NOTE: this is one fork version of fib-jws, fib-jws cannot run on fibjs >= 0.26.0, but xilion was addicted to fibos recently so we re-publish another package to make it available.
An implementation of JSON Web Signatures.
$ npm install @fxjs/jws
Array of supported algorithms. The following algorithms are currently supported.
| alg Parameter Value | Digital Signature or MAC Algorithm |
|---|---|
| HS256 | HMAC using SHA-256 hash algorithm |
| HS384 | HMAC using SHA-384 hash algorithm |
| HS512 | HMAC using SHA-512 hash algorithm |
| RS256 | RSASSA using SHA-256 hash algorithm |
| RS384 | RSASSA using SHA-384 hash algorithm |
| RS512 | RSASSA using SHA-512 hash algorithm |
| ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm |
| ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm |
| ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm |
| none | No digital signature or MAC value included |
Return a JSON Web Signature for a header and a payload.
Arguments:
headerpayloadkeyheader must be an object with an alg property. header.alg must be
one a value found in jws.ALGORITHMS. See above for a table of
supported algorithms.
If payload will be coerced into a string using JSON.stringify.
key is a hex encoded string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
Example
const signature = jws.sign(
// header
{ alg: 'HS256' },
// payload
{ id: 12345, name: "Frank" },
// secret
'98DE76B1',
);
Returnstrue or false for whether a signature matches a secret or key.
signature is a JWS Signature. header.alg must be a value found in jws.ALGORITHMS.
See above for a table of supported algorithms. key is a hex encoded string or
buffer containing either the secret for HMAC algorithms, or the PEM
encoded public key for RSA and ECDSA.
acceptAlgs is a list of what algorithms are accepted.
Returns the decoded header, decoded payload, and signature parts of the JWS Signature.
Returns an object with three properties, e.g.
{
header: { alg: 'HS256' },
payload: { id: 12345, name: "Frank" }
}
FAQs
JSON Web Signatures for fibjs
We found that @fxjs/jws demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.