Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
By Sarah Gooding - Dec 03, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
node-jose-tools
Advanced tools
node-jose-tools for JOSE key management, token signing and encryption
The Swiss-army knife tool for node-jose for handling JSON Web Tokens.
Overview
node-jose-tools provides a simple CLI through the jose command for
JSON web-key (JWK) key and key store management as well as for handling
JSON web-tokens (JWT) in, both, the signed and encrypted variants.
The jose command allows quick feature testing of node-jose functions.
node-jose-tools have started to learn better about the different features of node-jose. It also provides reference implementations to many of the underlying functions. The tools and functions are separated to allow easy extension and quick orientation for how the different library features work.
Supported platforms and node versions
node-jose-tools are tested with node versions 12, 13, 14, and 15 on linux (ubuntu), Windows, and macOS.
It is recommended to use node version 12 or higher, due to the much better performance of the cryptographic functions.
Installing
On the command line run npm install -g node-jose-tools.
Running
Open your favorite shell and type.
> jose TOOL [OPTIONS]
The following tools are supported:
Key management
- addkey - add a new key to a jwks
- newkey - create a new key (that can be used by addkey)
- listkeys - list the key ids for all keys in a jwks
- findkey - find a kid in a jwks
- rmkey - remove a kid from a jwks
- thumbprint - generate key thumbprints and key-ids
- info - return basic information about a JWT without processing it
- sign - creates and signs a JWS for a given payload
- verify - verifies a JWS and return the payload
- encrypt - encrypt a payload into a JWE
- decrypt - decrypts a JWE and returns the payload
- digest - computes a SHA-2 digest of the provided input
Documentation and Examples
Pro-tip Use the --help or -h flag to get the documentation directly on the command line.
The detailed documentation of the tools and plenty example application scenarios are available in the docs folder.
Reporting Bugs, Issues and Missing Features
Please, use github for reporting issues and bugs.
If a certain part of the JOSE specifications is not supported by node-jose, then these parts are also unsupported by this tool and not considered a bug.
License
This code is released under a MIT License. Please refer to the LICENSE file for more details.
FAQs
tools for the node-jose library
We found that node-jose-tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Nov 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024