jose - npm Package Compare versions

Comparing version 2.0.3 to 3.0.0

CHANGELOG.md

@@ -5,2 +5,17 @@ # Changelog
 
+## [3.0.0](https://github.com/panva/jose/compare/v2.0.3...v3.0.0) (2020-11-14)
+
+
+### ⚠ BREAKING CHANGES
+
+* Revised, Promise-based API
+* No dependencies
+* Browser support (using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/))
+* Support for verification using a remote JWKS endpoint
+* Experimental Node.js libuv thread pool based runtime (non-blocking 🎉)
+
+### Features
+
+* Revised API, No dependencies, Browser Support, Promises ([357fe0b](https://github.com/panva/jose/commit/357fe0b964903e8c84ab49f0f27ddf0447d44c84))
+
 ## [2.0.3](https://github.com/panva/jose/compare/v2.0.2...v2.0.3) (2020-10-29)
@@ -7,0 +22,0 @@

package.json

 {
   "name": "jose",
-  "version": "2.0.3",
-  "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
+  "version": "3.0.0",
+  "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS with no dependencies",
   "keywords": [
-    "access token",
-    "access_token",
     "compact",
@@ -19,5 +17,3 @@ "decode",
     "flattened",
-    "general",
-    "id token",
-    "id_token",
+    "isomorphic",
     "jose",
@@ -32,4 +28,2 @@ "json web token",
     "jwt",
-    "logout token",
-    "logout_token",
     "oct",
@@ -42,32 +36,425 @@ "okp",
     "signature",
+    "universal",
     "validate",
-    "verify"
+    "verify",
+    "webcrypto"
   ],
   "homepage": "https://github.com/panva/jose",
   "repository": "panva/jose",
-  "funding": "https://github.com/sponsors/panva",
+  "funding": {
+    "url": "https://github.com/sponsors/panva"
+  },
   "license": "MIT",
   "author": "Filip Skokan <panva.ip@gmail.com>",
+  "imports": {
+    "#dist/jwe/compact/decrypt": {
+      "import": "./dist/node/esm/jwe/compact/decrypt.js",
+      "require": "./dist/node/cjs/jwe/compact/decrypt.js"
+    },
+    "#dist/webcrypto/jwe/compact/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/compact/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/compact/decrypt.js"
+    },
+    "#dist/jwe/compact/encrypt": {
+      "import": "./dist/node/esm/jwe/compact/encrypt.js",
+      "require": "./dist/node/cjs/jwe/compact/encrypt.js"
+    },
+    "#dist/webcrypto/jwe/compact/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/compact/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/compact/encrypt.js"
+    },
+    "#dist/jwe/flattened/decrypt": {
+      "import": "./dist/node/esm/jwe/flattened/decrypt.js",
+      "require": "./dist/node/cjs/jwe/flattened/decrypt.js"
+    },
+    "#dist/webcrypto/jwe/flattened/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/flattened/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/flattened/decrypt.js"
+    },
+    "#dist/jwe/flattened/encrypt": {
+      "import": "./dist/node/esm/jwe/flattened/encrypt.js",
+      "require": "./dist/node/cjs/jwe/flattened/encrypt.js"
+    },
+    "#dist/webcrypto/jwe/flattened/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/flattened/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/flattened/encrypt.js"
+    },
+    "#dist/jwk/embedded": {
+      "import": "./dist/node/esm/jwk/embedded.js",
+      "require": "./dist/node/cjs/jwk/embedded.js"
+    },
+    "#dist/webcrypto/jwk/embedded": {
+      "import": "./dist/node/webcrypto/esm/jwk/embedded.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/embedded.js"
+    },
+    "#dist/jwk/parse": {
+      "import": "./dist/node/esm/jwk/parse.js",
+      "require": "./dist/node/cjs/jwk/parse.js"
+    },
+    "#dist/webcrypto/jwk/parse": {
+      "import": "./dist/node/webcrypto/esm/jwk/parse.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/parse.js"
+    },
+    "#dist/jwk/thumbprint": {
+      "import": "./dist/node/esm/jwk/thumbprint.js",
+      "require": "./dist/node/cjs/jwk/thumbprint.js"
+    },
+    "#dist/webcrypto/jwk/thumbprint": {
+      "import": "./dist/node/webcrypto/esm/jwk/thumbprint.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/thumbprint.js"
+    },
+    "#dist/jwks/remote": {
+      "import": "./dist/node/esm/jwks/remote.js",
+      "require": "./dist/node/cjs/jwks/remote.js"
+    },
+    "#dist/webcrypto/jwks/remote": {
+      "import": "./dist/node/webcrypto/esm/jwks/remote.js",
+      "require": "./dist/node/webcrypto/cjs/jwks/remote.js"
+    },
+    "#dist/jws/compact/sign": {
+      "import": "./dist/node/esm/jws/compact/sign.js",
+      "require": "./dist/node/cjs/jws/compact/sign.js"
+    },
+    "#dist/webcrypto/jws/compact/sign": {
+      "import": "./dist/node/webcrypto/esm/jws/compact/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jws/compact/sign.js"
+    },
+    "#dist/jws/compact/verify": {
+      "import": "./dist/node/esm/jws/compact/verify.js",
+      "require": "./dist/node/cjs/jws/compact/verify.js"
+    },
+    "#dist/webcrypto/jws/compact/verify": {
+      "import": "./dist/node/webcrypto/esm/jws/compact/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jws/compact/verify.js"
+    },
+    "#dist/jws/flattened/sign": {
+      "import": "./dist/node/esm/jws/flattened/sign.js",
+      "require": "./dist/node/cjs/jws/flattened/sign.js"
+    },
+    "#dist/webcrypto/jws/flattened/sign": {
+      "import": "./dist/node/webcrypto/esm/jws/flattened/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jws/flattened/sign.js"
+    },
+    "#dist/jws/flattened/verify": {
+      "import": "./dist/node/esm/jws/flattened/verify.js",
+      "require": "./dist/node/cjs/jws/flattened/verify.js"
+    },
+    "#dist/webcrypto/jws/flattened/verify": {
+      "import": "./dist/node/webcrypto/esm/jws/flattened/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jws/flattened/verify.js"
+    },
+    "#dist/jwt/decrypt": {
+      "import": "./dist/node/esm/jwt/decrypt.js",
+      "require": "./dist/node/cjs/jwt/decrypt.js"
+    },
+    "#dist/webcrypto/jwt/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwt/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/decrypt.js"
+    },
+    "#dist/jwt/encrypt": {
+      "import": "./dist/node/esm/jwt/encrypt.js",
+      "require": "./dist/node/cjs/jwt/encrypt.js"
+    },
+    "#dist/webcrypto/jwt/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwt/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/encrypt.js"
+    },
+    "#dist/jwt/sign": {
+      "import": "./dist/node/esm/jwt/sign.js",
+      "require": "./dist/node/cjs/jwt/sign.js"
+    },
+    "#dist/webcrypto/jwt/sign": {
+      "import": "./dist/node/webcrypto/esm/jwt/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/sign.js"
+    },
+    "#dist/jwt/unsecured": {
+      "import": "./dist/node/esm/jwt/unsecured.js",
+      "require": "./dist/node/cjs/jwt/unsecured.js"
+    },
+    "#dist/webcrypto/jwt/unsecured": {
+      "import": "./dist/node/webcrypto/esm/jwt/unsecured.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/unsecured.js"
+    },
+    "#dist/jwt/verify": {
+      "import": "./dist/node/esm/jwt/verify.js",
+      "require": "./dist/node/cjs/jwt/verify.js"
+    },
+    "#dist/webcrypto/jwt/verify": {
+      "import": "./dist/node/webcrypto/esm/jwt/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/verify.js"
+    },
+    "#dist/util/base64url": {
+      "import": "./dist/node/esm/util/base64url.js",
+      "require": "./dist/node/cjs/util/base64url.js"
+    },
+    "#dist/webcrypto/util/base64url": {
+      "import": "./dist/node/webcrypto/esm/util/base64url.js",
