jose - npm Package Compare versions

39

dist/browser/jwe/flattened/decrypt.js

		@@ -89,3 +89,8 @@ import { decode as base64url } from '../../runtime/base64url.js';
		if (jwe.encrypted_key !== undefined) {
		encryptedKey = base64url(jwe.encrypted_key);
		try {
		encryptedKey = base64url(jwe.encrypted_key);
		}
		catch (_c) {
		throw new JWEInvalid('Failed to base64url decode the encrypted_key');
		}
		}
		@@ -107,4 +112,16 @@ let resolvedKey = false;
		}
		const iv = base64url(jwe.iv);
		const tag = base64url(jwe.tag);
		let iv;
		let tag;
		try {
		iv = base64url(jwe.iv);
		}
		catch (_d) {
		throw new JWEInvalid('Failed to base64url decode the iv');
		}
		try {
		tag = base64url(jwe.tag);
		}
		catch (_e) {
		throw new JWEInvalid('Failed to base64url decode the tag');
		}
		const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
		@@ -118,3 +135,10 @@ let additionalData;
		}
		let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData);
		let ciphertext;
		try {
		ciphertext = base64url(jwe.ciphertext);
		}
		catch (_f) {
		throw new JWEInvalid('Failed to base64url decode the ciphertext');
		}
		let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData);
		if (joseHeader.zip === 'DEF') {
		@@ -128,3 +152,8 @@ plaintext = await ((options === null \|\| options === void 0 ? void 0 : options.inflateRaw) \|\| inflate)(plaintext);
		if (jwe.aad !== undefined) {
		result.additionalAuthenticatedData = base64url(jwe.aad);
		try {
		result.additionalAuthenticatedData = base64url(jwe.aad);
		}
		catch (_g) {
		throw new JWEInvalid('Failed to base64url decode the aad');
		}
		}
		@@ -131,0 +160,0 @@ if (jwe.unprotected !== undefined) {

15

dist/browser/jws/flattened/verify.js

		@@ -78,3 +78,9 @@ import { decode as base64url } from '../../runtime/base64url.js';
		const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);
		const signature = base64url(jws.signature);
		let signature;
		try {
		signature = base64url(jws.signature);
		}
		catch (_c) {
		throw new JWSInvalid('Failed to base64url decode the signature');
		}
		const verified = await verify(alg, key, signature, data);
		@@ -86,3 +92,8 @@ if (!verified) {
		if (b64) {
		payload = base64url(jws.payload);
		try {
		payload = base64url(jws.payload);
		}
		catch (_d) {
		throw new JWSInvalid('Failed to base64url decode the payload');
		}
		}
		@@ -89,0 +100,0 @@ else if (typeof jws.payload === 'string') {

39

dist/browser/lib/decrypt_key_management.js

		@@ -36,3 +36,8 @@ import { unwrap as aesKw } from '../runtime/aeskw.js';
		throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
		partyUInfo = base64url(joseHeader.apu);
		try {
		partyUInfo = base64url(joseHeader.apu);
		}
		catch (_a) {
		throw new JWEInvalid('Failed to base64url decode the apu');
		}
		}
		@@ -42,3 +47,8 @@ if (joseHeader.apv !== undefined) {
		throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
		partyVInfo = base64url(joseHeader.apv);
		try {
		partyVInfo = base64url(joseHeader.apv);
		}
		catch (_b) {
		throw new JWEInvalid('Failed to base64url decode the apv');
		}
		}
		@@ -73,3 +83,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
		throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
		return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s));
		let p2s;
		try {
		p2s = base64url(joseHeader.p2s);
		}
		catch (_c) {
		throw new JWEInvalid('Failed to base64url decode the p2s');
		}
		return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, p2s);
		}
		@@ -92,4 +109,16 @@ case 'A128KW':
		throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
		const iv = base64url(joseHeader.iv);
		const tag = base64url(joseHeader.tag);
		let iv;
		try {
		iv = base64url(joseHeader.iv);
		}
		catch (_d) {
		throw new JWEInvalid('Failed to base64url decode the iv');
		}
		let tag;
		try {
		tag = base64url(joseHeader.tag);
		}
		catch (_e) {
		throw new JWEInvalid('Failed to base64url decode the tag');
		}
		return aesGcmKw(alg, key, encryptedKey, iv, tag);
		@@ -96,0 +125,0 @@ }

