Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

jssign

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jssign

A token generator library to encode and decode data using a secret key

latest
Source
npmnpm
Version
0.3.6
Version published
Maintainers
1
Created
Source

jssign

A better, faster, lighter and more secure alternative to jsonwebtoken

Features

  • Encrypt data using a secret
  • Decrypt a token with secret to retrive data back

Installation

To install jssign

  # with npm:
  npm install jssign --save

  # with yarn:
  yarn add jssign

  # with pnpm:
  pnpm add jssign

  # with bun:
  bun add jssign

Usage

jssign exports different functions for data encryption for different use cases:

Faster Usage

For a faster (but less secure) encoding and decoding of data using a secret, jssign exports the following functions:

  • sign(data, secret, options): returns encoded token
  • verify(token, secret): returns decoded data
import { sign, verify } from "jssign";

const secret = "top-secret";
const token = sign({ foo: "bar" }, secret, { sl: 16 }); // no expiration
const data = verify(token, secret);

console.log(data); // { foo: 'bar' }

data can be an object literal, buffer or string representing valid JSON.

secret can be a string

options:

  • expiresIn can be a numeric value representing time in ms (default value is 0 which represents no expiration).
  • sl can be a numberic value representing salt length (default value is 32). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.

More secure Usage

For a more secure (but slower) encryption and decryption of data using a secret, jssign exports the following functions that uses sjcl under the hood:

  • encrypt(data, secret, options, sjclOptions): return encrypted token
  • decrypt(token, secret): returns decrypted data
import { encrypt, decrypt } from "jssign";

const secret = "top-secret";
const token = encrypt({ id: "confidential_data" }, secret, { expiresIn: 180000 }); // will expire after 30 minutes of token creation
const data = decrypt(token, secret);

console.log(data); // { id: 'confidential_data' }

data can be an object literal, buffer or string representing valid JSON.

secret can be a string

options:

  • expiresIn can be a numeric value representing time in ms (default value is 0 which represents no expiration).

sjclOptions are the options taken by sjcl.encrypt method having type SjclCipherEncryptParams

Author

Sahil Aggarwal

Keywords

jssign
jss
javascript
sign
javascriptsign
token

FAQs

Package last updated on 16 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Python 3.14 Released With Template String Literals, Deferred Annotations, and Subinterpreters

Security News

Python 3.14 Released With Template String Literals, Deferred Annotations, and Subinterpreters

Python 3.14 adds template strings, deferred annotations, and subinterpreters, plus free-threaded mode, an experimental JIT, and Sigstore verification.

By Sarah Gooding  -  Oct 07, 2025