npmpackage.info

Gathering detailed insights and metrics for jwt-simple

Other packages similar to jwt-simple

@types/jwt-simple

0.5.36

TypeScript definitions for jwt-simple

@delon/auth

19.2.0

Simple user authentication, support Json Web Token & Simple Token.

simple-jwt-auth

0.11.1

A simple, convenient, and safe interface for interacting with JSON Web Tokens (JWTs) for authentication and authorization

jwt-service

11.0.2

A simple wrapper for a simpler JWT surface API

Gathering detailed insights and metrics for jwt-simple

jwt-simple - 0.5.6 | npmpackage.info

jwt-simple

JWT(JSON Web Token) encode and decode module for node.js

0.5.6

1,361

MIT

JavaScript

957.00 B

71,349,855 2.4

Installations

npm install jwt-simple

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>= 0.4.0

Node Version

10.15.1

NPM Version

6.4.1 Score

99.9

Supply Chain

Quality

75.6

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

7

Total

46

Closed

16

Merged

23

Issues

Open

27

Total

60

Closed

33

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

hokaccha

Download Statistics

Total Downloads

71,349,855

Last Day

11,703

Last Week

225,204

Last Month

966,182

Last Year

10,637,755

GitHub Statistics

MIT License

1,361 Stars

82 Commits

135 Forks

31 Watchers

1 Branches

20 Contributors

Updated on Jul 04, 2025

Bundle Size

1.99 kB

Minified

957.00 B

Minified + Gzipped

Bundlephobia

Maintainers

View All 20 Contributors

Package Meta Information

Latest Version

0.5.6

Package Id

jwt-simple@0.5.6

Size

3.63 kB

NPM Version

6.4.1

Node Version

10.15.1

Published on

Mar 30, 2019

Total Downloads

Cumulative downloads

Total Downloads

71,349,855

Last Day

5.3%

11,703

Compared to previous day

Last Week

-7.4%

225,204

Compared to previous week

Last Month

966,182

Compared to previous month

Last Year

0.3%

10,637,755

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

expect.js istanbul mocha

jwt-simple

JWT(JSON Web Token) encode and decode module for node.js.

Install

$ npm install jwt-simple

Usage

1var jwt = require('jwt-simple');
2var payload = { foo: 'bar' };
3var secret = 'xxx';
4
5// HS256 secrets are typically 128-bit random strings, for example hex-encoded:
6// var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex')
7
8// encode
9var token = jwt.encode(payload, secret);
10
11// decode
12var decoded = jwt.decode(token, secret);
13console.log(decoded); //=> { foo: 'bar' }

decode params

1/*
2 * jwt.decode(token, key, noVerify, algorithm)
3 */
4
5// decode, by default the signature of the token is verified
6var decoded = jwt.decode(token, secret);
7console.log(decoded); //=> { foo: 'bar' }
8
9// decode without verify the signature of the token,
10// be sure to KNOW WHAT ARE YOU DOING because not verify the signature
11// means you can't be sure that someone hasn't modified the token payload
12var decoded = jwt.decode(token, secret, true);
13console.log(decoded); //=> { foo: 'bar' }
14
15// decode with a specific algorithm (not using the algorithm described in the token payload)
16var decoded = jwt.decode(token, secret, false, 'HS256');
17console.log(decoded); //=> { foo: 'bar' }

Algorithms

By default the algorithm to encode is HS256.

The supported algorithms for encoding and decoding are HS256, HS384, HS512 and RS256.

1// encode using HS512
2jwt.encode(payload, secret, 'HS512')

Critical

0/10

Summary

Forgeable Public/Private Tokens in jwt-simple

Affected Versions

< 0.3.1

Patched Versions

0.3.1

High

0/10

Summary

Signature Verification Bypass in jwt-simple

Affected Versions

< 0.5.3

Patched Versions

0.5.3

Moderate

0/10

Summary

Withdrawn

Affected Versions

< 0.3.1

Patched Versions

0.3.1

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

5

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

2.4

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More