jwt-decode - npm Package Compare versions

Comparing version 3.1.2 to 4.0.0-beta.0

package.json

 {
     "name": "jwt-decode",
-    "version": "3.1.2",
+    "version": "4.0.0-beta.0",
     "description": "Decode JWT tokens, mostly useful for browser applications.",
-    "main": "build/jwt-decode.cjs.js",
-    "module": "build/jwt-decode.esm.js",
-    "types": "index.d.ts",
+    "main": "build/cjs/jwt-decode.js",
+    "module": "build/esm/jwt-decode.js",
+    "types": "build/typings/index.d.ts",
     "keywords": [
@@ -19,7 +19,10 @@ "jwt",
     "scripts": {
-        "dev": "rollup -m -c",
-        "build": "rimraf build && rollup -m -c --environment NODE_ENV:production",
-        "test": "mocha"
+        "dev": "rollup --sourcemap --config --configPlugin typescript",
+        "build": "rimraf build && rollup --sourcemap --config --configPlugin typescript --environment NODE_ENV:production",
+        "postbuild": "echo '{\"type\": \"commonjs\"}'> build/cjs/package.json",
+        "test": "npm run test:node && npm run test:browser",
+        "test:node": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage",
+        "test:browser": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage --testEnvironment=jsdom"
     },
-    "author": "Jose F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)",
+    "author": "Jose F. Romaniello <jfromaniello@gmail.com>",
     "contributors": [
@@ -29,20 +32,30 @@ "Sam Bellen <sam.bellen@auth0.com>"
     "license": "MIT",
-    "dependencies": {},
     "devDependencies": {
-        "@rollup/plugin-commonjs": "^15.0.0",
-        "@rollup/plugin-node-resolve": "^9.0.0",
-        "expect.js": "~0.2.0",
-        "mocha": "^8.1.3",
-        "rimraf": "^2.2.8",
-        "rollup": "^2.26.11",
-        "rollup-plugin-livereload": "^2.0.0",
-        "rollup-plugin-serve": "^1.0.4",
-        "rollup-plugin-sourcemaps": "^0.6.2",
-        "rollup-plugin-terser": "^7.0.2",
-        "uglify-js": "^2.8.29"
+        "@rollup/plugin-terser": "^0.4.3",
+        "@rollup/plugin-typescript": "^11.1.2",
+        "jest": "^29.6.1",
+        "jest-environment-jsdom": "^29.6.1",
+        "jest-junit": "^16.0.0",
+        "rimraf": "^5.0.1",
+        "rollup": "^3.26.3",
+        "rollup-plugin-livereload": "^2.0.5",
+        "rollup-plugin-serve": "^2.0.2",
+        "ts-jest": "^29.1.1",
+        "ts-node": "^10.9.1",
+        "typescript": "^5.1.6"
     },
     "files": [
-        "build/",
-        "index.d.ts"
-    ]
+        "build"
+    ],
+    "engines": {
+        "node": ">=16"
+    },
+    "type": "module",
+    "exports": {
+        ".": {
+            "require": "./build/cjs/jwt-decode.js",
+            "import": "./build/esm/jwt-decode.js",
+            "types": "./build/typings/index.d.ts"
+        }
+    }
 }

README.md

@@ -1,16 +0,19 @@
-## **jwt-decode** is a small browser library that helps decoding JWTs token which are Base64Url encoded.
+![Browser library that helps decoding JWT tokens which are Base64Url encoded](https://cdn.auth0.com/website/sdks/banners/jwt-decode-banner.png)
 
-**IMPORTANT:** This library doesn't validate the token, any well formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Owin Bearer JWT](https://github.com/michaelnoonan/Auth0-Owin-JwtBearerAuthentication), etc.
+**IMPORTANT:** This library doesn't validate the token, any well-formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Microsoft.AspNetCore.Authentication.JwtBearer](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer), etc.
 
----
+![Release](https://img.shields.io/npm/v/jwt-decode)
+![Downloads](https://img.shields.io/npm/dw/jwt-decode)
+[![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
+[![CircleCI](https://img.shields.io/circleci/build/github/auth0/jwt-decode)](https://circleci.com/gh/auth0/jwt-decode)
 
-**Warning: When upgrading from version `2` to `3`, there's a potentially breaking change**
+:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :speech_balloon: [Feedback](#feedback)
 
-If you've previously imported the library as `import * as jwt_decode from 'jwt-decode'`, you'll have to change your import to `import jwt_decode from 'jwt-decode';`.
+## Documentation
 
----
+- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.
 
