@fastify/jwt
Advanced tools
Comparing version 8.0.0 to 8.0.1
{ | ||
"name": "@fastify/jwt", | ||
"version": "8.0.0", | ||
"version": "8.0.1", | ||
"description": "JWT utils for Fastify", | ||
@@ -37,3 +37,3 @@ "main": "jwt.js", | ||
"@lukeed/ms": "^2.0.0", | ||
"fast-jwt": "^3.3.2", | ||
"fast-jwt": "^4.0.0", | ||
"fastify-plugin": "^4.0.0", | ||
@@ -49,3 +49,3 @@ "steed": "^1.1.3" | ||
"tap": "^16.0.0", | ||
"tsd": "^0.30.0" | ||
"tsd": "^0.31.0" | ||
}, | ||
@@ -52,0 +52,0 @@ "publishConfig": { |
@@ -265,3 +265,3 @@ # @fastify/jwt | ||
In some situations you may want to store a token in a cookie. This allows you to drastically reduce the attack surface of XSS on your web app with the [`httpOnly`](https://wiki.owasp.org/index.php/HttpOnly) and `secure` flags. Cookies can be susceptible to CSRF. You can mitigate this by either setting the [`sameSite`](https://www.owasp.org/index.php/SameSite) flag to `strict`, or by using a CSRF library such as [`@fastify/csrf`](https://www.npmjs.com/package/@fastify/csrf). | ||
In some situations you may want to store a token in a cookie. This allows you to drastically reduce the attack surface of XSS on your web app with the [`httpOnly`](https://owasp.org/www-community/HttpOnly) and `secure` flags. Cookies can be susceptible to CSRF. You can mitigate this by either setting the [`sameSite`](https://owasp.org/www-community/SameSite) flag to `strict`, or by using a CSRF library such as [`@fastify/csrf`](https://www.npmjs.com/package/@fastify/csrf). | ||
@@ -268,0 +268,0 @@ **Note:** This plugin will look for a decorated request with the `cookies` property. [`@fastify/cookie`](https://www.npmjs.com/package/@fastify/cookie) supports this feature, and therefore you should use it when using the cookie feature. The plugin will fallback to looking for the token in the authorization header if either of the following happens (even if the cookie option is enabled): |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
166995
1
+ Addedfast-jwt@4.0.5(transitive)
- Removedfast-jwt@3.3.3(transitive)
Updatedfast-jwt@^4.0.0