2

dist/browser/runtime/asn1.js

		@@ -199,5 +199,5 @@ import crypto, { isCryptoKey } from './webcrypto.js';
		catch (cause) {
		throw new TypeError('failed to parse the X.509 certificate', { cause });
		throw new TypeError('Failed to parse the X.509 certificate', { cause });
		}
		return fromSPKI(spki, alg, options);
		};

2

dist/browser/util/decode_jwt.js

		@@ -20,3 +20,3 @@ import { decode as base64url } from './base64url.js';
		catch (_a) {
		throw new JWTInvalid('Failed to parse the base64url encoded payload');
		throw new JWTInvalid('Failed to base64url decode the payload');
		}
		@@ -23,0 +23,0 @@ let result;

39

dist/node/cjs/jwe/flattened/decrypt.js

		@@ -92,3 +92,8 @@ "use strict";
		if (jwe.encrypted_key !== undefined) {
		encryptedKey = (0, base64url_js_1.decode)(jwe.encrypted_key);
		try {
		encryptedKey = (0, base64url_js_1.decode)(jwe.encrypted_key);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the encrypted_key');
		}
		}
		@@ -110,4 +115,16 @@ let resolvedKey = false;
		}
		const iv = (0, base64url_js_1.decode)(jwe.iv);
		const tag = (0, base64url_js_1.decode)(jwe.tag);
		let iv;
		let tag;
		try {
		iv = (0, base64url_js_1.decode)(jwe.iv);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the iv');
		}
		try {
		tag = (0, base64url_js_1.decode)(jwe.tag);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the tag');
		}
		const protectedHeader = buffer_utils_js_1.encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
		@@ -121,3 +138,10 @@ let additionalData;
		}
		let plaintext = await (0, decrypt_js_1.default)(enc, cek, (0, base64url_js_1.decode)(jwe.ciphertext), iv, tag, additionalData);
		let ciphertext;
		try {
		ciphertext = (0, base64url_js_1.decode)(jwe.ciphertext);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the ciphertext');
		}
		let plaintext = await (0, decrypt_js_1.default)(enc, cek, ciphertext, iv, tag, additionalData);
		if (joseHeader.zip === 'DEF') {
		@@ -131,3 +155,8 @@ plaintext = await ((options === null \|\| options === void 0 ? void 0 : options.inflateRaw) \|\| zlib_js_1.inflate)(plaintext);
		if (jwe.aad !== undefined) {
		result.additionalAuthenticatedData = (0, base64url_js_1.decode)(jwe.aad);
		try {
		result.additionalAuthenticatedData = (0, base64url_js_1.decode)(jwe.aad);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the aad');
		}
		}
		@@ -134,0 +163,0 @@ if (jwe.unprotected !== undefined) {

15

dist/node/cjs/jws/flattened/verify.js

		@@ -81,3 +81,9 @@ "use strict";
		const data = (0, buffer_utils_js_1.concat)(buffer_utils_js_1.encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), buffer_utils_js_1.encoder.encode('.'), typeof jws.payload === 'string' ? buffer_utils_js_1.encoder.encode(jws.payload) : jws.payload);
		const signature = (0, base64url_js_1.decode)(jws.signature);
		let signature;
		try {
		signature = (0, base64url_js_1.decode)(jws.signature);
		}
		catch {
		throw new errors_js_1.JWSInvalid('Failed to base64url decode the signature');
		}
		const verified = await (0, verify_js_1.default)(alg, key, signature, data);
		@@ -89,3 +95,8 @@ if (!verified) {
		if (b64) {
		payload = (0, base64url_js_1.decode)(jws.payload);
		try {
		payload = (0, base64url_js_1.decode)(jws.payload);
		}
		catch {
		throw new errors_js_1.JWSInvalid('Failed to base64url decode the payload');
		}
		}
		@@ -92,0 +103,0 @@ else if (typeof jws.payload === 'string') {