+      "require": "./dist/node/webcrypto/cjs/util/base64url.js"
+    },
+    "#dist/util/errors": {
+      "import": "./dist/node/esm/util/errors.js",
+      "require": "./dist/node/cjs/util/errors.js"
+    },
+    "#dist/webcrypto/util/errors": {
+      "import": "./dist/node/webcrypto/esm/util/errors.js",
+      "require": "./dist/node/webcrypto/cjs/util/errors.js"
+    },
+    "#dist/util/generate_key_pair": {
+      "import": "./dist/node/esm/util/generate_key_pair.js",
+      "require": "./dist/node/cjs/util/generate_key_pair.js"
+    },
+    "#dist/webcrypto/util/generate_key_pair": {
+      "import": "./dist/node/webcrypto/esm/util/generate_key_pair.js",
+      "require": "./dist/node/webcrypto/cjs/util/generate_key_pair.js"
+    },
+    "#dist/util/generate_secret": {
+      "import": "./dist/node/esm/util/generate_secret.js",
+      "require": "./dist/node/cjs/util/generate_secret.js"
+    },
+    "#dist/webcrypto/util/generate_secret": {
+      "import": "./dist/node/webcrypto/esm/util/generate_secret.js",
+      "require": "./dist/node/webcrypto/cjs/util/generate_secret.js"
+    },
+    "#dist/util/random": {
+      "import": "./dist/node/esm/util/random.js",
+      "require": "./dist/node/cjs/util/random.js"
+    },
+    "#dist/webcrypto/util/random": {
+      "import": "./dist/node/webcrypto/esm/util/random.js",
+      "require": "./dist/node/webcrypto/cjs/util/random.js"
+    }
+  },
   "exports": {
-    ".": {
-      "import": "./lib/index.mjs",
-      "require": "./lib/index.js"
+    "./jwe/compact/decrypt": {
+      "browser": "./dist/browser/jwe/compact/decrypt.js",
+      "import": "./dist/node/esm/jwe/compact/decrypt.js",
+      "require": "./dist/node/cjs/jwe/compact/decrypt.js"
     },
-    "./": "./"
+    "./webcrypto/jwe/compact/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/compact/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/compact/decrypt.js"
+    },
+    "./jwe/compact/encrypt": {
+      "browser": "./dist/browser/jwe/compact/encrypt.js",
+      "import": "./dist/node/esm/jwe/compact/encrypt.js",
+      "require": "./dist/node/cjs/jwe/compact/encrypt.js"
+    },
+    "./webcrypto/jwe/compact/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/compact/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/compact/encrypt.js"
+    },
+    "./jwe/flattened/decrypt": {
+      "browser": "./dist/browser/jwe/flattened/decrypt.js",
+      "import": "./dist/node/esm/jwe/flattened/decrypt.js",
+      "require": "./dist/node/cjs/jwe/flattened/decrypt.js"
+    },
+    "./webcrypto/jwe/flattened/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/flattened/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/flattened/decrypt.js"
+    },
+    "./jwe/flattened/encrypt": {
+      "browser": "./dist/browser/jwe/flattened/encrypt.js",
+      "import": "./dist/node/esm/jwe/flattened/encrypt.js",
+      "require": "./dist/node/cjs/jwe/flattened/encrypt.js"
+    },
+    "./webcrypto/jwe/flattened/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwe/flattened/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwe/flattened/encrypt.js"
+    },
+    "./jwk/embedded": {
+      "browser": "./dist/browser/jwk/embedded.js",
+      "import": "./dist/node/esm/jwk/embedded.js",
+      "require": "./dist/node/cjs/jwk/embedded.js"
+    },
+    "./webcrypto/jwk/embedded": {
+      "import": "./dist/node/webcrypto/esm/jwk/embedded.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/embedded.js"
+    },
+    "./jwk/parse": {
+      "browser": "./dist/browser/jwk/parse.js",
+      "import": "./dist/node/esm/jwk/parse.js",
+      "require": "./dist/node/cjs/jwk/parse.js"
+    },
+    "./webcrypto/jwk/parse": {
+      "import": "./dist/node/webcrypto/esm/jwk/parse.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/parse.js"
+    },
+    "./jwk/thumbprint": {
+      "browser": "./dist/browser/jwk/thumbprint.js",
+      "import": "./dist/node/esm/jwk/thumbprint.js",
+      "require": "./dist/node/cjs/jwk/thumbprint.js"
+    },
+    "./webcrypto/jwk/thumbprint": {
+      "import": "./dist/node/webcrypto/esm/jwk/thumbprint.js",
+      "require": "./dist/node/webcrypto/cjs/jwk/thumbprint.js"
+    },
+    "./jwks/remote": {
+      "browser": "./dist/browser/jwks/remote.js",
+      "import": "./dist/node/esm/jwks/remote.js",
+      "require": "./dist/node/cjs/jwks/remote.js"
+    },
+    "./webcrypto/jwks/remote": {
+      "import": "./dist/node/webcrypto/esm/jwks/remote.js",
+      "require": "./dist/node/webcrypto/cjs/jwks/remote.js"
+    },
+    "./jws/compact/sign": {
+      "browser": "./dist/browser/jws/compact/sign.js",
+      "import": "./dist/node/esm/jws/compact/sign.js",
+      "require": "./dist/node/cjs/jws/compact/sign.js"
+    },
+    "./webcrypto/jws/compact/sign": {
+      "import": "./dist/node/webcrypto/esm/jws/compact/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jws/compact/sign.js"
+    },
+    "./jws/compact/verify": {
+      "browser": "./dist/browser/jws/compact/verify.js",
+      "import": "./dist/node/esm/jws/compact/verify.js",
+      "require": "./dist/node/cjs/jws/compact/verify.js"
+    },
+    "./webcrypto/jws/compact/verify": {
+      "import": "./dist/node/webcrypto/esm/jws/compact/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jws/compact/verify.js"
+    },
+    "./jws/flattened/sign": {
+      "browser": "./dist/browser/jws/flattened/sign.js",
+      "import": "./dist/node/esm/jws/flattened/sign.js",
+      "require": "./dist/node/cjs/jws/flattened/sign.js"
+    },
+    "./webcrypto/jws/flattened/sign": {
+      "import": "./dist/node/webcrypto/esm/jws/flattened/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jws/flattened/sign.js"
+    },
+    "./jws/flattened/verify": {
+      "browser": "./dist/browser/jws/flattened/verify.js",
+      "import": "./dist/node/esm/jws/flattened/verify.js",
+      "require": "./dist/node/cjs/jws/flattened/verify.js"
+    },
+    "./webcrypto/jws/flattened/verify": {
+      "import": "./dist/node/webcrypto/esm/jws/flattened/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jws/flattened/verify.js"
+    },
+    "./jwt/decrypt": {
+      "browser": "./dist/browser/jwt/decrypt.js",
+      "import": "./dist/node/esm/jwt/decrypt.js",
+      "require": "./dist/node/cjs/jwt/decrypt.js"
+    },
+    "./webcrypto/jwt/decrypt": {
+      "import": "./dist/node/webcrypto/esm/jwt/decrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/decrypt.js"
+    },
+    "./jwt/encrypt": {
+      "browser": "./dist/browser/jwt/encrypt.js",
+      "import": "./dist/node/esm/jwt/encrypt.js",
+      "require": "./dist/node/cjs/jwt/encrypt.js"
+    },
+    "./webcrypto/jwt/encrypt": {
+      "import": "./dist/node/webcrypto/esm/jwt/encrypt.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/encrypt.js"
+    },
+    "./jwt/sign": {
+      "browser": "./dist/browser/jwt/sign.js",
+      "import": "./dist/node/esm/jwt/sign.js",
+      "require": "./dist/node/cjs/jwt/sign.js"
+    },
+    "./webcrypto/jwt/sign": {
+      "import": "./dist/node/webcrypto/esm/jwt/sign.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/sign.js"
+    },
+    "./jwt/unsecured": {
+      "browser": "./dist/browser/jwt/unsecured.js",
+      "import": "./dist/node/esm/jwt/unsecured.js",
+      "require": "./dist/node/cjs/jwt/unsecured.js"
+    },
+    "./webcrypto/jwt/unsecured": {
