jsonwebtoken - npm Package Compare versions

Comparing version 8.4.0 to 8.5.0

lib/psSupported.js

CHANGELOG.md

		@@ -7,2 +7,21 @@ # Change Log

		## 8.5.0 - 2019-02-20

		### New Functionality

		- feat: add PS JWA support for applicable node versions (#573) ([eefb9d9c6eec54718fa6e41306bda84788df7bec](https://github.com/auth0/node-jsonwebtoken/commit/eefb9d9c6eec54718fa6e41306bda84788df7bec)), closes [#573](https://github.com/auth0/node-jsonwebtoken/issues/573)
		- Add complete option in jwt.verify (#522) ([8737789dd330cf9e7870f4df97fd52479adbac22](https://github.com/auth0/node-jsonwebtoken/commit/8737789dd330cf9e7870f4df97fd52479adbac22)), closes [#522](https://github.com/auth0/node-jsonwebtoken/issues/522)

		### Test Improvements

		- Add tests for private claims in the payload (#555) ([5147852896755dc1291825e2e40556f964411fb2](https://github.com/auth0/node-jsonwebtoken/commit/5147852896755dc1291825e2e40556f964411fb2)), closes [#555](https://github.com/auth0/node-jsonwebtoken/issues/555)
		- Force use_strict during testing (#577) ([7b60c127ceade36c33ff33be066e435802001c94](https://github.com/auth0/node-jsonwebtoken/commit/7b60c127ceade36c33ff33be066e435802001c94)), closes [#577](https://github.com/auth0/node-jsonwebtoken/issues/577)
		- Refactor tests related to jti and jwtid (#544) ([7eebbc75ab89e01af5dacf2aae90fe05a13a1454](https://github.com/auth0/node-jsonwebtoken/commit/7eebbc75ab89e01af5dacf2aae90fe05a13a1454)), closes [#544](https://github.com/auth0/node-jsonwebtoken/issues/544)
		- ci: remove nsp from tests (#569) ([da8f55c3c7b4dd0bfc07a2df228500fdd050242a](https://github.com/auth0/node-jsonwebtoken/commit/da8f55c3c7b4dd0bfc07a2df228500fdd050242a)), closes [#569](https://github.com/auth0/node-jsonwebtoken/issues/569)

		### Docs

		- Fix 'cert' token which isn't a cert (#554) ([0c24fe68cd2866cea6322016bf993cd897fefc98](https://github.com/auth0/node-jsonwebtoken/commit/0c24fe68cd2866cea6322016bf993cd897fefc98)), closes [#554](https://github.com/auth0/node-jsonwebtoken/issues/554)


		## 8.4.0 - 2018-11-14
		@@ -9,0 +28,0 @@

package.json

		{
		"name": "jsonwebtoken",
		"version": "8.4.0",
		"version": "8.5.0",
		"description": "JSON Web Token implementation (symmetric and asymmetric)",
		@@ -23,4 +23,4 @@ "main": "index.js",
		"lint": "eslint .",
		"coverage": "nyc mocha",
		"test": "npm run lint && npm run coverage && nsp check && cost-of-modules"
		"coverage": "nyc mocha --use_strict",
		"test": "npm run lint && npm run coverage && cost-of-modules"
		},
		@@ -40,3 +40,3 @@ "repository": {
		"dependencies": {
		"jws": "^3.1.5",
		"jws": "^3.2.1",
		"lodash.includes": "^4.3.0",
		@@ -49,3 +49,4 @@ "lodash.isboolean": "^3.0.3",
		"lodash.once": "^4.0.0",
		"ms": "^2.1.1"
		"ms": "^2.1.1",
		"semver": "^5.6.0"
		},
		@@ -52,0 +53,0 @@ "devDependencies": {

README.md

		@@ -75,4 +75,4 @@ # jsonwebtoken
		// sign with RSA SHA256
		var cert = fs.readFileSync('private.key');
		var token = jwt.sign({ foo: 'bar' }, cert, { algorithm: 'RS256'});
		var privateKey = fs.readFileSync('private.key');
		var token = jwt.sign({ foo: 'bar' }, privateKey, { algorithm: 'RS256'});
		```
		@@ -82,3 +82,3 @@
		```js
		jwt.sign({ foo: 'bar' }, cert, { algorithm: 'RS256' }, function(err, token) {
		jwt.sign({ foo: 'bar' }, privateKey, { algorithm: 'RS256' }, function(err, token) {
		console.log(token);
		@@ -143,2 +143,3 @@ });
		> Eg: `"urn:foo"`, `/urn:f[o]{2}/`, `[/urn:f[o]{2}/, "urn:bar"]`
		* `complete`: return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload.
		* `issuer` (optional): string or array of strings of valid values for the `iss` field.
		@@ -345,5 +346,8 @@ * `ignoreExpiration`: if `true` do not validate the expiration of the token.
		HS512 \| HMAC using SHA-512 hash algorithm
		RS256 \| RSASSA using SHA-256 hash algorithm
		RS384 \| RSASSA using SHA-384 hash algorithm
		RS512 \| RSASSA using SHA-512 hash algorithm
		RS256 \| RSASSA-PKCS1-v1_5 using SHA-256 hash algorithm
		RS384 \| RSASSA-PKCS1-v1_5 using SHA-384 hash algorithm
		RS512 \| RSASSA-PKCS1-v1_5 using SHA-512 hash algorithm
		PS256 \| RSASSA-PSS using SHA-256 hash algorithm (only node ^6.12.0 \|\| >=8.0.0)
		PS384 \| RSASSA-PSS using SHA-384 hash algorithm (only node ^6.12.0 \|\| >=8.0.0)
		PS512 \| RSASSA-PSS using SHA-512 hash algorithm (only node ^6.12.0 \|\| >=8.0.0)
		ES256 \| ECDSA using P-256 curve and SHA-256 hash algorithm
		@@ -350,0 +354,0 @@ ES384 \| ECDSA using P-384 curve and SHA-384 hash algorithm

sign.js

		var timespan = require('./lib/timespan');
		var PS_SUPPORTED = require('./lib/psSupported');
		var jws = require('jws');
		@@ -11,2 +12,7 @@ var includes = require('lodash.includes');

		var SUPPORTED_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none']
		if (PS_SUPPORTED) {
		SUPPORTED_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
		}

		var sign_options_schema = {
		@@ -16,3 +22,3 @@ expiresIn: { isValid: function(value) { return isInteger(value) \|\| (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
		audience: { isValid: function(value) { return isString(value) \|\| Array.isArray(value); }, message: '"audience" must be a string or array' },
		algorithm: { isValid: includes.bind(null, ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none']), message: '"algorithm" must be a valid string enum value' },
		algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },
		header: { isValid: isPlainObject, message: '"header" must be an object' },
		@@ -145,6 +151,6 @@ encoding: { isValid: isString, message: '"encoding" must be a string' },

		if (!options.noTimestamp) {
		if (options.noTimestamp) {
		delete payload.iat;
		} else if (isObjectPayload) {
		payload.iat = timestamp;
		} else {
		delete payload.iat;
		}
		@@ -151,0 +157,0 @@

verify.js

		@@ -6,4 +6,14 @@ var JsonWebTokenError = require('./lib/JsonWebTokenError');
		var timespan = require('./lib/timespan');
		var PS_SUPPORTED = require('./lib/psSupported');
		var jws = require('jws');

		var PUB_KEY_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'];
		var RSA_KEY_ALGS = ['RS256', 'RS384', 'RS512'];
		var HS_ALGS = ['HS256', 'HS384', 'HS512'];

		if (PS_SUPPORTED) {
		PUB_KEY_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
		RSA_KEY_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
		}

		module.exports = function (jwtString, secretOrPublicKey, options, callback) {
		@@ -106,7 +116,4 @@ if ((typeof options === 'function') && !callback) {
		options.algorithms = ~secretOrPublicKey.toString().indexOf('BEGIN CERTIFICATE') \|\|
		~secretOrPublicKey.toString().indexOf('BEGIN PUBLIC KEY') ?
		['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'] :
		~secretOrPublicKey.toString().indexOf('BEGIN RSA PUBLIC KEY') ?
		['RS256', 'RS384', 'RS512'] :
		['HS256', 'HS384', 'HS512'];
		~secretOrPublicKey.toString().indexOf('BEGIN PUBLIC KEY') ? PUB_KEY_ALGS :
		~secretOrPublicKey.toString().indexOf('BEGIN RSA PUBLIC KEY') ? RSA_KEY_ALGS : HS_ALGS;

		@@ -208,4 +215,14 @@ }

		if (options.complete === true) {
		var signature = decodedToken.signature;

		return done(null, {
		header: header,
		payload: payload,
		signature: signature
		});
		}

		return done(null, payload);
		});
		};

jsonwebtoken - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes