Installations
npm install @perlboy/cfworker-jwtDeveloper Guide
Typescript
Yes
Module System
CommonJS
Node Version
16.14.2
NPM Version
8.5.0
Score
71
Supply Chain
75.1
Quality
75.5
Maintenance
100
Vulnerability
100
License
Releases
@cfworker/web@5.0.5
Published on 14 Dec 2024
@cfworker/web@5.0.4
Published on 14 Dec 2024
@cfworker/json-schema@4.0.3
Published on 10 Dec 2024
@cfworker/web@5.0.3
Published on 10 Dec 2024
@cfworker/uuid@4.0.3
Published on 10 Dec 2024
@cfworker/jwt@7.0.3
Published on 10 Dec 2024
Contributors
Languages
TypeScript (83.39%)
JavaScript (16.61%)
Developer
Download Statistics
Total Downloads
1,175
Last Day
1
Last Week
2
Last Month
12
Last Year
161
GitHub Statistics
633 Stars
424 Commits
57 Forks
9 Watching
13 Branches
20 Contributors
Bundle Size
6.52 kB
Minified
2.42 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
3.0.8
Package Id
@perlboy/cfworker-jwt@3.0.8
Unpacked Size
27.96 kB
Size
6.43 kB
File Count
30
NPM Version
8.5.0
Node Version
16.14.2
Total Downloads
Cumulative downloads
Total Downloads
1,175
Last day
0%
1
Compared to previous day
Last week
0%
2
Compared to previous week
Last month
9.1%
12
Compared to previous month
Last year
-54.5%
161
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
6
cfworker/jwt
Tiny lib for decoding JWTs and verifying signatures, using native crypto APIs.
Currently supports RS256, RS384, and RS512.
1const jwt = request.headers.get('Authorization'); 2const issuer = '...'; // Auth0 origin. 3const audience = '...'; // Auth0 client id. 4 5const result = await parseJwt(jwt, issuer, audience); 6if (!result.valid) { 7 console.log(result.reason); // Invalid issuer/audience, expired, etc 8} else { 9 console.log(result.payload); // { iss, sub, aud, iat, exp, ...claims } 10}
No vulnerabilities found.
Reason
30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cfworker/cfworker/release.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
Found 1/7 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.2
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More