+      "import": "./dist/node/webcrypto/esm/jwt/unsecured.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/unsecured.js"
+    },
+    "./jwt/verify": {
+      "browser": "./dist/browser/jwt/verify.js",
+      "import": "./dist/node/esm/jwt/verify.js",
+      "require": "./dist/node/cjs/jwt/verify.js"
+    },
+    "./webcrypto/jwt/verify": {
+      "import": "./dist/node/webcrypto/esm/jwt/verify.js",
+      "require": "./dist/node/webcrypto/cjs/jwt/verify.js"
+    },
+    "./util/base64url": {
+      "browser": "./dist/browser/util/base64url.js",
+      "import": "./dist/node/esm/util/base64url.js",
+      "require": "./dist/node/cjs/util/base64url.js"
+    },
+    "./webcrypto/util/base64url": {
+      "import": "./dist/node/webcrypto/esm/util/base64url.js",
+      "require": "./dist/node/webcrypto/cjs/util/base64url.js"
+    },
+    "./util/errors": {
+      "browser": "./dist/browser/util/errors.js",
+      "import": "./dist/node/esm/util/errors.js",
+      "require": "./dist/node/cjs/util/errors.js"
+    },
+    "./webcrypto/util/errors": {
+      "import": "./dist/node/webcrypto/esm/util/errors.js",
+      "require": "./dist/node/webcrypto/cjs/util/errors.js"
+    },
+    "./util/generate_key_pair": {
+      "browser": "./dist/browser/util/generate_key_pair.js",
+      "import": "./dist/node/esm/util/generate_key_pair.js",
+      "require": "./dist/node/cjs/util/generate_key_pair.js"
+    },
+    "./webcrypto/util/generate_key_pair": {
+      "import": "./dist/node/webcrypto/esm/util/generate_key_pair.js",
+      "require": "./dist/node/webcrypto/cjs/util/generate_key_pair.js"
+    },
+    "./util/generate_secret": {
+      "browser": "./dist/browser/util/generate_secret.js",
+      "import": "./dist/node/esm/util/generate_secret.js",
+      "require": "./dist/node/cjs/util/generate_secret.js"
+    },
+    "./webcrypto/util/generate_secret": {
+      "import": "./dist/node/webcrypto/esm/util/generate_secret.js",
+      "require": "./dist/node/webcrypto/cjs/util/generate_secret.js"
+    },
+    "./util/random": {
+      "browser": "./dist/browser/util/random.js",
+      "import": "./dist/node/esm/util/random.js",
+      "require": "./dist/node/cjs/util/random.js"
+    },
+    "./webcrypto/util/random": {
+      "import": "./dist/node/webcrypto/esm/util/random.js",
+      "require": "./dist/node/webcrypto/cjs/util/random.js"
+    }
   },
-  "main": "lib/index.js",
-  "types": "types/index.d.ts",
   "files": [
-    "lib/**/*.js",
-    "lib/**/*.mjs",
-    "LICENSE_THIRD_PARTY",
-    "types/index.d.ts"
+    "dist/**/*.js",
+    "src/**/*.d.ts",
+    "src/**/*.ts",
+    "!src/runtime/*.ts",
+    "src/runtime/interfaces.d.ts"
   ],
   "scripts": {
-    "coverage": "c8 ava",
-    "lint": "standard",
-    "lint-fix": "standard --fix",
-    "lint-ts": "npx typescript@~3.6.0 --build types",
-    "test": "ava",
-    "watch": "ava --watch"
+    "build": "tsc",
+    "build-all": "run-s clear build:*",
+    "build:browser": "run-s runtime-browser lint 'build -- -p ./tsconfig/browser.json' && echo '{\"type\": \"module\"}'> dist/browser/package.json",
+    "build:node-cjs": "run-s runtime-node lint 'build -- -p ./tsconfig/node-cjs.json'",
+    "build:node-esm": "run-s runtime-node lint 'build -- -p ./tsconfig/node-esm.json' && echo '{\"type\": \"module\"}'> dist/node/esm/package.json",
+    "build:node-webcrypto-cjs": "run-s runtime-node-webcrypto && run-s 'build -- -p ./tsconfig/node-webcrypto-cjs.json'",
+    "build:node-webcrypto-esm": "run-s runtime-node-webcrypto && run-s 'build -- -p ./tsconfig/node-webcrypto-esm.json' && echo '{\"type\": \"module\"}'> dist/node/webcrypto/esm/package.json",
+    "clear": "rm -rf dist",
+    "coverage": "npm run-script runtime-node && c8 npm run-script test",
+    "coverage-webcrypto": "npm run-script runtime-node-webcrypto && c8 npm run-script test-webcrypto",
+    "docs": "run-s docs:*",
+    "docs:generate": "npx typedoc --disableOutputCheck --excludeNotExported --excludePrivate --excludeProtected --gitRevision main --readme none --listInvalidSymbolLinks --plugin typedoc-plugin-markdown --out docs --includeDeclarations --excludeExternals --tsconfig ./tsconfig/browser.json --mode modules src/types.d.ts src/jwt/*.ts src/jwe/**/*.ts src/jws/**/*.ts src/jwk/*.ts src/jwks/*.ts src/util/*.ts --hideProjectName --hideGenerator --allReflectionsHaveOwnDocument --hideBreadcrumbs",
+    "lint": "eslint --config ./src/.eslintrc.json ./src",
+    "runtime-browser": "run-s runtime:clear runtime:browser:* runtime:refs",
+    "runtime-node": "run-s runtime:clear runtime:node:* runtime:refs",
+    "runtime-node-webcrypto": "run-s runtime:clear runtime:browser:* && cp ./src/runtime/node/webcrypto.ts ./src/runtime/ && cp ./src/runtime/node/fetch.ts ./src/runtime/ && cp ./src/runtime/node/base64url.ts ./src/runtime/ && cp ./src/runtime/node/zlib.ts ./src/runtime/ && run-s runtime:refs",
+    "runtime:browser:copy": "cp ./src/runtime/browser/*.ts ./src/runtime",
+    "runtime:clear": "run-s -s runtime:find | xargs -0 rm -f",
+    "runtime:find": "find src/runtime -not -name 'interfaces.d.ts' -maxdepth 1 -type f -print0",
+    "runtime:node:copy": "cp ./src/runtime/node/*.ts ./src/runtime",
+    "runtime:refs": "run-s -s runtime:find | xargs -0 sed -i '' -e \"s/'\\.\\.\\//'\\.\\//g\" -e \"s/'\\.\\/\\.\\./'../g\"",
+    "test": "npm run-script test-rollup && ava",
+    "test-browser": "webpack && karma start",
+    "test-rollup": "rm -rf test/cjs && find test -type f -name '*.mjs' -print0 | xargs -0 rollup --silent --no-interop --preserveModules --format cjs --dir test/cjs",
+    "test-webcrypto": "WEBCRYPTO=true npm test"
   },
@@ -84,25 +471,42 @@ "husky": {
   },
-  "ava": {
-    "babel": false,
-    "compileEnhancements": false,
-    "files": [
-      "test/**/*.test.js"
-    ]
-  },
-  "dependencies": {
-    "@panva/asn1.js": "^1.0.0"
-  },
   "devDependencies": {
-    "@commitlint/cli": "^11.0.0",
-    "@commitlint/config-conventional": "^11.0.0",
-    "ava": "^2.4.0",
+    "@types/node": "^14.14.2",
+    "@typescript-eslint/eslint-plugin": "^4.5.0",
+    "ava": "^3.13.0",
+    "bowser": "^2.11.0",
     "c8": "^7.3.5",
-    "husky": "^4.3.0",
-    "standard": "^16.0.0"
+    "eslint": "^7.12.0",
+    "eslint-config-airbnb-base": "^14.2.0",
+    "eslint-config-airbnb-typescript": "^12.0.0",
+    "eslint-config-prettier": "^6.14.0",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-jsdoc": "^30.7.3",
+    "glob": "^7.1.6",
+    "karma": "^5.2.3",
+    "karma-browserstack-launcher": "^1.6.0",
+    "karma-qunit": "^4.1.1",
+    "nock": "^13.0.4",
+    "npm-run-all": "^4.1.5",
+    "prettier": "^2.1.2",
+    "qunit": "^2.12.0",
+    "rollup": "^2.33.1",
+    "timekeeper": "^2.2.0",
+    "typedoc": "0.19.2",
+    "typedoc-plugin-markdown": "3.0.11",
+    "typescript": "~4.0.3",
+    "webpack": "^5.4.0",
+    "webpack-cli": "^4.2.0"
   },
-  "engines": {
-    "node": ">=10.13.0 < 13 || >=13.7.0"
+  "c8": {
+    "src": "./src",
+    "reporter": [
+      "lcov",
+      "text-summary"
+    ]
   },
   "standard-version": {
+    "commit-all": true,
     "scripts": {
+      "prerelease": "npm run-script build-all",
+      "postbump": "node ./tools/docs.postbump.js",
       "postchangelog": "sed -i '' -e 's/### \\[/## [/g' CHANGELOG.md"
@@ -145,3 +549,13 @@ },
     ]
+  },
+  "typesVersions": {
+    "*": {
+      "webcrypto/*": [
+        "./src/*"
+      ],
+      "*": [
+        "./src/*"
+      ]
+    }
   }
 }

README.md

 # jose
 
-> "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js with minimal dependencies
+> Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies using native crypto runtimes
 
-<p align="center"><img src="/img/demo.gif?raw=true"/></p>
-
 ## Implemented specs & features
@@ -24,9 +22,2 @@
 
-Available JWT validation profiles
-
-- Generic JWT
-- OIDC ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token]
-- (draft 04) OIDC Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token]
-- (draft 06) OAuth 2.0 JWT Access Tokens - [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt]
-
 ## Support
@@ -36,240 +27,42 @@
 
-## Documentation
+## Install
 
-- [jose API Documentation][documentation]
-  - [JWK (JSON Web Key)][documentation-jwk]
-  - [JWKS (JSON Web Key Set)][documentation-jwks]
-  - [JWT (JSON Web Token)][documentation-jwt]
-  - [JWS (JSON Web Signature)][documentation-jws]
-  - [JWE (JSON Web Encryption)][documentation-jwe]
-
-## Usage
-
-For the best performance Node.js version **>=12.0.0** is recommended, but **^10.13.0** lts/dubnium
-is also supported.
-
-Installing `jose`
-
 ```console
-npm install jose
+npm install jose@3
 ```
 
-Usage
-```js
-const jose = require('jose')
-const {
-  JWE,   // JSON Web Encryption (JWE)
-  JWK,   // JSON Web Key (JWK)
-  JWKS,  // JSON Web Key Set (JWKS)
-  JWS,   // JSON Web Signature (JWS)
-  JWT,   // JSON Web Token (JWT)
-  errors // errors utilized by jose
-} = jose
-```
+## Documentation
 
-#### Keys and KeyStores
+- JSON Web Tokens (JWT)
+  - [Signing](docs/classes/_jwt_sign_.signjwt.md#readme)
+  - [Verification & Claims Set Validation](docs/functions/_jwt_verify_.jwtverify.md#readme)
+  - Encrypted JSON Web Tokens
+    - [Encryption](docs/classes/_jwt_encrypt_.encryptjwt.md#readme)
+    - [Decryption & Claims Set Validation](docs/functions/_jwt_decrypt_.jwtdecrypt.md#readme)
+- JSON Web Encryption (JWE)
+  - Encryption - [Compact](docs/classes/_jwe_compact_encrypt_.compactencrypt.md#readme), [Flattened](docs/classes/_jwe_flattened_encrypt_.flattenedencrypt.md#readme)
+  - Decryption - [Compact](docs/functions/_jwe_compact_decrypt_.compactdecrypt.md#readme), [Flattened](docs/functions/_jwe_flattened_decrypt_.flatteneddecrypt.md#readme)
+- JSON Web Signature (JWS)
+  - Signing - [Compact](docs/classes/_jws_compact_sign_.compactsign.md#readme), [Flattened](docs/classes/_jws_flattened_sign_.flattenedsign.md#readme)
+  - Verification - [Compact](docs/functions/_jws_compact_verify_.compactverify.md#readme), [Flattened](docs/functions/_jws_flattened_verify_.flattenedverify.md#readme)
+- JSON Web Key (JWK)
+  - [Parsing & Conversion](docs/functions/_jwk_parse_.parsejwk.md#readme)
+  - [Thumbprints](docs/functions/_jwk_thumbprint_.calculatethumbprint.md#readme)
+  - [EmbeddedJWK](docs/functions/_jwk_embedded_.embeddedjwk.md#readme)
+- JSON Web Key Set (JWKS)
+  - [Verify using a remote JWKSet](docs/functions/_jwks_remote_.createremotejwkset.md#readme)
+- Key Pair or Secret Generation
+  - [Asymmetric Key Pair Generation](docs/functions/_util_generate_key_pair_.generatekeypair.md#readme)
+  - [Symmetric Secret Generation](docs/functions/_util_generate_secret_.generatesecret.md#readme)
+- [Unsecured JWT](docs/classes/_jwt_unsecured_.unsecuredjwt.md#readme)
+- [JOSE Errors](docs/modules/_util_errors_.md)
 
-Prepare your Keys and KeyStores. See the [documentation][documentation-jwk] for more.
+## JOSE Support Matrix
 
-```js
-const key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))
-
-const jwk = { kty: 'EC',
-  kid: 'dl4M_fcI7XoFCsQ22PYrQBkuxZ2pDcbDimcdFmmXM98',
-  crv: 'P-256',
-  x: 'v37avifcL-xgh8cy6IFzcINqqmFLc2JF20XUpn4Y2uQ',
-  y: 'QTwy27XgP7ZMOdGOSopAHB-FU1JMQn3J9GEWGtUXreQ' }
-const anotherKey = jose.JWK.asKey(jwk)
-
-const keystore = new jose.JWKS.KeyStore(key, anotherKey)
-```
-
-### JWT vs JWS
-
-The JWT module provides IANA registered claim type and format validations on top of JWS as well as
-convenience options for verifying UNIX timestamps, setting maximum allowed JWT age, verifying
-audiences, and more.
-
-The JWS module on the other hand handles the other JWS Serialization Syntaxes with all their
-additional available features and allows signing of any payload, i.e. not just serialized JSON
-objects.
-
-#### JWT Signing
-
-Sign with a private or symmetric key with plethora of convenience options. See the
-[documentation][documentation-jwt] for more.
-
-```js
-jose.JWT.sign(
-  { 'urn:example:claim': 'foo' },
-  privateKey,
-  {
-    algorithm: 'PS256',
-    audience: 'urn:example:client_id',
-    expiresIn: '1 hour',
-    header: {
-      typ: 'JWT'
-    },
-    issuer: 'https://op.example.com'
-  }
-)
-```
-
-#### JWT Verifying
-
-Verify with a public or symmetric key with plethora of convenience options. See the
-[documentation][documentation-jwt] for more.
-
-```js
-jose.JWT.verify(
-  'eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IjRQQXBsVkJIN0toS1ZqN0xob0RFM0VVQnNGc0hvaTRhSmxBZGstM3JuME0ifQ.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6ImZvbyIsImF1ZCI6InVybjpleGFtcGxlOmNsaWVudF9pZCIsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20iLCJpYXQiOjE1NTEyOTI2MjksImV4cCI6MTU1MTI5NjIyOX0.nE5fgRL8gvlStf_wB4mJ0TSXVmhJRnUVQuZ0ts6a1nWnnk0Rv69bEJ12BoMdpyPrGa_W6dxU4HFj89F4pQwW0kqBK2-TZ_n9lq-iqupj46w_lpKOfPC3clVc7ZmqYF81bEA-nX93cSKqVV-qPNPEFenb8XHKszYhBFu_uiRg9rXj2qXVU7PXGJAGTzhVgVxB-3XDB1bQ_6KiDCwzVPftrHxEYLydRCaHzggDg6sAFUhQqhPguKuE2gs6jVUh_gIL2RXeoLoinx6gZ72rfovaOmud-yzNIUN8Tvo0pqBmx0s_lEhTlfrQCzN7hZNmV1eG0GDDE-S_CfZhPePnVJZoRA',
-  publicKey,
-  {
-    issuer: 'https://op.example.com',
-    audience: 'urn:example:client_id',
-    algorithms: ['PS256']
-  }
-)
-```
-
-<details>
-  <summary><em><strong>Verifying OIDC ID Tokens</strong></em> (Click to expand)</summary><br>
-
-ID Token is a JWT, but profiled, there are additional requirements to a JWT to be accepted as an
-ID Token and it is pretty easy to omit some, use the
-`JWT.IdToken.verify` API to make sure what you're accepting is really an ID Token meant to
-your Client. This will then perform all doable validations given the input. See the
-[documentation][documentation-jwt] for more.
-
-```js
-jose.JWT.IdToken.verify(
-  'eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6ImE1MWNjZjA4ZjRiYmIwNmU4ODcxNWRkYzRiYmI0MWQ4IiwiYXVkIjoidXJuOmV4YW1wbGU6Y2xpZW50X2lkIiwiZXhwIjoxNTYzODg4ODMwLCJpYXQiOjE1NjM4ODUyMzAsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20ifQ.RKCZczgICF5G9XdNDSwe4dolGauQHptpFKPzahA2wYGG2HKrKhyC8ZzqpeVc8cbntuqFBgABJVv6_9YICRx_dgwPYydTpZfZYjHnxrdWF9QsIPEGs672mrnhqIXUnXoseZ0TF6GOq6P7Qbf6gk1ru7TAbr_ieyJnNWcJhh5iHpz1k3mFz0TyTh7UNXshtQXftPUipqz4OBni5r9UaZXHw8B3QYOnms8__GJ3owOxaqkr1jgRs_EWqMlBNjPaj7ElVaeBWljDKuoK673tH0heSpgzUmUX_W8IDUVqs33uglpZwAQC7cAA5mGEg2odcRpvpP5M-WaP4RE9dl9jzcYmrw',
-  keyOrStore,
-  {
-    issuer: 'https://op.example.com',
-    audience: 'urn:example:client_id',
-    nonce: 'a51ccf08f4bbb06e88715ddc4bbb41d8',
-    algorithms: ['PS256']
-  }
-)
-```
-
-Note: Depending on the channel you receive an ID Token from the following claims may be required
-and must also be checked: `at_hash`, `c_hash` or `s_hash`. Use e.g. [`oidc-token-hash`][oidc-token-hash]
-to validate those hashes after getting the ID Token payload and signature validated by `jose`
-
-</details>
-
-<details>
-  <summary><em><strong>Verifying OAuth 2.0 JWT Access Tokens</strong></em> (Click to expand)</summary><br>
-
-Draft specification profiles are updated as minor versions of the library, therefore,
-since they may have breaking changes use the `~` semver operator when using these and pay close
-attention to changelog and the drafts themselves.
-
-When accepting a JWT-formatted OAuth 2.0 Access Token there are additional requirements for the JWT
-to be accepted as an Access Token according to the [specification][draft-ietf-oauth-access-token-jwt]
-and it is pretty easy to omit some. Use the
-`JWT.AccessToken.verify` API to make sure what you're accepting is really a JWT Access Token
-meant for your Resource Server. This will then perform all doable validations given the input. See
-the [documentation][documentation-jwt] for more.
-
-```js
-jose.JWT.AccessToken.verify(
-  'eyJhbGciOiJQUzI1NiIsInR5cCI6ImF0K0pXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJjbGllbnRfaWQiOiJ1cm46ZXhhbXBsZTpjbGllbnRfaWQiLCJhdWQiOiJ1cm46ZXhhbXBsZTpyZXNvdXJjZS1zZXJ2ZXIiLCJleHAiOjE1NjM4ODg4MzAsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20iLCJzY29wZSI6ImFwaTpyZWFkIn0.UYy8vEGWS0cS24giCYobMMy9-bqI45p807yV1l-2WXX2J4UO-eohV_R58LE2oM88gl414c6XydO6QSYXul5roNPoOs41jpEvreQIP-HmegjbWGutktWJKfvoOblE5FjYwjrwStjLQGUzkq6KWcnDLPGmpFy7n6gZ4LF8YVz4dLEaO335hMNVNrmSPSXYqr7bAWybnLVpLxjDYwNfCO1g0_TlFx8fHh2OftHoOOmJFltFwb8JypkSB-JXVVSEh43IOEjeeMJIG_ylWIOxfLLi5Q7vPWgub83ZTkuGNe4KmlQJKIsH5k0yZSshsLYUOOH0RiXqQ-SA4Ubh3Fowigdu-g',
-  keyOrStore,
-  {
-    issuer: 'https://op.example.com',
-    audience: 'urn:example:resource-server',
-    algorithms: ['PS256']
-  }
-)
-```
-
-</details>
-
-<details>
-  <summary><em><strong>Verifying OIDC Logout Token</strong></em> (Click to expand)</summary><br>
-
-Draft specification profiles are updated as minor versions of the library, therefore,
-since they may have breaking changes use the `~` semver operator when using these and pay close
-attention to changelog and the drafts themselves.
-
-Logout Token is a JWT, but profiled, there are additional requirements to a JWT to be accepted as an
-Logout Token and it is pretty easy to omit some, use the
-`JWT.LogoutToken.verify` API to make sure what you're accepting is really an Logout Token meant to your
-Client. This will then perform all doable validations given the input. See the
-[documentation][documentation-jwt] for more.
-
-```js
-jose.JWT.LogoutToken.verify(
-  'eyJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJmb28iLCJhdWQiOiJ1cm46ZXhhbXBsZTpjbGllbnRfaWQiLCJpYXQiOjE1NjM4ODg4MzAsImp0aSI6ImhqazMyN2RzYSIsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20iLCJldmVudHMiOnsiaHR0cDovL3NjaGVtYXMub3BlbmlkLm5ldC9ldmVudC9iYWNrY2hhbm5lbC1sb2dvdXQiOnt9fX0.SBi7uNUvjHL9TFoFzautGgTQ1MjyeGUNYHL7inpgq3XgTv6xc9EAKuPRtpixmhdNhmInGwUvAeqDSJxomwv1KK1cTndrC9zAMZ7h657BGQAwGhu7nTm41fWMpKQdiLa9sqp3yit5_FNBmqUNeOoMPrYT_Vl9ytsoNO89MUQy2aqCd-Z7BrNJZH0QycdW6dmYlrmZL7w3t3TaAXoJDJ4Hgl2Itkkkb6_6gO-VoPIdVD8sDuf1zQzGhIkmcFrk0fXczVYOkeF2hNYBuvsM8LuO-EPA3oyE2In9djai3M7yceTQetRa1vwlqWkg_xmYS59ry-6wT44aN7-Y6p0TdXm-Zg',
-  keyOrStore,
-  {
-    issuer: 'https://op.example.com',
-    audience: 'urn:example:client_id',
-    algorithms: ['PS256']
-  }
-)
-```
-
-</details>
-
-#### JWS Signing
-
-Sign with a private or symmetric key using compact serialization. See the
-[documentation][documentation-jws] for more.
-
-```js
-jose.JWS.sign(
-  { sub: 'johndoe' },
-  privateKey,
-  { kid: privateKey.kid }
-)
-```
-
-#### JWS Verifying
-
-Verify with a public or symmetric key. See the [documentation][documentation-jws] for more.
-
-```js
-jose.JWS.verify(
-  'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
-  publicKey
-)
-```
-
-#### JWE Encrypting
-
-Encrypt using the recipient's public key or a shared symmetrical secret. See the
-[documentation][documentation-jwe] for more.
-
-```js
-jose.JWE.encrypt(
-  'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
-  publicKey,
-  { kid: publicKey.kid }
-)
-```
-
-#### JWE Decrypting
-
-Decrypt using the private key or a shared symmetrical secret. See the
-[documentation][documentation-jwe] for more.
-
-```js
-jose.JWE.decrypt(
-  'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiRUNESC1FUyIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkVsUGhsN1ljTVZsWkhHM0daSkRoOVJhemNYYlN2VFNheUF6aTBINFFtRUEiLCJ5IjoiM0hDREJTRy12emd6cGtLWmJqMU05UzVuUEJrTDBBdFM4U29ORUxMWE1SayJ9fQ..FhmidRo0twvFA7jcfKFNJw.o112vgiG_qUL1JR5WHpsErcxxgaK_FAa7vCWJ--WulndLpdwdRXHd9k3aL_k8K67xoAThrt10d7dSY2TlPpHdYkw979u0V-C4TNrpzNkv5jpBjU6hHyKpoGZfEsiTD1ivHaFy3ZLCTS69kN_eVKsZGLVf_dkq6Sz6bWE4-ln_fuwukPyMvjTyaTreLjPLBZW.ocKwptCm4Zn437L5hWFnHg',
-  privateKey
-)
-```
-
-## Detailed Support Matrix
-
-| JWK Key Types | Supported | `kty` value | `crv` values |
+| JWK Key Types | Supported | `kty` value | |
 | -- | -- | -- | -- |
-| RSA | ✓ | RSA ||
-| Elliptic Curve | ✓ | EC | P-256, secp256k1<sup>[1]</sup>, P-384, P-521 |
-| Octet Key Pair | ✓ | OKP | Ed25519, Ed448<sup>[1]</sup>, X25519<sup>[1]</sup>, X448<sup>[1]</sup> |
-| Octet sequence | ✓ | oct ||
+| RSA | ✓ | RSA | |
+| Elliptic Curve | ✓ | EC | supported curves: P-256, secp256k1, P-384, P-521 |
+| Octet Key Pair | ✓ | OKP | supported subtypes: Ed25519, Ed448, X25519, X448 |
+| Octet sequence | ✓ | oct | |
 
