npmpackage.info

ts-jose

Wrap functions of JOSE in steady interface

5.9.6

MIT

TypeScript

Installations

npm install ts-jose

Pull Requests

Open

1

Total

130

Closed

92

Merged

37

Issues

Open

0

Total

3

Closed

3

Releases

v5.9.6

Published on 21 Oct 2024

v5.9.4

Published on 12 Oct 2024

v5.9.3

Published on 23 Sept 2024

v5.9.2

Published on 15 Sept 2024

v5.9.1

Published on 14 Sept 2024

v5.8.0

Published on 27 Aug 2024

View all 98 releases

Developer

evan361425

Developer Guide

BETA

Module System

ESM

Min. Node Version

>=14

Typescript Support

Yes

Node Version

18.20.4

NPM Version

10.7.0 Statistics

3 Stars

266 Commits

1 Watching

2 Branches

1 Contributors

Updated on 21 Oct 2024

Languages

TypeScript (99.44%)

Shell (0.56%)

Total Downloads

Cumulative downloads

Total Downloads

169,755

Last day

-42.5%

1,665

Compared to previous day

Last week

0.9%

11,975

Compared to previous week

Last month

12.6%

50,787

Compared to previous month

Last year

628%

139,102

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

jose

Dev Dependencies

@types/chai @types/mocha @types/node @types/sinon @typescript-eslint/eslint-plugin @typescript-eslint/parser c8 chai eslint eslint-config-prettier eslint-plugin-mocha eslint-plugin-prettier mocha prettier sinon ts-node typescript

Versions

TS JOSE

Node Version

Wrap functions of JOSE in steady interface.

[!Note]

This package's version will FOLLOW the version of JOSE

JWT
- verify
- sign
- decrypt
- encrypt
JWS
- verify
- sign
JWE
- decrypt
- encrypt
JWK
JWKS

JWT

verify

JOSE ref

Additional options

name	Description
kid	Using specific key in `JWKS`
jti	Verify payload `jti`

1// `key` must be JWK or JWKS.
2await JWT.verify(token, key, options);
3// Use embedded key instead given one.
4await JWT.verify(token, undefined, options);

sign

Using JOSE options

name	Referrer
issuer	setIssuer
audience	setAudience
subject	setSubject
exp	setExpirationTime
jti	setJti
notBefore	setNotBefore
iat	setIssuedAt
typ	Header
kid	Header
alg	Header

Additional options

name	type	default	description
jwk	boolean	`false`	Whether embedded key to header

1await JWT.sign(payload, key, options); // key must be JWK or JWKS

decrypt

JOSE ref

Additional options

name	Description
kid	Using specific key in `JWKS`
enc	Encrypt algorithm
alg	Key management algorithm

1await JWT.decrypt(cypher, key, options);

encrypt

JOSE ref

Using JOSE options

name	Referrer
issuer	setIssuer
audience	setAudience
subject	setSubject
exp	setExpirationTime
jti	setJti
notBefore	setNotBefore
iat	setIssuedAt
typ	Header
kid	Header
enc	Header
alg	Header

1await JWT.encrypt(payload, key, options);

JWS

You can sign pure string.

verify

JOSE ref

1await JWS.verify(data, key, options);

sign

JOSE ref

Only using below JWT.sign's options:

typ
kid
alg
jwk

1await JWS.sign('some-data', key, options);

JWE

You can encrypt pure string.

decrypt

JOSE ref

Additional options

Same as JWT.decrypt

1await JWE.decrypt(cypher, key, options);

encrypt

JOSE ref

Only using below JWT.encrypt's options:

kid
alg
enc

1await JWE.encrypt('some-data', key, options);

JWK

JOSE ref

1// generate key
2const key: JWK = await JWK.generate('ES256', {
3  kid: 'some-id',
4  use: 'sig',
5  // crv: string, some algorithms need to add curve - EdDSA
6  // modulusLength: number, some algorithms need to add length - RSA
7});
8
9// object to JWK
10const key: JWK = await JWK.fromObject({
11  kid: 'some-id',
12  alg: 'ES256',
13  kty: 'EC',
14  crv: 'P-256',
15  x: '123',
16  y: '456',
17  d: '789',
18});
19
20// JWK to object
21const keyObject: JWKObject = key.toObject(false); // true to output private object, default: false
22
23// private JWK to public JWK
24const newKey: JWK = await key.toPublic();
25
26// get key's status
27key.isPrivate;
28
29// check key "id", "use", "alg"
30try {
31  // return `this` if all pass
32  key.getKey({ kid: 'some-id', use: 'sig', alg: 'ES256' });
33} catch (err) {
34  // throw error if this key has different metadata from options
35}

JWKS

1// object to JWKS
2const keys = await JWKS.fromObject({
3  keys: [
4    {
5      alg: 'ES256',
6      kty: 'EC',
7      x: '123',
8      y: '456',
9    },
10  ],
11});
12
13// get key from store in specific options
14try {
15  const key: JWK = keys.getKey({ kid: 'some-id', use: 'sig', alg: 'ES256' });
16} catch (err) {
17  // throw error if not found
18}
19const key: JWK = keys.getKeyByKid('some-id');
20const key: JWK = keys.getKeyByUse('sig');
21const key: JWK = keys.getKeyByAlg('ES256');
22const publicKeys = await keys.toPublic();

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npm.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/publish-to-npm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npm.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/publish-to-npm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-jose.yaml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/sync-jose.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/evan361425/ts-jose/test.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npm.yml:41
Warn: npmCommand not pinned by hash: .github/workflows/sync-jose.yaml:108
Warn: npmCommand not pinned by hash: .github/workflows/sync-jose.yaml:109
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:34
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:51
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 5 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

5.2

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to ts-jose

jose

5.9.6

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

node-jose

2.2.0

A JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers

@types/node-jose

1.1.13

TypeScript definitions for node-jose

jwks-rsa

3.1.0

Library to retrieve RSA public keys from a JWKS endpoint