39

dist/node/cjs/lib/decrypt_key_management.js

		@@ -38,3 +38,8 @@ "use strict";
		throw new errors_js_1.JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
		partyUInfo = (0, base64url_js_1.decode)(joseHeader.apu);
		try {
		partyUInfo = (0, base64url_js_1.decode)(joseHeader.apu);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the apu');
		}
		}
		@@ -44,3 +49,8 @@ if (joseHeader.apv !== undefined) {
		throw new errors_js_1.JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
		partyVInfo = (0, base64url_js_1.decode)(joseHeader.apv);
		try {
		partyVInfo = (0, base64url_js_1.decode)(joseHeader.apv);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the apv');
		}
		}
		@@ -75,3 +85,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? (0, cek_js_1.bitLength)(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
		throw new errors_js_1.JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
		return (0, pbes2kw_js_1.decrypt)(alg, key, encryptedKey, joseHeader.p2c, (0, base64url_js_1.decode)(joseHeader.p2s));
		let p2s;
		try {
		p2s = (0, base64url_js_1.decode)(joseHeader.p2s);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the p2s');
		}
		return (0, pbes2kw_js_1.decrypt)(alg, key, encryptedKey, joseHeader.p2c, p2s);
		}
		@@ -94,4 +111,16 @@ case 'A128KW':
		throw new errors_js_1.JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
		const iv = (0, base64url_js_1.decode)(joseHeader.iv);
		const tag = (0, base64url_js_1.decode)(joseHeader.tag);
		let iv;
		try {
		iv = (0, base64url_js_1.decode)(joseHeader.iv);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the iv');
		}
		let tag;
		try {
		tag = (0, base64url_js_1.decode)(joseHeader.tag);
		}
		catch {
		throw new errors_js_1.JWEInvalid('Failed to base64url decode the tag');
		}
		return (0, aesgcmkw_js_1.unwrap)(alg, key, encryptedKey, iv, tag);
		@@ -98,0 +127,0 @@ }

1

dist/node/cjs/runtime/base64url.js

		@@ -7,3 +7,2 @@ "use strict";
		let encode;
		exports.encode = encode;
		function normalize(input) {
		@@ -10,0 +9,0 @@ let encoded = input;

2

dist/node/cjs/util/decode_jwt.js

		@@ -23,3 +23,3 @@ "use strict";
		catch {
		throw new errors_js_1.JWTInvalid('Failed to parse the base64url encoded payload');
		throw new errors_js_1.JWTInvalid('Failed to base64url decode the payload');
		}
		@@ -26,0 +26,0 @@ let result;

39

dist/node/esm/jwe/flattened/decrypt.js

		@@ -89,3 +89,8 @@ import { decode as base64url } from '../../runtime/base64url.js';
		if (jwe.encrypted_key !== undefined) {
		encryptedKey = base64url(jwe.encrypted_key);
		try {
		encryptedKey = base64url(jwe.encrypted_key);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the encrypted_key');
		}
		}
		@@ -107,4 +112,16 @@ let resolvedKey = false;
		}
		const iv = base64url(jwe.iv);
		const tag = base64url(jwe.tag);
		let iv;
		let tag;
		try {
		iv = base64url(jwe.iv);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the iv');
		}
		try {
		tag = base64url(jwe.tag);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the tag');
		}
		const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
		@@ -118,3 +135,10 @@ let additionalData;
		}
		let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData);
		let ciphertext;
		try {
		ciphertext = base64url(jwe.ciphertext);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the ciphertext');
		}
		let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData);
		if (joseHeader.zip === 'DEF') {
		@@ -128,3 +152,8 @@ plaintext = await ((options === null \|\| options === void 0 ? void 0 : options.inflateRaw) \|\| inflate)(plaintext);
		if (jwe.aad !== undefined) {
		result.additionalAuthenticatedData = base64url(jwe.aad);
		try {
		result.additionalAuthenticatedData = base64url(jwe.aad);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the aad');
		}
		}
		@@ -131,0 +160,0 @@ if (jwe.unprotected !== undefined) {

15

dist/node/esm/jws/flattened/verify.js

		@@ -78,3 +78,9 @@ import { decode as base64url } from '../../runtime/base64url.js';
		const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);
		const signature = base64url(jws.signature);
		let signature;
		try {
		signature = base64url(jws.signature);
		}
		catch {
		throw new JWSInvalid('Failed to base64url decode the signature');
		}
		const verified = await verify(alg, key, signature, data);
		@@ -86,3 +92,8 @@ if (!verified) {
		if (b64) {
		payload = base64url(jws.payload);
		try {
		payload = base64url(jws.payload);
		}
		catch {
		throw new JWSInvalid('Failed to base64url decode the payload');
		}
		}
		@@ -89,0 +100,0 @@ else if (typeof jws.payload === 'string') {