@@ -279,98 +72,147 @@ | Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
 | Compact | ✓ | ✓ | ✓ | ✓ |
-| General JSON | ✓ | ✓ | ✓ | ✓ |
-| Flattened JSON  | ✓ | ✓ | ✓ | ✓ |
+| General JSON | ✕ | ✕ | ✕ | ✕ |
+| Flattened JSON | ✓ | ✓ | ✓ | ✓ |
 
-| JWS Algorithms | Supported ||
+| JWT Sign | JWT Verify | JWT Encrypt | JWT Decrypt |
+| -- | -- | -- | -- |
+| ✓ | ✓ | ✓ | ✓ |
+
+| JWS Algorithms | Supported | |
 | -- | -- | -- |
 | RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
 | RSASSA-PSS | ✓ | PS256, PS384, PS512 |
-| ECDSA | ✓ | ES256, ES256K<sup>[1]</sup>, ES384, ES512 |
+| ECDSA | ✓ | ES256, ES256K, ES384, ES512 |
 | Edwards-curve DSA | ✓ | EdDSA |
 | HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
-| Unsecured JWS | ✓ | none<sup>[2]</sup> |
+| Unsecured JWS | ✓ | none |
 
-| JWE Key Management Algorithms | Supported ||
+| JWE Key Management Algorithms | Supported | |
 | -- | -- | -- |
-| AES | ✓ | A128KW<sup>[1]</sup>, A192KW<sup>[1]</sup>, A256KW<sup>[1]</sup> |
+| AES | ✓ | A128KW, A192KW, A256KW |
 | AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
 | Direct Key Agreement | ✓ | dir |
-| RSAES OAEP | ✓ | RSA-OAEP, RSA-OAEP-256<sup>[3]</sup>, RSA-OAEP-384<sup>[3]</sup>, RSA-OAEP-512<sup>[3]</sup> |
+| RSAES OAEP | ✓ | RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512 |
 | RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
-| PBES2 | ✓ | PBES2-HS256+A128KW<sup>[1]</sup>, PBES2-HS384+A192KW<sup>[1]</sup>, PBES2-HS512+A256KW<sup>[1]</sup> |
-| ECDH-ES | ✓<sup>[4]</sup> | ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> |
+| PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
+| ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
 
-| JWE Content Encryption Algorithms | Supported ||
+| JWE Content Encryption Algorithms | Supported | |
 | -- | -- | -- |
 | AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
-| AES_CBC_HMAC_SHA2 | ✓ |  A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
+| AES CBC w/ HMAC | ✓ |  A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
 
-| JWT profile validation | Supported | Stable profile |  |
-| -- | -- | -- | -- |
-| JWT Access Tokens - [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] | ✓ | ✕<sup>5</sup> | see [`JWT.AccessToken.verify`](/docs/README.md#jwtaccesstokenverifytoken-keyorstore-options) |
-| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] | ✓ | ✓ | see [`JWT.IdToken.verify`](/docs/README.md#jwtidtokenverifytoken-keyorstore-options) |
-| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] | ✓ | ✕<sup>5</sup> | see [`JWT.LogoutToken.verify`](/docs/README.md#jwtlogouttokenverifytoken-keyorstore-options) |
-| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] | ◯ |||
-| [JWT Response for OAuth Token Introspection][draft-jwtintrospection] | ◯ |||
-| [OAuth 2.0 DPoP][draft-dpop] | ◯ |||
-
 Legend:
 - **✓** Implemented
-- **✕** Missing node crypto support / won't implement
-- **◯** TBD
+- **✕** Not Considered
 
-<sup>1</sup> Not supported in Electron due to Electron's use of BoringSSL  
-<sup>2</sup> Unsecured JWS is [supported][documentation-none] for the JWS and JWT sign and verify
-operations but it is an entirely opt-in behaviour, downgrade attacks are prevented by the required
-use of a special `JWK.Key`-like object that cannot be instantiated through the key import API  
-<sup>3</sup> RSAES OAEP using SHA-2 and MGF1 with SHA-2 is only supported when Node.js `>=12.9.0` runtime is detected  
-<sup>4</sup> ECDH-ES with X25519 and X448 keys is only supported when Node.js `^12.17.0 || >=13.9.0` runtime is detected  
-<sup>5</sup> Draft specification profiles are updated as minor versions of the library, therefore,
-since they may have breaking changes use the `~` semver operator when using these and pay close
-attention to changelog and the drafts themselves.
+## Runtime Support Matrix
 
+| Platform | supported versions | caveats |
+| -- | -- | -- |
+| Node.js | LTS ^12.19.0 &vert;&vert; ^14.15.0 | |
+| Electron | `process.version` must match<br> the Node.js supported versions. So 12+</sup> | see <sup>[1]</sup> |
+| Deno | ✕ | needs [Web Cryptography API integration](https://github.com/denoland/deno/issues/1891) first |
+| React Native | ✕ | has no available and usable crypto runtime |
+| IE | ✕ | implements old version of the Web Cryptography API specification |
+| Browsers | see [caniuse.com][caniuse] | |
+| --- | | |
+| Edge | 79+ | see <sup>[2], [4]</sup> |
+| Firefox | 57+ | see <sup>[2]</sup> |
+| Chrome | 63+ | see <sup>[2], [4]</sup> |
+| Safari | 11+ | see <sup>[2], [3]</sup> |
+| Opera | 50+ | see <sup>[2], [4]</sup> |
+| iOS Safari | 12+ | see <sup>[2], [3]</sup> |
+
+<sup>1</sup> Due to its use of BoringSSL the following is not supported in Electron
+  - A128KW, A192KW, A256KW, and all composite algorithms utilizing those
+  - secp256k1 EC curves
+  - Ed448, X25519, and X448 OKP Sub Types  
+
+<sup>2</sup> RSA1_5, OKP JWK Key Type, and secp256k1 EC curve is not supported in [Web Cryptography API][webcrypto].   
+
+<sup>3</sup> P-521 EC curve is not supported in Safari  
+
+<sup>4</sup> 192 bit AES keys are not supported in Chromium  
+
 ## FAQ
 
-#### Semver?
+#### Supported Versions
 
-**Yes.** Everything that's either exported in the TypeScript definitions file or
-[documented][documentation] is subject to
-[Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html). The rest is to be considered
-private API and is subject to change between any versions.
+| Version | Bug Fixes 🐞 | New Features ⭐ |
+| ------- | --------- | -------- |
+| [3.x.x](https://github.com/panva/jose) | ✅ | ✅ |
+| [2.x.x](https://github.com/panva/jose/tree/v2.x) | ✅ until 2022-04-30 | ❌ |
 
-**Although.** Draft specification profiles are updated as minor versions of the library, therefore,
-since they may have breaking changes use the `~` semver operator when using these and pay close
-attention to changelog and the drafts themselves.
+#### What is new in v3.x?
 
