mini-jwt
Advanced tools
Readme
A better, faster, lighter and more secure version of jsonwebtoken
To install mini-jwt
# with npm:
npm install mini-jwt --save
# with yarn:
yarn add mini-jwt
mini-jwt exports different functions for data encryption for different use cases:
For a faster (but less secure) encoding and decoding of data using a secret, mini-jwt exports the following functions:
sign(secret, data, options): returns encoded token(technically, not a jwt)verify(secret, token): returns decoded dataimport { sign, verify } from 'mini-jwt'
const secret = 'top-secret'
const token = sign(secret, { uid: 'user_id' }, { sl: 8 }) // no expiration
const data = verify(secret, token)
console.log(data) // { uid: 'user_id' }
secret can be string
data can be an object literal, buffer or string representing valid JSON.
options:
expiresIn can be a numeric value representing time in ms (no expiration by default).sl can be a numberic value representing salt length (default value is 16). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.For a more secure (but slower) encryption and decryption of data using a secret, mini-jwt exports the following functions that uses sjcl under the hood:
encrypt(secret, data, options): return encrypted token(technically, not a jwt)decrypt(secret, token): returns decrypted dataimport { encrypt, decrypt } from 'mini-jwt'
const secret = 'top-secret'
const token = encrypt(secret, { uid: 'user_id' }, { expiresIn: 180000 }) // will expire after 30 minutes of token creation
const data = decrypt(secret, token)
console.log(data) // { uid: 'user_id' }
secret can be string
data can be an object literal, buffer or string representing valid JSON.
options:
expiresIn can be a numeric value representing time in ms (no expiration by default).FAQs
A token generator library to encode and decode data using a secret key
The npm package mini-jwt receives a total of 0 weekly downloads. As such, mini-jwt popularity was classified as not popular.
We found that mini-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.