jwt-decode
Advanced tools
Comparing version 3.1.2 to 4.0.0-beta.0
{ | ||
"name": "jwt-decode", | ||
"version": "3.1.2", | ||
"version": "4.0.0-beta.0", | ||
"description": "Decode JWT tokens, mostly useful for browser applications.", | ||
"main": "build/jwt-decode.cjs.js", | ||
"module": "build/jwt-decode.esm.js", | ||
"types": "index.d.ts", | ||
"main": "build/cjs/jwt-decode.js", | ||
"module": "build/esm/jwt-decode.js", | ||
"types": "build/typings/index.d.ts", | ||
"keywords": [ | ||
@@ -19,7 +19,10 @@ "jwt", | ||
"scripts": { | ||
"dev": "rollup -m -c", | ||
"build": "rimraf build && rollup -m -c --environment NODE_ENV:production", | ||
"test": "mocha" | ||
"dev": "rollup --sourcemap --config --configPlugin typescript", | ||
"build": "rimraf build && rollup --sourcemap --config --configPlugin typescript --environment NODE_ENV:production", | ||
"postbuild": "echo '{\"type\": \"commonjs\"}'> build/cjs/package.json", | ||
"test": "npm run test:node && npm run test:browser", | ||
"test:node": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage", | ||
"test:browser": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage --testEnvironment=jsdom" | ||
}, | ||
"author": "Jose F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)", | ||
"author": "Jose F. Romaniello <jfromaniello@gmail.com>", | ||
"contributors": [ | ||
@@ -29,20 +32,30 @@ "Sam Bellen <sam.bellen@auth0.com>" | ||
"license": "MIT", | ||
"dependencies": {}, | ||
"devDependencies": { | ||
"@rollup/plugin-commonjs": "^15.0.0", | ||
"@rollup/plugin-node-resolve": "^9.0.0", | ||
"expect.js": "~0.2.0", | ||
"mocha": "^8.1.3", | ||
"rimraf": "^2.2.8", | ||
"rollup": "^2.26.11", | ||
"rollup-plugin-livereload": "^2.0.0", | ||
"rollup-plugin-serve": "^1.0.4", | ||
"rollup-plugin-sourcemaps": "^0.6.2", | ||
"rollup-plugin-terser": "^7.0.2", | ||
"uglify-js": "^2.8.29" | ||
"@rollup/plugin-terser": "^0.4.3", | ||
"@rollup/plugin-typescript": "^11.1.2", | ||
"jest": "^29.6.1", | ||
"jest-environment-jsdom": "^29.6.1", | ||
"jest-junit": "^16.0.0", | ||
"rimraf": "^5.0.1", | ||
"rollup": "^3.26.3", | ||
"rollup-plugin-livereload": "^2.0.5", | ||
"rollup-plugin-serve": "^2.0.2", | ||
"ts-jest": "^29.1.1", | ||
"ts-node": "^10.9.1", | ||
"typescript": "^5.1.6" | ||
}, | ||
"files": [ | ||
"build/", | ||
"index.d.ts" | ||
] | ||
"build" | ||
], | ||
"engines": { | ||
"node": ">=16" | ||
}, | ||
"type": "module", | ||
"exports": { | ||
".": { | ||
"require": "./build/cjs/jwt-decode.js", | ||
"import": "./build/esm/jwt-decode.js", | ||
"types": "./build/typings/index.d.ts" | ||
} | ||
} | ||
} |
109
README.md
@@ -1,16 +0,19 @@ | ||
## **jwt-decode** is a small browser library that helps decoding JWTs token which are Base64Url encoded. | ||
![Browser library that helps decoding JWT tokens which are Base64Url encoded](https://cdn.auth0.com/website/sdks/banners/jwt-decode-banner.png) | ||
**IMPORTANT:** This library doesn't validate the token, any well formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Owin Bearer JWT](https://github.com/michaelnoonan/Auth0-Owin-JwtBearerAuthentication), etc. | ||
**IMPORTANT:** This library doesn't validate the token, any well-formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Microsoft.AspNetCore.Authentication.JwtBearer](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer), etc. | ||
--- | ||
![Release](https://img.shields.io/npm/v/jwt-decode) | ||
![Downloads](https://img.shields.io/npm/dw/jwt-decode) | ||
[![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT) | ||
[![CircleCI](https://img.shields.io/circleci/build/github/auth0/jwt-decode)](https://circleci.com/gh/auth0/jwt-decode) | ||
**Warning: When upgrading from version `2` to `3`, there's a potentially breaking change** | ||
:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :speech_balloon: [Feedback](#feedback) | ||
If you've previously imported the library as `import * as jwt_decode from 'jwt-decode'`, you'll have to change your import to `import jwt_decode from 'jwt-decode';`. | ||
## Documentation | ||
--- | ||
- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0. | ||
## Installation | ||
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode?ref=badge_shield) | ||
## Getting started | ||
### Installation | ||
@@ -21,5 +24,5 @@ Install with NPM or Yarn. | ||
## Usage | ||
### Usage | ||
```javascript | ||
```js | ||
import jwt_decode from "jwt-decode"; | ||
@@ -33,5 +36,7 @@ | ||
/* prints: | ||
* { foo: "bar", | ||
* { | ||
* foo: "bar", | ||
* exp: 1393286893, | ||
* iat: 1393268893 } | ||
* iat: 1393268893 | ||
* } | ||
*/ | ||
@@ -44,11 +49,43 @@ | ||
/* prints: | ||
* { typ: "JWT", | ||
* alg: "HS256" } | ||
* { | ||
* typ: "JWT", | ||
* alg: "HS256" | ||
* } | ||
*/ | ||
``` | ||
**Note:** A falsy or malformed token will throw an `InvalidTokenError` error. | ||
**Note:** A falsy or malformed token will throw an `InvalidTokenError` error; see below for more information on specific errors. | ||
## Use as a CommonJS package | ||
## Errors | ||
This library works with valid JSON web tokens. The basic format of these token is | ||
``` | ||
[part1].[part2].[part3] | ||
``` | ||
All parts are supposed to be valid base64 (url) encoded json. | ||
Depending on the `{ header: <option> }` option it will decode part 1 (only if header: true is specified) or part 2 (default) | ||
Not adhering to the format will result in a `InvalidTokenError` with one of the following messages: | ||
- `Invalid token specified: must be a string` => the token passed was not a string, this library only works on strings. | ||
- `Invalid token specified: missing part #` => this probably means you are missing a dot (`.`) in the token | ||
- `Invalid token specified: invalid base64 for part #` => the part could not be base64 decoded (the message should contain the error the base64 decoder gave) | ||
- `Invalid token specified: invalid json for part #` => the part was correctly base64 decoded, however, the decoded value was not valid JSON (the message should contain the error the JSON parser gave) | ||
#### Use with typescript | ||
The return type of the `jwt_decode` function is determined by the `header` property of the object passed as the second argument. If omitted (or set to false), it'll use `JwtPayload`, when true it will use `JwtHeader`. | ||
If needed, you can specify what the expected return type should be by passing a type argument to the `jwt_decode` function. | ||
You can extend both `JwtHeader` and `JwtPayload` to include non-standard claims or properties. | ||
```typescript | ||
import jwtDecode from "jwt-decode"; | ||
const token: string = "eyJhsw5c"; | ||
const decoded = jwtDecode<JwtPayload>(token); // Returns with the JwtPayload type | ||
``` | ||
#### Use as a CommonJS package | ||
```javascript | ||
@@ -59,5 +96,5 @@ const jwt_decode = require('jwt-decode'); | ||
## Include with a script tag | ||
#### Include with a script tag | ||
Copy the file `jwt-decode.js` from the `build/` folder to your project somewhere, then include like so: | ||
Copy the file `jwt-decode.js` from the `build/` folder to your project somewhere, then include it like so: | ||
@@ -68,27 +105,31 @@ ```html | ||
## Older versions | ||
If you want to use the library trough Bower, an HTML import, use [version `v2.2.0`](https://github.com/auth0/jwt-decode/tree/v2.2.0). It has the same functionality. | ||
## Feedback | ||
## Develop | ||
### Contributing | ||
Run `npm run dev`, this will fire up a browser and watch the `/lib` folder. | ||
We appreciate feedback and contribution to this repo! Before you get started, please see the following: | ||
## Issue Reporting | ||
- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) | ||
- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) | ||
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. | ||
### Raise an issue | ||
## Author | ||
To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/jwt-decode/issues). | ||
[Auth0](https://auth0.com) | ||
### Vulnerability Reporting | ||
## License | ||
Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues. | ||
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info. | ||
--- | ||
[browserify]: http://browserify.org | ||
[webpack]: http://webpack.github.io/ | ||
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode?ref=badge_large) | ||
======= | ||
<p align="center"> | ||
<picture> | ||
<source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150"> | ||
<source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150"> | ||
<img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150"> | ||
</picture> | ||
</p> | ||
<p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p> | ||
<p align="center"> | ||
This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p> |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
131
Yes
8504
12
3
0
1
2