-#### How do I use it outside of Node.js
+- Revised API
+- No dependencies
+- Browser support (using [Web Cryptography API][webcrypto])
+- Promise-based API
+- experimental (non-blocking 🎉) Node.js libuv thread pool based runtime
 
-It is **only built for >=10.13.0 Node.js** environment - including `jose` in transpiled
-browser-environment targeted projects is not supported and may result in unexpected results.
+#### v2.x docs?
 
+[Here.](https://github.com/panva/jose/blob/v2.x/docs/README.md)
+
+#### Semver?
+
+**Yes.** All module's public API is subject to [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html).
+
 #### How is it different from [`jws`](https://github.com/brianloveswords/node-jws), [`jwa`](https://github.com/brianloveswords/node-jwa) or [`jsonwebtoken`](https://github.com/auth0/node-jsonwebtoken)?
 
+- it supports browser runtime
+- it supports encrypted JWTs (i.e. in JWE format)
+- supports secp256k1, Ed25519, Ed448, X25519, and X448
 - it supports JWK Key Format for all four key types (oct, RSA, EC and OKP)
-- it is providing Key and KeyStore abstractions
+- it is exclusively using native platform Key object representations (CryptoKey and KeyObject)
 - there is JSON Web Encryption support
-- it supports all JWS / JWE Serialization Syntaxes
+- it supports the flattened JWS / JWE Serialization Syntaxes
 - it supports the "crit" member validations to make sure extensions are handled correctly
-- it is not only validating the signatures, it is making sure the JWE/JWS is syntactically correct,
-  e.g. not having duplicated header parameters between protected/unprotected or per-recipient
-  headers
 
-#### How is it different from [`node-jose`][node-jose]
+#### How is it different from [`node-jose`](https://github.com/cisco/node-jose)?
 
-`node-jose` is built to work in any javascript runtime, to be able to do that it packs a lot of
-backfill and javascript implementation code in the form of
+`node-jose` is also built to work in any javascript runtime, to be able to do that it packs a lot of
+polyfills and javascript implementation code in the form of
 [`node-forge`](https://github.com/digitalbazaar/forge), this significantly increases the footprint
-of the module with dependencies that either aren't ever used or have native implementation available
-in Node.js already, those are often times faster and more reliable.
+of the modules with dependencies that either aren't ever used or have native implementation available
+in the runtime already, those are often times faster and more reliable.
 
-#### What is the ultimate goal?
+- it has smaller module footprints as it does not bundle unnecessary polyfills
+- it does not bundle [`node-forge`](https://github.com/digitalbazaar/forge) fallbacks when crypto runtime is unavailable
+- supports secp256k1, Ed25519, Ed448, X25519, and X448
 
-- **No dependencies**, the moment JWK formatted keys are supported by node's `crypto` the direct
-dependency count will go down from 1 to 0. 🚀
-- Just the API one needs, having used other jose modules for 3+ years I only include what's useful
+#### Uint8Array?!
 
-#### Why? Just, why?
+- Whenever `Uint8Array` is a valid input, so is [`Buffer`](https://nodejs.org/api/buffer.html#buffer_buffer) since buffers are instances of Uint8Array.
+- Whenever `Uint8Array` is returned and you want a `Buffer` instead, use `Buffer.from(uint8array)`.
 
+#### Bundle Size, Package Size, Tree Shaking
+
+Yes the bundle size is on the larger side, that is because each module is actually published 
+5 times so that it can remain truly without dependencies and be universal / isomorphic.
+The source TS files are also published with inline docs so that your IDE's Intelligent code 
+completion works and has the exact same documentation as published.
+
+Nevertheless, since each module can be required independently and is fully tree-shakeable, the
+install size should not be a cause for concern.
+
+#### Most types are "any"
+
+Install @types/node as your project's development dependency
+
+```
+npm install --save-dev @types/node
+```
+
+#### "Cannot find module '...' or its corresponding type declarations."
+
+Install @types/node as your project's development dependency
+
+```
+npm install --save-dev @types/node
+```
+
+#### Why? Just. Why?
+
 I was using [`node-jose`][node-jose] for
@@ -383,8 +225,2 @@ [`openid-client`](https://github.com/panva/node-openid-client) and
 
-[documentation-jwe]: /docs/README.md#jwe-json-web-encryption
-[documentation-jwk]: /docs/README.md#jwk-json-web-key
-[documentation-jwks]: /docs/README.md#jwks-json-web-key-set
-[documentation-jws]: /docs/README.md#jws-json-web-signature
-[documentation-jwt]: /docs/README.md#jwt-json-web-token
-[documentation-none]: /docs/README.md#jwknone
 [documentation]: /docs/README.md
@@ -401,10 +237,7 @@ [node-jose]: https://github.com/cisco/node-jose
 [spec-secp256k1]: https://tools.ietf.org/html/rfc8812
-[draft-ietf-oauth-access-token-jwt]: https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06
-[draft-jarm]: https://openid.net/specs/openid-financial-api-jarm.html
-[draft-jwtintrospection]: https://tools.ietf.org/html/draft-ietf-oauth-jwt-introspection-response
-[draft-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop
 [spec-thumbprint]: https://tools.ietf.org/html/rfc7638
-[spec-oidc-id_token]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
-[spec-oidc-logout_token]: https://openid.net/specs/openid-connect-backchannel-1_0-04.html#LogoutToken
-[oidc-token-hash]: https://www.npmjs.com/package/oidc-token-hash
 [support-sponsor]: https://github.com/sponsors/panva
+[conditional-exports]: https://nodejs.org/api/packages.html#packages_conditional_exports
+[webcrypto]: https://www.w3.org/TR/WebCryptoAPI/
+[nodewebcrypto]: https://nodejs.org/docs/latest-v15.x/api/webcrypto.html
+[caniuse]: https://caniuse.com/mdn-javascript_operators_await,async-functions,mdn-javascript_statements_for_await_of,cryptography,textencoder

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

728009

increased by205.38%

Dependency count

0

decreased by-100%

Number of package files

406

increased by341.3%

Number of low license alerts

0

decreased by-100%

Lines of code

18035

increased by266.42%

Worsened metrics

Dev dependency count

26

increased by333.33%

Number of lines in readme file

239

decreased by-41.13%

Number of medium supply chain risk alerts

10

increased byInfinity%

Dependency changes

• - Removed@panva/asn1.js@^1.0.0

• - Removed@panva/asn1.js@1.0.0(transitive)