@tsndr/cloudflare-worker-jwt - npm Package Compare versions

Comparing version 2.4.6 to 2.4.7

index.d.ts

@@ -24,2 +24,8 @@ /// <reference types="@cloudflare/workers-types" />
     typ?: string;
+    /**
+     * Algorithm (default: `"HS256"`)
+     *
+     * @default "HS256"
+     */
+    alg?: JwtAlgorithm;
 } & T;
@@ -26,0 +32,0 @@ /**

index.js

@@ -123,3 +123,8 @@ // src/utils.ts
     throw new Error("algorithm not found");
-  const { payload } = decode(token);
+  const { header, payload } = decode(token);
+  if (header?.alg !== options.algorithm) {
+    if (options.throwError)
+      throw new Error("ALG_MISMATCH");
+    return false;
+  }
   try {
@@ -126,0 +131,0 @@ if (!payload)

package.json

 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.4.6",
+  "version": "2.4.7",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
@@ -5,0 +5,0 @@ "type": "module",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16667

increased by1.58%

Number of package files

6

increased by20%

Lines of code

288

increased by4.35%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes