🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

jssign

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jssign

A token generator library to encode and decode data using a secret key

Source
npmnpm
Version
0.3.0
Version published
Weekly downloads
1
-96.97%
Maintainers
1
Weekly downloads
 
Created
Source

jssign

A better, faster, lighter and more secure alternative to jsonwebtoken

Features

  • Encrypt data using a secret
  • Decrypt a token with secret to retrive data back

Installation

To install jssign

  # with npm:
  npm install jssign --save

  # with yarn:
  yarn add jssign

  # with pnpm:
  pnpm add jssign

  # with bun:
  bun add jssign

Usage

jssign exports different functions for data encryption for different use cases:

Faster Usage

For a faster (but less secure) encoding and decoding of data using a secret, jssign exports the following functions:

  • sign(data, secret, options): returns encoded token
  • verify(token, secret): returns decoded data
import { sign, verify } from 'jssign'

const secret = 'top-secret'
const token = sign({ foo: 'bar' }, secret, { sl: 16 }) // no expiration
const data = verify(token, secret)

console.log(data) // { foo: 'bar' }

data can be an object literal, buffer or string representing valid JSON.

secret can be a string

options:

  • expiresIn can be a numeric value representing time in ms (no expiration by default).
  • sl can be a numberic value representing salt length (default value is 32). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.

More secure Usage

For a more secure (but slower) encryption and decryption of data using a secret, jssign exports the following functions that uses sjcl under the hood:

  • encrypt(data, secret, options, sjclOptions): return encrypted token
  • decrypt(token, secret): returns decrypted data
import { encrypt, decrypt } from 'jssign'

const secret = 'top-secret'
const token = encrypt({ id: 'confidential_data' }, secret, { expiresIn: 180000 }) // will expire after 30 minutes of token creation
const data = decrypt(token, secret)

console.log(data) // { id: 'confidential_data' }

data can be an object literal, buffer or string representing valid JSON.

secret can be a string

options:

  • expiresIn can be a numeric value representing time in ms (no expiration by default).

sjclOptions are the options taken by sjcl.encrypt method having type SjclCipherEncryptParams

Author

Sahil Aggarwal

Keywords

jssign
jss
javascript
sign
javascriptsign
token

FAQs

Package last updated on 31 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester

Research

/

Security News

10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester

Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.

By Kush Pandya  -  Oct 28, 2025