-## Installation
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode?ref=badge_shield)
+## Getting started
 
+### Installation
 
@@ -21,5 +24,5 @@ Install with NPM or Yarn.
 
-## Usage
+### Usage
 
-```javascript
+```js
 import jwt_decode from "jwt-decode";
@@ -33,5 +36,7 @@
 /* prints:
- * { foo: "bar",
+ * { 
+ *   foo: "bar",
  *   exp: 1393286893,
- *   iat: 1393268893  }
+ *   iat: 1393268893  
+ * }
  */
@@ -44,11 +49,43 @@
 /* prints:
- * { typ: "JWT",
- *   alg: "HS256" }
+ * { 
+ *   typ: "JWT",
+ *   alg: "HS256" 
+ * }
  */
 ```
 
-**Note:** A falsy or malformed token will throw an `InvalidTokenError` error.
+**Note:** A falsy or malformed token will throw an `InvalidTokenError` error; see below for more information on specific errors.
 
-## Use as a CommonJS package
+## Errors
 
+This library works with valid JSON web tokens. The basic format of these token is
+```
+[part1].[part2].[part3]
+```
+All parts are supposed to be valid base64 (url) encoded json.
+Depending on the `{ header: <option> }` option it will decode part 1 (only if header: true is specified) or part 2 (default)
+
+Not adhering to the format will result in a `InvalidTokenError` with one of the following messages:
+
+- `Invalid token specified: must be a string` => the token passed was not a string, this library only works on strings. 
+- `Invalid token specified: missing part #` => this probably means you are missing a dot (`.`) in the token 
+- `Invalid token specified: invalid base64 for part #` => the part could not be base64 decoded (the message should contain the error the base64 decoder gave)
+- `Invalid token specified: invalid json for part #` => the part was correctly base64 decoded, however, the decoded value was not valid JSON (the message should contain the error the JSON parser gave)
+
+#### Use with typescript
+
+The return type of the `jwt_decode` function is determined by the `header` property of the object passed as the second argument. If omitted (or set to false), it'll use `JwtPayload`, when true it will use `JwtHeader`. 
+If needed, you can specify what the expected return type should be by passing a type argument to the `jwt_decode` function.
+
+You can extend both `JwtHeader` and `JwtPayload` to include non-standard claims or properties.
+
+```typescript
+import jwtDecode from "jwt-decode";
+
+const token: string = "eyJhsw5c";
+const decoded = jwtDecode<JwtPayload>(token); // Returns with the JwtPayload type
+```
+
+#### Use as a CommonJS package
+
 ```javascript
@@ -59,5 +96,5 @@ const jwt_decode = require('jwt-decode');
 
-## Include with a script tag
+#### Include with a script tag
 
-Copy the file `jwt-decode.js` from the `build/` folder to your project somewhere, then include like so:
+Copy the file `jwt-decode.js` from the `build/` folder to your project somewhere, then include it like so:
 
@@ -68,27 +105,31 @@ ```html
 
-## Older versions
 
-If you want to use the library trough Bower, an HTML import, use [version `v2.2.0`](https://github.com/auth0/jwt-decode/tree/v2.2.0). It has the same functionality.
+## Feedback
 
-## Develop
+### Contributing
 
-Run `npm run dev`, this will fire up a browser and watch the `/lib` folder.
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
 
-## Issue Reporting
+- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
 
-If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+### Raise an issue
 
-## Author
+To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/jwt-decode/issues).
 
-[Auth0](https://auth0.com)
+### Vulnerability Reporting
 
-## License
+Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
 
-This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
+---
 
-[browserify]: http://browserify.org
-[webpack]: http://webpack.github.io/
-
-
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwt-decode?ref=badge_large)
-=======
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png"   width="150">
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
+<p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
+<p align="center">
+This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p>

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

131

increased by45.56%

Is type module

Yes

Worsened metrics

Total package byte prevSize

8504

decreased by-71.39%

Dev dependency count

12

increased by9.09%

Number of package files

3

decreased by-72.73%

Lines of code

0

decreased by-100%

Number of low quality alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

2

increased byInfinity%

No dependency changes