39

dist/node/esm/lib/decrypt_key_management.js

		@@ -36,3 +36,8 @@ import { unwrap as aesKw } from '../runtime/aeskw.js';
		throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
		partyUInfo = base64url(joseHeader.apu);
		try {
		partyUInfo = base64url(joseHeader.apu);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the apu');
		}
		}
		@@ -42,3 +47,8 @@ if (joseHeader.apv !== undefined) {
		throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
		partyVInfo = base64url(joseHeader.apv);
		try {
		partyVInfo = base64url(joseHeader.apv);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the apv');
		}
		}
		@@ -73,3 +83,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
		throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
		return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s));
		let p2s;
		try {
		p2s = base64url(joseHeader.p2s);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the p2s');
		}
		return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, p2s);
		}
		@@ -92,4 +109,16 @@ case 'A128KW':
		throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
		const iv = base64url(joseHeader.iv);
		const tag = base64url(joseHeader.tag);
		let iv;
		try {
		iv = base64url(joseHeader.iv);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the iv');
		}
		let tag;
		try {
		tag = base64url(joseHeader.tag);
		}
		catch {
		throw new JWEInvalid('Failed to base64url decode the tag');
		}
		return aesGcmKw(alg, key, encryptedKey, iv, tag);
		@@ -96,0 +125,0 @@ }

2

dist/node/esm/util/decode_jwt.js

		@@ -20,3 +20,3 @@ import { decode as base64url } from './base64url.js';
		catch {
		throw new JWTInvalid('Failed to parse the base64url encoded payload');
		throw new JWTInvalid('Failed to base64url decode the payload');
		}
		@@ -23,0 +23,0 @@ let result;

2

dist/types/jwe/compact/encrypt.d.ts

		@@ -16,2 +16,3 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, CompactJWEHeaderParameters, EncryptOptions } from '../../types';
		* validation purposes.
		*
		* @param cek JWE Content Encryption Key.
		@@ -26,2 +27,3 @@ */
		* validation purposes.
		*
		* @param iv JWE Initialization Vector.
		@@ -28,0 +30,0 @@ */

2

dist/types/jwe/flattened/encrypt.d.ts

		@@ -58,2 +58,3 @@ import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types';
		* validation purposes.
		*
		* @param cek JWE Content Encryption Key.
		@@ -68,2 +69,3 @@ */
		* validation purposes.
		*
		* @param iv JWE Initialization Vector.
		@@ -70,0 +72,0 @@ */

2

dist/types/jwk/thumbprint.d.ts

		@@ -8,2 +8,3 @@ import type { JWK } from '../types';
		* "sha256".
		*
		* @see {@link https://www.rfc-editor.org/rfc/rfc7638 RFC7638}
		@@ -18,4 +19,5 @@ */
		* "sha256".
		*
		* @see {@link https://www.rfc-editor.org/rfc/rfc9278 RFC9278}
		*/
		export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: 'sha256' \| 'sha384' \| 'sha512'): Promise<string>;

2

dist/types/jwt/encrypt.d.ts

		@@ -37,2 +37,3 @@ import type { EncryptOptions, CompactJWEHeaderParameters, JWEKeyManagementHeaderParameters, KeyLike } from '../types';
		* validation purposes.
		*
		* @param cek JWE Content Encryption Key.
		@@ -47,2 +48,3 @@ */
		* validation purposes.
		*
		* @param iv JWE Initialization Vector.
		@@ -49,0 +51,0 @@ */

3

dist/types/types.d.ts

		@@ -302,2 +302,3 @@ /**
		* data often reveals information about the plaintext.
		*
		* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs}
		@@ -491,2 +492,3 @@ */
		* data often reveals information about the plaintext.
		*
		* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs}
		@@ -504,2 +506,3 @@ */
		* data often reveals information about the plaintext.
		*
		* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs}
		@@ -506,0 +509,0 @@ */

2

package.json

		{
		"name": "jose",
		"version": "4.14.4",
		"version": "4.14.5",
		"description": "'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes",
		@@ -5,0 +5,0 @@ "keywords": [

jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics