New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

jwt-transform

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jwt-transform

transform your real jwt token into fake jwt token.

latest
Source
npmnpm
Version
0.0.5
Version published
Weekly downloads
156
817.65%
Maintainers
1
Weekly downloads
 
Created
Source

JWT Transform

Build Status CodeFactor codebeat badge Codacy Badge node-current npm PRs Welcome

jwt-transform is a simple utility tool for your transforming a real jwt token into a fake jwt token, because if you store jwt token into a cookie or local storage very unsafe, your jwt token can be seen data using jwt.io website or chrome extension, if you use jwt-transform you real jwt token cannot seen using jwt.io website or chrome extension, because what you save is fake jwt token, you can get back real jwt token using decrypt method for parse fake jwt token.

Table Of Content

Installation

npm install jwt-transform -S or yarn add jwt-transform -S

API Reference

  • encrypt(secretKey: string, plainText: string, rotate: number): string

    encrypt jwt token using caesar cipher cryptography from real jwt token into fake jwt token

  • decrypt(secretKey: string, cipherText: string, rotate: number): string

    decrypt jwt token using caesar cipher cryptography from fake jwt token into real jwt token

Example Usage

Follow this express tutorial for example usage using express, make this as middleware for transform your fake jwt token to real token, because jwt .verify need real token, if you pass fake token jwt.verify identification your token is not valid and if you not using express, make this as middleware.

  • Example Usage Using CommonJs With JavaScript
     const { JwtTransform } = require('jwt-transform')

  const secretKey = 'ptLDDOU5ejqqLjlk4CpSNxvwZVxQFRmF'
 const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'

 const resultEncrypt = JwtTransform.transform(secretKey, accessToken, secretKey.length)
 console.log(resultEncrypt)

 // fake jwt token
 // kePnhMioUoPOAfO1ToOyOtX5iIO6OqvDBIP9.kePfjCOoUoOdSpS0TZE3UJqcOocohsLzFYO6OqvbgM4mXM9rOocogCL0OpudTZK2SpS5SJOelWvzRJJUA5kpwwRprq4IvYTdbcFBdWLXsL.YlrQdcXPYSkQQL2WZ4lcvSkPl36VUq6ePB_gjWyyc5i

 const resultDecrypt = JwtTransform.untransform(secretKey, resultEncrypt, secretKey.length)
 console.log(resultDecrypt)

 // real jwt token
 // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
  • Example Usage Using ESM With JavaScript / TypeScript
     import { JwtTransform } from 'jwt-transform'

  const secretKey = 'ptLDDOU5ejqqLjlk4CpSNxvwZVxQFRmF'
 const accessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'

 const resultEncrypt = JwtTransform.transform(secretKey, accessToken, secretKey.length)
 console.log(resultEncrypt)

 // fake jwt token
 // kePnhMioUoPOAfO1ToOyOtX5iIO6OqvDBIP9.kePfjCOoUoOdSpS0TZE3UJqcOocohsLzFYO6OqvbgM4mXM9rOocogCL0OpudTZK2SpS5SJOelWvzRJJUA5kpwwRprq4IvYTdbcFBdWLXsL.YlrQdcXPYSkQQL2WZ4lcvSkPl36VUq6ePB_gjWyyc5i

 const resultDecrypt = JwtTransform.untransform(secretKey, resultEncrypt, secretKey.length)
 console.log(resultDecrypt)

 // real jwt token
 // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Testing

  • Testing Via Local

    npm test or make test

  • Testing Via Local And Build

    make build

  • Testing Via Docker

    docker build -t jwt-transform or make dkb tag=jwt-transform

Bugs

For information on bugs related to package libraries, please visit here

Contributing

Want to make jwt-transform more perfect ? Let's contribute and follow the contribution guide.

License

BACK TO TOP

Keywords

jwt
jwt-transform
security
encrypt
decrypt
encode

FAQs

Package last updated on 13 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026