New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

node-red-contrib-jsonwebtoken

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-red-contrib-jsonwebtoken

This node allows you to sign and validate JSON Web Token (JWT)

latest
Source
npmnpm
Version
1.0.7
Version published
Weekly downloads
39
-31.58%
Maintainers
1
Weekly downloads
 
Created
Source

This Node-RED node allows signing and validating JSON Web Tokens (JWT).

Install

node-red-contrib-jsonwebtoken is available in the Node-RED Palette Manager. To install it:

  • Open the menu in the top-right of Node-RED
  • Click "Manage Palette"
  • Switch to the "Install" tab
  • Search node-red-contrib-jsonwebtoken
  • Install the node-red-contrib-jsonwebtoken package The nodes will then be available in your editor for you to get started.

It is also possible to install it via npm:

npm install node-red-contrib-jsonwebtoken

Node jwt-sign

This node allows you to sign and validate JSON Web Token (JWT)

Inputs

: payload (string | object) : the payload of the message to publish.

Outputs

  • Standard output : payload (string) : the standard output of the command.

  • Standard error : payload (object) : the standard error of the command.

Form fields

  • Mode: Mode to use for verifying the token.
  • Algorithm: Token encryption algorithm, it is recommended to use a private key as it provides more security to the token.
  • Private Key: In case of selecting the private key mode, the source of the key must be specified. The input variable must be of type buffer, for any of the selected cases, whether it comes from the message payload or environment variables.
  • Secret: In the case of signing the token with a secret key, the source of the key must be specified, which can be a string, input message, or environment variable.
  • Expires In: Token expiration time in seconds.
  • Data to Sign: Source of the data to be signed, the input must be a JavaScript object. If the input is different from an object, the token is signed with the 'data' claim and the data is added there.
  • Audience: Allows configuring the audience of the token.
  • Issuer: Allows configuring the issuer of the token.
  • Not Before: The "Not Before" (NBF) field in a token is used to specify the moment from which the token is valid. This means that the token will not be accepted by the server before the date and time specified in this field. The value is expressed in seconds.
  • Keyid: The Keyid field enables the inclusion of the kid header in token signatures.

Node jwt-verify

This node allows verifying the authenticity of a JSON Web Token (JWT).

Inputs

: payload (string) : the payload of the message to publish.

Outputs

  • Standard output : payload (object) : the standard output of the command.

  • Standard error : payload (object) : the standard error of the command.

Form fields

  • Mode: Mode to use for verifying the token.
  • Private Key: In case of selecting the private key mode, the source of the key must be specified. The input variable must be of type buffer, for any of the selected cases, whether it comes from the message payload or environment variables.
  • Secret: In the case of signing the token with a secret key, the source of the key must be specified, which can be a string, input message, or environment variable.
  • Token origin: Source of the token.
  • Algorithms: Optional, if not specified a defaults will be used based on the type of key provided
  • Ignore Expiration: The default value is false; if true, it bypasses the token's expiration date.
  • Ignore "NotBefore": The default value is false; if true, it bypasses the validation that the token is validated before the specified date.
  • Validate Audience: Validates that the audience is correct.
  • Validate Issuer: Validates that the token issuer is correct.
  • Validate Max Age: The "max age" in a JSON Web Token (JWT) refers to the maximum time a token can be considered valid from the moment it was issued. The value is expressed in seconds
  • Validate Claims: Allows validating the different claims of the token, ideal for validating the scopes, roles, and users with access to some API resources. It is also possible to validate objects in depth like "user.roles[0]"

Examples

Review the node examples for more clarity on how to use it. You can import it in the import menu and search for the node example "node-red-contrib-jsonwebtoken" or the json for the site GitHub.

References

Keywords

node-red
jwt
jsonwebtoken
security
sign
login

FAQs

Package last updated on 27 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

Security News

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.

By Sarah Gooding  -  Apr 11, 2026
Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026