{"id":26009969,"url":"https://github.com/byu-oit/byu-jwt-nodejs","last_synced_at":"2026-04-06T23:01:20.977Z","repository":{"id":37848095,"uuid":"53072628","full_name":"byu-oit/byu-jwt-nodejs","owner":"byu-oit","description":"This package provides helpful functions for validating and using BYU's JWTs.","archived":false,"fork":false,"pushed_at":"2025-11-14T14:44:18.000Z","size":941,"stargazers_count":1,"open_issues_count":7,"forks_count":0,"subscribers_count":29,"default_branch":"main","last_synced_at":"2025-12-04T10:19:23.985Z","etag":null,"topics":["auth","fastify-jwt","jwt"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byu-oit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-03T18:16:43.000Z","updated_at":"2025-08-05T22:28:16.000Z","dependencies_parsed_at":"2024-06-20T23:22:09.403Z","dependency_job_id":"ba019bdf-6705-4152-90f0-7f5bf4f88fa5","html_url":"https://github.com/byu-oit/byu-jwt-nodejs","commit_stats":{"total_commits":174,"total_committers":16,"mean_commits":10.875,"dds":0.7413793103448276,"last_synced_commit":"56ca84a4358b414b0d6f98198570db541b4f5d72"},"previous_names":[],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/byu-oit/byu-jwt-nodejs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byu-oit%2Fbyu-jwt-nodejs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byu-oit%2Fbyu-jwt-nodejs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byu-oit%2Fbyu-jwt-nodejs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byu-oit%2Fbyu-jwt-nodejs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byu-oit","download_url":"https://codeload.github.com/byu-oit/byu-jwt-nodejs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byu-oit%2Fbyu-jwt-nodejs/sbom","scorecard":{"id":260500,"data":{"date":"2025-08-11","repo":{"name":"github.com/byu-oit/byu-jwt-nodejs","commit":"d3cfce03f14030e95aa2bfe679cc303f2b6c0553"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Code-Review","score":3,"reason":"Found 11/30 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":6,"reason":"7 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yml:29","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish.yml:30","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:111","Info: jobLevel 'packages' permission set to 'read': .github/workflows/publish.yml:112","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yml:162","Info: jobLevel 'actions' permission set to 'read': .github/workflows/publish.yml:163","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/byu-oit/byu-jwt-nodejs/publish.yml/main?enable=pin","Info:   0 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   5 out of   5 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: 'allow deletion' enabled on branch 'main'","Warn: 'force pushes' enabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":2,"reason":"SAST tool is not run on all commits -- score normalized to 2","details":["Warn: 4 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T10:44:02.629Z","repository_id":37848095,"created_at":"2025-08-17T10:44:02.630Z","updated_at":"2025-08-17T10:44:02.630Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31489493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","fastify-jwt","jwt"],"created_at":"2025-03-05T22:26:41.743Z","updated_at":"2026-04-06T23:01:20.924Z","avatar_url":"https://github.com/byu-oit.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Packages\n\nThis repository hosts the following Node.js packages for API development at BYU OIT:\n\n- [@byu-oit/jwt](./packages/jwt/README.md)\n- [@byu-oit/fastify-jwt](./packages/fastify/README.md)\n\nThe documentation and source code for previous versions of the byu-jwt package are found on\nthe [v3 branch](https://github.com/byu-oit/byu-jwt-nodejs/tree/v3) in this repository.\n\n\u003e **Note**\n\u003e **Requires Node.js \u003e= v18 *OR* a fetch polyfill such as [node-fetch](https://www.npmjs.com/package/node-fetch#providing-global-access).**\n\n# Contributing\n\nThis project uses [Lerna](https://lerna.js.org) with [Nx](https://nx.dev) to build, test, and lint the source code.\nPlease consult their documentation when making modifications to the maintenance process of this project.\n\nThere are a few commands that most of the packages share:\n\n- **build**: Compile the distribution code\n- **lint**: Lint the source code\n- **test**: Test the source code with [Ava](https://avajs.dev)\n\nIf you notice a problem, please submit an issue or create a PR with the fix!\n\n## Committing\n\nCommit messages must adhere to\nthe [angular conventional commit standard](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum).\n[`commitlint`](https://github.com/conventional-changelog/commitlint) will enforce commit messages to follow this\nstandard. Following a commit standard enables our distribution pipeline to publish new versions of each package\nautomatically.\n\n## Building\n\nThis library exposes files in\n[both CJS and ESM syntax](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c) in order to accommodate\nbrowser environments and legacy Node.js applications. CJS support may be dropped in the future but is supported for the\ntime being.\n\nThere are two ways that we know of to support both CJS and ESM syntax:\n\n1. Create a localized `package.json` file in each packages' `cjs` directory with the contents `{ type: 'commonjs' }`.\n   This effectively overwrites the package's own `package.json` which is set to `module`.\n\n   Node Resolution\n   Algorithm: [See ESM_FILE_FORMAT](https://nodejs.org/dist/latest-v18.x/docs/api/esm.html#resolver-algorithm-specification)\n\n   ESM \u0026 CommonJS Module Tutorial: https://www.sensedeep.com/blog/posts/2021/how-to-create-single-source-npm-module.html\n\n2. Use a tool such as [unbuild](https://github.com/unjs/unbuild) which outputs files with the `.cjs` and `.mjs`\n   extensions.\n\n   Example of Using `unbuild`: https://github.com/unjs/radix3/blob/main/package.json\n\n   MDN Docs: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules\n\nThis library uses the first method for two reasons:\n\n1. Some tools may never support the `.mjs` extension\n2. `(package.json).type` is more deterministic since the resolution algorithm is built into node and bundlers.\n\n## Testing\n\nThe choice to use [Ava](https://avajs.dev) was made because it\n\n1. supports TypeScript and ESM out of the box\n2. parallelizes tests in separate environments making ava typically faster\n3. does not mutate Node.js globals like Jest\n4. follows a similar convention as the node test runner which we may eventually adopt\n\nRunning tests requires building the source code first, which should be handled for you by lerna.\n\nFrom the root of the project you can run:\n\n```shell\nnpm test\n```\n\n\u003e **Note**\n\u003e There is a bug in Node.js Worker threads which requires us to use the `--no-worker-threads` flag when running tests.\n\u003e Even with that flag enabled, some tests run into this bug. There isn't a bug report for the issue yet\n\u003e (See [this discussion](https://github.com/avajs/ava/discussions/3191#discussioncomment-5571590)).\n\n## Publishing\n\nMerging changes into the `main` branch will automatically update the version of each package, publish the package, and\npublish the changelog according to the [commit messages](#Committing).\n\nMerging changes into the `beta` branch will trigger the same GitHub workflow but the `beta` prefix will be prepended to\nthe new versions published.\n\nThe `publish` workflow was heavily inspired by the\narticle [\"Automatic versioning in a Lerna monorepo using Github actions\"](https://dev.to/xcanchal/automatic-versioning-in-a-lerna-monorepo-using-github-actions-4hij)\nby [Xavier Canchal](https://dev.to/xcanchal) :clap:.\n\n## Documentation \u0026 Linting\n\nWriting SDKs with [TypeScript](https://www.typescriptlang.org/) and [TSDocs](https://tsdoc.org/) provides consumers with\nthe code and documentation all from their development environments. To that end, running the linter without documenting\ncode with TSDocs style documentation (similar to JSDocs or JavaDocs), will return a non-zero exit code.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyu-oit%2Fbyu-jwt-nodejs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyu-oit%2Fbyu-jwt-nodejs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyu-oit%2Fbyu-jwt-nodejs/lists"}