix for the redis keys. By default it is jwt_label:.
const options = {
prefix: 'example'
}
const jwtr = new JWTR(redis, options)
This library have typing in module.
FAQs
This library completely repeats the entire functionality of the library [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken), with one important addition. Jwt-redis allows you to store the token label in redis to verify validity. The absence of a to
The npm package @chantouchsek/jwt-redis receives a total of 0 weekly downloads. As such, @chantouchsek/jwt-redis popularity was classified as not popular.
We found that @chantouchsek/jwt-redis demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.