Installations
npm install @cfworker/jwtDeveloper Guide
Typescript
Yes
Module System
ESM
Node Version
22.11.0
NPM Version
10.9.0
Score
73.9
Supply Chain
75.7
Quality
90.6
Maintenance
100
Vulnerability
100
License
Releases
@cfworker/web@5.0.5
Published on 14 Dec 2024
@cfworker/web@5.0.4
Published on 14 Dec 2024
@cfworker/json-schema@4.0.3
Published on 10 Dec 2024
@cfworker/web@5.0.3
Published on 10 Dec 2024
@cfworker/uuid@4.0.3
Published on 10 Dec 2024
@cfworker/jwt@7.0.3
Published on 10 Dec 2024
Contributors
Languages
TypeScript (83.39%)
JavaScript (16.61%)
Developer
Download Statistics
Total Downloads
117,096
Last Day
1
Last Week
1,163
Last Month
5,300
Last Year
53,607
GitHub Statistics
633 Stars
424 Commits
57 Forks
9 Watching
13 Branches
20 Contributors
Bundle Size
6.26 kB
Minified
2.28 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
7.0.3
Package Id
@cfworker/jwt@7.0.3
Unpacked Size
31.01 kB
Size
5.55 kB
File Count
36
NPM Version
10.9.0
Node Version
22.11.0
Publised On
10 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
117,096
Last day
-75%
1
Compared to previous day
Last week
-17.5%
1,163
Compared to previous week
Last month
10.9%
5,300
Compared to previous month
Last year
146.8%
53,607
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
7
cfworker/jwt
Tiny lib for decoding JWTs and verifying signatures, using native crypto APIs.
Currently supports RS256, RS384, and RS512.
1const jwt = request.headers.get('Authorization'); 2const issuer = '...'; // Auth0 origin. 3const audience = '...'; // Auth0 client id. 4 5const result = await parseJwt({ jwt, issuer, audience }); 6if (!result.valid) { 7 console.log(result.reason); // Invalid issuer/audience, expired, etc 8} else { 9 console.log(result.payload); // { iss, sub, aud, iat, exp, ...claims } 10}
No vulnerabilities found.
Reason
30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
Found 1/7 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.2
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More