Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

mini-jwt

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
Package was removed
Sorry, it seems this package was removed from the registry

mini-jwt

A token generator library to encode and decode data using a secret key

unpublished
latest
Source
npmnpm
Version
0.2.2
Version published
Maintainers
1
Created
Source

mini-jwt

A better, faster, lighter and more secure version of jsonwebtoken

Features

  • Encrypt data using a secret
  • Decrypt a token with secret to retrive data back

Installation

To install mini-jwt

  # with npm:
  npm install mini-jwt --save

  # with yarn:
  yarn add mini-jwt

Usage

mini-jwt exports different functions for data encryption for different use cases:

Faster Usage

For a faster (but less secure) encoding and decoding of data using a secret, mini-jwt exports the following functions:

  • sign(secret, data, options): returns encoded token(technically, not a jwt)
  • verify(secret, token): returns decoded data
import { sign, verify } from 'mini-jwt'

const secret = 'top-secret'
const token = sign(secret, { uid: 'user_id' }, {  sl: 8 }) // no expiration
const data = verify(secret, token)

console.log(data) // { uid: 'user_id' }

secret can be string

data can be an object literal, buffer or string representing valid JSON.

options:

  • expiresIn can be a numeric value representing time in ms (no expiration by default).
  • sl can be a numberic value representing salt length (default value is 16). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.

More secure Usage

For a more secure (but slower) encryption and decryption of data using a secret, mini-jwt exports the following functions that uses sjcl under the hood:

  • encrypt(secret, data, options): return encrypted token(technically, not a jwt)
  • decrypt(secret, token): returns decrypted data
import { encrypt, decrypt } from 'mini-jwt'

const secret = 'top-secret'
const token = encrypt(secret, { uid: 'user_id' }, { expiresIn: 180000 }) // will expire after 30 minutes of token creation
const data = decrypt(secret, token)

console.log(data) // { uid: 'user_id' }

secret can be string

data can be an object literal, buffer or string representing valid JSON.

options:

  • expiresIn can be a numeric value representing time in ms (no expiration by default).

Used By

Author

Sahil Aggarwal

Keywords

mini-jwt
javascript
encyption
decryption
jsonwebtoken
sjcl

FAQs

Package last updated on 22 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute

Security News

Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute

Ruby Central’s incident report on the RubyGems.org access dispute sparks backlash from former maintainers and renewed debate over project governance.

By Sarah Gooding  -  Oct 14, 2025
Socket Integrates With Bun 1.3’s Security Scanner API

Security News

Socket Integrates With Bun 1.3’s Security Scanner API

Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.

By Ahmad Nassri, Bradley Meck Farias  -  Oct 10, 2025