Launch Week Day 2: Introducing Reports: An Extensible Reporting Framework for Socket Data.Learn More
Socket
Book a DemoSign in
Socket
Book a DemoSign in

jwt-utils

Package Overview
Dependencies
Maintainers
3
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jwt-utils

JSON Web Tokens (JWT) utils

latest
npmnpm
Version
1.0.5
Version published
Weekly downloads
182
-70.07%
Maintainers
3
Weekly downloads
 
Created
Source

jwt-utils

JSON Web Tokens (JWT) utils.

npm version Build Status Coverage Status

This module is able to parse and generate both encrypted and unencrypted JWT tokens.

  • A hash key (hashKey) is needed to generate a JWT signature.
  • An encryption key (encryptKey) is needed only if you need to deal with encrypted JWT tokens.

This module only allows hexadecimal strings as hash and encryption keys. The encryption key must be a 32-length hexadecimal value (16 bytes) if the encryption algorithm is A128CBC.

The kid (key identifier) goes in the JWT header, and serves as a client identifier, in case you need to use different keys for different clients.

Installation

npm install jwt-utils

Examples

var config = { expiration: 600};
var jwt = require('jwt-utils')(config);

// Encode JWT token
jwt.buildJWT(payload, header, hashKey, function(err, token) {
    if (!err) {
        console.log(token); // something in the format "aaa.bbb.ccc"
    }
});

// Decode JWT token
jwt.readJWT(token, hashKey, function(err, token) {
    if (!err) {
        console.log(token.payload);
        console.log(token.header);
    }
});

// Encrypt JWT token
jwt.buildJWTEncrypted(payload, header, encryptKey, hashKey, function(err, token) {
    if (!err) {
        console.log(token); // something in the format "aaa.bbb.ccc.ddd.eee"
    }
});

// Decrypt JWT token
jwt.readJWTEncrypted(token, encryptKey, hashKey, function(err, token) {
    if (!err) {
        console.log(token.payload);
        console.log(token.header);
    }
});

// Read JWT header
jwt.readJWTHeader(token, function(err, header) {
    if (!err) {
        console.log(header);
    }
});

Configuration

  • expiration: Expiration time in seconds to generate exp field in token (this functionality can be disabled by setting the value to 0).
  • futureTolerance: Tolerance seconds to find out if a jwt comes from the future or not.

Development information

npm test

Errors:

The following file has registered the error of this library: errors.json

License

Copyright 2015 Telefónica Investigación y Desarrollo, S.A.U

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Keywords

jwt
token
tdaf

FAQs

Package last updated on 30 Jul 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Research

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.

By Socket Research Team  -  Apr 22, 2026
Socket for Jira Is Now Available

Product

Socket for Jira Is Now Available

Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.

By Jeppe Hasseriis  -  Apr 20, 2026