Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jsonwebtoken

Package Overview
Dependencies
Maintainers
8
Versions
81
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jsonwebtoken

JSON Web Token implementation (symmetric and asymmetric)

  • 7.4.3
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
17M
decreased by-5.66%
Maintainers
8
Weekly downloads
 
Created

What is jsonwebtoken?

The jsonwebtoken npm package is used to implement JSON Web Tokens (JWT) in Node.js applications. JWTs are a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

What are jsonwebtoken's main functionalities?

Token Signing

This feature allows you to create a digitally signed token. The token consists of a header, a payload, and a signature. The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

{"alg":"HS256","typ":"JWT"}.eyJsub":"1234567890","name":"John Doe","admin":true}.[signature]

Token Verification

This feature is used to verify the signature of an incoming JWT token to ensure that the sender is who they say they are and to ensure that the message wasn't changed along the way.

jwt.verify(token, 'secret', function(err, decoded) { console.log(decoded.foo) // bar })

Token Decoding

This feature allows you to decode a JWT without verifying it. This is useful for cases where you trust the token or have already verified it and just need to read the payload.

jwt.decode(token)

Other packages similar to jsonwebtoken

Keywords

FAQs

Package last updated on 17 Aug 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc