npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ideascol/jwt-inspector

v0.0.5

Published

A comprehensive library for verifying JWTs (JSON Web Tokens) ensuring compliance with OWASP security recommendations. This library validates the structure, signature, and claims of JWTs, checks for secure algorithms, enforces size constraints, and ensures

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jairofg12jairofg12ideascoladminideascoladminandresferandresfer

Keywords

Readme

JWT Inspector

Version License Downloads

A comprehensive security tool for validating and auditing JSON Web Tokens (JWTs). This tool helps security professionals analyze JWT structure, signature, and claim validity to identify security issues and potential vulnerabilities.

Features

  • Comprehensive JWT structure validation
  • Thorough claims verification (iat, exp, nbf, aud, iss, etc.)
  • Signature verification with secure key validation
  • Secret key strength analysis
  • Token duration security assessment
  • Detailed audit reports with pass/fail/warning statuses
  • Both CLI and programmatic usage

Installation

# Using npm
npm install -g @ideascol/jwt-inspector

# Using bun (recommended for better performance)
bun install -g @ideascol/jwt-inspector

Usage as CLI

Validate JWT Structure

# Full command with options
jwt-inspector validate-structure -token=[YOUR_JWT_TOKEN] -secret=[YOUR_SECRET_KEY]

# Interactive mode (will prompt for inputs)
jwt-inspector validate-structure

The CLI will output a detailed audit report including:

  • Overall token validity status
  • Token size and structure analysis
  • Header validation results (algorithm, type)
  • Claims presence and validity
  • Expiration and temporal claim checks
  • Key strength assessment (when secret is provided)
  • Signature validation results (when secret is provided)

Security Recommendations

The tool provides actionable security recommendations for improving JWT security, such as:

  • Secret key length and complexity requirements
  • Token duration best practices
  • Required claims for enhanced security

Usage as Library

You can integrate JWT Inspector directly into your security applications:

import { ValidateJwt, ValidateSecretKey } from '@ideascol/jwt-inspector';

// Validate a JWT token with signature verification
const results = ValidateJwt('your.jwt.token');
console.log(results);

// Validate only the secret key strength
const keyResults = ValidateSecretKey('your-secret-key');
console.log(keyResults);

API Reference

ValidateJwt(token: string, options?: ValidateOptions): JwtAuditResult

Validates a JWT token and returns a comprehensive audit result.

  • token: The JWT token to validate
  • options: (Optional)
    • key: Secret key for signature verification
    • output: Output format ('json' or 'text')
    • keyStrengthResults: Pre-computed key strength results

ValidateSecretKey(key: string): KeyStrengthResult[]

Validates the security strength of a secret key.

  • key: The secret key to validate
  • Returns: Array of validation results with security assessments

Result Structure

interface JwtAuditResult {
  auditTimestamp: string;     // ISO timestamp when the audit was performed
  isValid: boolean;           // Overall validity of the token
  results: ValidationResult[]; // Detailed validation results
  errors: string[];           // Critical errors found during validation
  warnings: string[];         // Security warnings and recommendations
}

Security Best Practices

When using JWTs in your applications, follow these security best practices:

  1. Use strong secret keys (32+ characters with mixed case, numbers, and special characters)
  2. Set reasonable expiration times (shorter is better)
  3. Include all standard claims (iss, aud, sub, jti)
  4. Always verify signatures in production environments
  5. Use the 'nbf' (Not Before) claim to prevent token use before a specified time

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Developed by IdeasCol Digital Security Team - Protecting applications through advanced security tooling.