Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@solid/jose

Package Overview
Dependencies
Maintainers
14
Versions
10
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@solid/jose

JSON Object Signing and Encryption

  • 0.6.3
  • Source
  • npm
  • Socket score

Version published
Maintainers
14
Created
Source

JSON Object Signing and Encryption (JOSE) (@solid/jose)

Lightweight isomorphic JSON Object Signing and Encryption (JOSE) library for browser and Node.js

Table of Contents

  • Security
  • Background
  • Install
  • Usage
  • License

Security

TBD

Background

  • Based on Webcrypto API
  • Isomorphic (Node.js and Browser)

Install

Requires Node.js 8+.

npm install @solid/jose

Usage

Building with Webpack

Important: If you're using this library as a dependency and you plan to use Webpack, don't forget to add the following lines to your webpack.config.js externals: section:

  externals: {
    '@sinonjs/text-encoding': 'TextEncoder',
    'isomorphic-webcrypto': 'crypto'
  }

In Node

const { JWT } = require('@solid/jose')

const decoded = JWT.decode(data) // throws an error if invalid

In Browser

If you npm install @solid/jose as a dependency, the Webpack'd minified bundle will be available in the dist/ directory as jose.min.js.

If you're actively developing/testing this lib, you can npm run dist, and the bundle will be rebuilt.

To use in the browser, simply import the bundle in a <script> tag, and the lib will be loaded into the window.JOSE global variable.

Example test.html file, to illustrate:

<html>
<head>
  <script src="dist/jose.min.js"></script>
  <script>
    // You can now start using the library
    let jwt = new JOSE.JWT({
      header: { alg: 'HS256' },
      payload: { iss: 'https://forge.anvil.io' }
    })
  </script>
</head>
<body>
Sample usage of JOSE lib in a browser.
</body>
</html>

Testing

Nodejs

$ npm test

License

The MIT License

Copyright (c) 2016 Anvil Research, Inc. Copyright (c) 2017-2019 The Solid Project

FAQs

Package last updated on 30 Nov 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc