npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@dwbinns/jwt

v1.3.0

Published

Verify and create JWTs using async webcrypto.

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dwbinnsdwbinns

Keywords

Readme

JWT verification and generation

Verify and create JWTs using async webcrypto.

ES256 (ECDSA with P-256 and P-256) and RS256 (RSA with SHA-256)

import { importJWK, create, verify, expiresTime, expiredFraction } from "@dwbinns/jwt";

const keys = await importJWK("ES256", "kid", {
    "kty": "EC",
    "crv": "P-256",
    "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
    "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
    "d": "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"
});

const jwt = await create(keys, {sub: "me", ...expiresTime(3600)});
console.log("JWT:", jwt);
console.log(`Expired: ${expiredFraction(jwt) * 100}%`);
const claims = await verify(keys, jwt);
console.log("Subject:", claims.sub); 
console.log("Expires:", new Date(claims.exp * 1e3));
try {
    await verify(keys, "eyJraWQiOiJraWQiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJtZSJ9.invalid");
} catch (e) {
    console.log("Verification error:", e.message);
}
JWT: eyJraWQiOiJraWQiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJtZSIsImlhdCI6MTcxODY0MDk4NywiZXhwIjoxNzE4NjQ0NTg3fQ.fNZx8X2p7AFrlN7RSnr0n3rnxVjN6raBbDZhEbiWNomRFofG2KXFX8AwRHtXTa86VNxR8wOXnNVnly80IMP2CA
Expired: 0.004611111111111112%
Subject: me
Expires: 2024-06-17T17:16:27.000Z
Verification error: JWT not valid

parse

function parse(text)

Synchronously parse a JWT without verification

import { parse } from "@dwbinns/jwt";
console.log(parse("eyJraWQiOiJraWQiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJtZSIsImlhdCI6MTcxODY0MDk4NywiZXhwIjoxNzE4NjQ0NTg3fQ.fNZx8X2p7AFrlN7RSnr0n3rnxVjN6raBbDZhEbiWNomRFofG2KXFX8AwRHtXTa86VNxR8wOXnNVnly80IMP2CA"));

Returns all parts of the JWT, decoded:

{
  header: { kid: 'kid', alg: 'ES256' },
  claims: { sub: 'me', iat: 1718640987, exp: 1718644587 },
  signature: Uint8Array(64) [
    124, 214, 113, 241, 125, 169, 236,   1, 107, 148, 222,
    209,  74, 122, 244, 159, 122, 231, 197,  88, 205, 234,
    182, 129, 108,  54,  97,  17, 184, 150,  54, 137, 145,
     22, 135, 198, 216, 165, 197,  95, 192,  48,  68, 123,
     87,  77, 175,  58,  84, 220,  81, 243,   3, 151, 156,
    213, 103, 151,  47,  52,  32, 195, 246,   8
  ],
  signed: 'eyJraWQiOiJraWQiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJtZSIsImlhdCI6MTcxODY0MDk4NywiZXhwIjoxNzE4NjQ0NTg3fQ'
}

verify

async function verify(keys, text, now = new Date())

Parse and verify a JWT, throwing an error if the JWT is expired, not yet valid or does not have a valid signature. Keys should be an array of keys created via one of the import functions. Returns the JWT's claims, see first example.

importPem

async function importPem(alg, kid, pem)

Import a single key from a PEM file, supplying the algorithm (alg) and key id (kid) and pem as a string. Supports pkcs8 private keys (BEGIN PRIVATE KEY) and spki public keys (BEGIN PUBLIC KEY)

importHostJWKS

function importHostJWKS(hostname)

Import all keys from a key set for a host

importURLJWKS

async function importURLJWKS(url)

Import all keys from a key set from a URL

importJWKS

async function importJWKS({ keys })

Import all keys from a key set

expiresTime

function expiresTime(durationSeconds)

Create claims that are issued now and expire in durationSeconds

expiredFraction

function expiredFraction(jwt, createdAt, now = new Date())

Return what fraction of a JWT has expired. Will be less than 0 if the JWT is not yet valid and more than 1 if it has expired. Optionally supply a createdAt Date object representing when the JWT was created. If supplied then clock skew will not affect the result. If not supplied the iat field of the JWT will by used instead. Supply a now Date object to check the expiry status of a JWT at some other point of time.

create

async function create(keys, claims)

Create a JWT using the supplied keys and claims. See first example.