Gathering detailed insights and metrics for jwk-to-pem
Gathering detailed insights and metrics for jwk-to-pem
Convert a json web key to a PEM for use by OpenSSL or crytpo
Installations
npm install jwk-to-pemDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
22.11.0
NPM Version
10.9.0
Score
99.4
Supply Chain
90.3
Quality
76.6
Maintenance
100
Vulnerability
100
License
Releases
3
Languages
1
JavaScript
JavaScript (100%)
Developer
Brightspace
Download Statistics
Total Downloads
160,668,002
Last Day
57,389
Last Week
952,733
Last Month
4,158,364
Last Year
44,862,963
GitHub Statistics
Apache-2.0 License
152 Stars
103 Commits
31 Forks
6 Watchers
6 Branches
16 Contributors
Updated on Apr 07, 2025
Bundle Size
161.22 kB
Minified
55.47 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.0.7
Package Id
jwk-to-pem@2.0.7
Unpacked Size
22.02 kB
Size
7.54 kB
File Count
11
NPM Version
10.9.0
Node Version
22.11.0
Published on
Nov 25, 2024
Total Downloads
Cumulative downloads
Total Downloads
160,668,002
Last Day
4.4%
57,389
Compared to previous day
Last Week
-5.4%
952,733
Compared to previous week
Last Month
0.5%
4,158,364
Compared to previous month
Last Year
13.7%
44,862,963
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
jwk-to-pem
Convert a json web key to a PEM for use by OpenSSL or crypto.
Install
1npm install jwk-to-pem --save
Usage
1var jwkToPem = require('jwk-to-pem'), 2 jwt = require('jsonwebtoken'); 3 4var jwk = { kty: 'EC', crv: 'P-256', x: '...', y: '...' }, 5 pem = jwkToPem(jwk); 6 7jwt.verify(token, pem);
Support
| key type | support level |
|---|---|
| RSA | all RSA keys |
| EC | P-256, P-384, and P-521 curves |
API
jwkToPem(Object jwk[, Object options]) -> String
The first parameter should be an Object representing the jwk, it may be public or private. By default, either of the two will be made into a public PEM. The call will throw if the input jwk is malformed or does not represent a valid key.
Option: private Boolean (false)
You may optionally specify that you would like a private PEM. This can be done
by passing true to the private option. The call will throw if the necessary
private parameters are not available.
Contributing
-
Fork the repository. Committing directly against this repository is highly discouraged.
-
Make your modifications in a branch, updating and writing new unit tests as necessary in the
specdirectory. -
Ensure that all tests pass with
npm test -
rebaseyour changes against master. Do not merge. -
Submit a pull request to this repository. Wait for tests to run and someone to chime in.
Code Style
This repository is configured with EditorConfig and ESLint rules.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'
- Warn: 'stale review dismissal' is disabled on branch 'master'
- Warn: required approving review count is 1 on branch 'master'
- Info: codeowner review is required on branch 'master'
- Warn: 'last push approval' is disabled on branch 'master'
- Warn: 'up-to-date branches' is disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
Found 8/26 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yaml:36
- Warn: no topLevel permission defined: .github/workflows/build.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Brightspace/node-jwk-to-pem/build.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Brightspace/node-jwk-to-pem/build.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/Brightspace/node-jwk-to-pem/build.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Brightspace/node-jwk-to-pem/build.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build.yaml:27
- Warn: npmCommand not pinned by hash: .github/workflows/build.yaml:47
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Score
4.1
/10
Last Scanned on 2025-06-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More