{"id":18821376,"url":"https://github.com/borderless/web-jwt","last_synced_at":"2025-07-27T10:41:15.733Z","repository":{"id":129334611,"uuid":"283673113","full_name":"borderless/web-jwt","owner":"borderless","description":"Small JWT library using the Web Crypto API","archived":false,"fork":false,"pushed_at":"2023-12-12T06:39:51.000Z","size":384,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-27T14:52:01.841Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/borderless.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2020-07-30T04:55:26.000Z","updated_at":"2024-05-15T15:49:19.000Z","dependencies_parsed_at":"2023-12-12T07:31:25.267Z","dependency_job_id":"5cf11e53-b6b7-4aaa-b492-9940313d16ce","html_url":"https://github.com/borderless/web-jwt","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borderless%2Fweb-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borderless%2Fweb-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borderless%2Fweb-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borderless%2Fweb-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/borderless","download_url":"https://codeload.github.com/borderless/web-jwt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248333602,"owners_count":21086200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T00:39:53.427Z","updated_at":"2025-04-14T00:32:33.923Z","avatar_url":"https://github.com/borderless.png","language":"TypeScript","readme":"# Web JWT\n\n[![NPM version][npm-image]][npm-url]\n[![NPM downloads][downloads-image]][downloads-url]\n[![Build status][build-image]][build-url]\n[![Test coverage][coverage-image]][coverage-url]\n\n\u003e Small JWT library using the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API).\n\n## Installation\n\n```sh\nnpm install @borderless/web-jwt --save\n```\n\n## Usage\n\n```js\nimport {\n  encodeJwt,\n  decodeJwt,\n  verifyJwt,\n  NOOP_JWT,\n  NONE_KEY,\n} from \"@borderless/web-jwt\";\n\n// Create a web crypto key.\nconst key = crypto.subtle.importKey(\n  \"jwk\",\n  {\n    kty: \"oct\",\n    k: \"4Vulge0qgl6janNxYmrYk-sao2wR5tpyKkh_sTLY2CQ\",\n    alg: \"HS256\",\n  },\n  { name: \"HMAC\", hash: \"SHA-256\" },\n  false,\n  [\"sign\", \"verify\"]\n);\n\n// Create a JWT and sign using the key.\nawait encodeJwt(\n  {\n    alg: \"HS256\",\n  },\n  {\n    test: true,\n  },\n  key\n); //=\u003e \"eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0Ijp0cnVlfQ.pQM0RvgTKjtAC1XmMnCK4vhgGycbg0vVLn0rsiE8BGc\"\n\n// Decode the JWT.\nconst jwt = await decodeJwt(\n  \"eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0Ijp0cnVlfQ.pQM0RvgTKjtAC1XmMnCK4vhgGycbg0vVLn0rsiE8BGc\"\n); //=\u003e { header, payload, ... }\n\n// Verify the decoded JWT _before_ trusting!\nconst valid = await verifyJwt(jwt); //=\u003e true\n```\n\n**Notes:**\n\n- `decodeJwt` will return a `NOOP_JWT` when decoding an invalid JWT. No errors are thrown on invalid data.\n- `alg: none` is only supported by using the `NONE_KEY` symbol exported by the package.\n- The JWT `alg` header is ignored and the crypto key algorithm is used instead. This avoids attacks using the `alg` header.\n\n## TypeScript\n\nThis project is written using [TypeScript](https://github.com/Microsoft/TypeScript) and publishes the definitions directly to NPM.\n\n## License\n\nMIT\n\n[npm-image]: https://img.shields.io/npm/v/@borderless/web-jwt\n[npm-url]: https://npmjs.org/package/@borderless/web-jwt\n[downloads-image]: https://img.shields.io/npm/dm/@borderless/web-jwt\n[downloads-url]: https://npmjs.org/package/@borderless/web-jwt\n[build-image]: https://img.shields.io/github/actions/workflow/status/borderless/web-jwt/ci.yml?branch=main\n[build-url]: https://github.com/borderless/web-jwt/actions/workflows/ci.yml?query=branch%3Amain\n[coverage-image]: https://img.shields.io/codecov/c/gh/borderless/web-jwt\n[coverage-url]: https://codecov.io/gh/borderless/web-jwt\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborderless%2Fweb-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fborderless%2Fweb-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborderless%2Fweb-jwt/lists"}