jsonwebtoken - npm Package Compare versions

Comparing version 0.1.0 to 0.2.0

index.js

 var jws = require('jws');
 var moment = require('moment');
 
+module.exports.decode = function (jwt) {
+  return jws.decode(jwt).payload;
+};
+
 module.exports.sign = function(payload, secretOrPrivateKey, options) {
@@ -8,3 +12,3 @@ options = options || {};
   var header = {typ: 'JWT', alg: options.algorithm || 'HS256'};
-  if (options.expiresInMinutes) 
+  if (options.expiresInMinutes)
     payload.exp = moment().add('minutes', options.expiresInMinutes).utc().unix();
@@ -14,6 +18,6 @@
     payload.aud = options.audience;
-  
+
   if (options.issuer)
     payload.iss = options.issuer;
-  
+
   if (options.subject)
@@ -43,23 +47,23 @@ payload.sub = options.subject;
     return callback(new Error('invalid signature'));
-  
-  var jwt = jws.decode(jwtString);
 
-  if (jwt.payload.exp) {
-    if (moment().utc().unix() >= jwt.payload.exp)
+  var payload = this.decode(jwtString);
+
+  if (payload.exp) {
+    if (moment().utc().unix() >= payload.exp)
       return callback(new Error('jwt expired'));
   }
 
-  if (jwt.payload.aud && options.audience) {
-    if (jwt.payload.aud !== options.audience)
-      return callback(new Error('jwt audience invalid. expected: ' + jwt.payload.aud));
+  if (payload.aud && options.audience) {
+    if (payload.aud !== options.audience)
+      return callback(new Error('jwt audience invalid. expected: ' + payload.aud));
   }
 
-  if (jwt.payload.iss && options.issuer) {
-    if (jwt.payload.iss !== options.issuer)
-      return callback(new Error('jwt issuer invalid. expected: ' + jwt.payload.iss));
+  if (payload.iss && options.issuer) {
+    if (payload.iss !== options.issuer)
+      return callback(new Error('jwt issuer invalid. expected: ' + payload.iss));
   }
-  
-  callback(null, jwt.payload);
+
+  callback(null, payload);
 };
 
 

package.json

 {
   "name": "jsonwebtoken",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "JSON Web Token implementation (symmetric and asymmetric)",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

15305

increased by7.87%

Number of package files

11

increased by10%

Lines of code

163

increased by1.88%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes