Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
jwt-simple
Advanced tools
The jwt-simple npm package is a lightweight library for encoding and decoding JSON Web Tokens (JWT). It provides a simple API for creating and verifying JWTs, which are commonly used for authentication and secure data exchange.
Encoding a JWT
This feature allows you to encode a payload into a JWT using a secret key. The resulting token can be used for secure data transmission.
const jwt = require('jwt-simple');
const payload = { foo: 'bar' };
const secret = 'mysecretkey';
const token = jwt.encode(payload, secret);
console.log(token);
Decoding a JWT
This feature allows you to decode a JWT using the same secret key that was used to encode it. The decoded payload can then be accessed and used as needed.
const jwt = require('jwt-simple');
const token = 'your.jwt.token';
const secret = 'mysecretkey';
const decoded = jwt.decode(token, secret);
console.log(decoded);
The jsonwebtoken package is a popular library for working with JSON Web Tokens. It offers more features and flexibility compared to jwt-simple, including support for various algorithms, token expiration, and more advanced options for token verification.
The jose package is a comprehensive library for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT). It provides a wide range of features and supports multiple algorithms, making it suitable for more complex use cases.
The njwt package is another library for creating and verifying JSON Web Tokens. It offers a simple API similar to jwt-simple but includes additional features such as token expiration and claims validation.
JWT(JSON Web Token) encode and decode module for node.js.
$ npm install jwt-simple
var jwt = require('jwt-simple');
var payload = { foo: 'bar' };
var secret = 'xxx';
// HS256 secrets are typically 128-bit random strings, for example hex-encoded:
// var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex')
// encode
var token = jwt.encode(payload, secret);
// decode
var decoded = jwt.decode(token, secret);
console.log(decoded); //=> { foo: 'bar' }
/*
* jwt.decode(token, key, noVerify, algorithm)
*/
// decode, by default the signature of the token is verified
var decoded = jwt.decode(token, secret);
console.log(decoded); //=> { foo: 'bar' }
// decode without verify the signature of the token,
// be sure to KNOW WHAT ARE YOU DOING because not verify the signature
// means you can't be sure that someone hasn't modified the token payload
var decoded = jwt.decode(token, secret, true);
console.log(decoded); //=> { foo: 'bar' }
// decode with a specific algorithm (not using the algorithm described in the token payload)
var decoded = jwt.decode(token, secret, false, 'HS256');
console.log(decoded); //=> { foo: 'bar' }
By default the algorithm to encode is HS256
.
The supported algorithms for encoding and decoding are HS256
, HS384
, HS512
and RS256
.
// encode using HS512
jwt.encode(payload, secret, 'HS512')
0.5.6
Remove usage of deprecated Buffer constructor #89 @eliot-akira
FAQs
JWT(JSON Web Token) encode and decode module
The npm package jwt-simple receives a total of 143,129 weekly downloads. As such, jwt-simple popularity was classified as popular.
We found that jwt-simple demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.