npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lowdep/jwt-decode

v1.0.0

Published

Decode and inspect a JWT locally — header, claims, human-readable expiry — no verification, zero dependencies

Downloads

86

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lowdeplowdep

Keywords

jwtjwt-decodetokendecodeauthclidebuggingzero-dependenciesjwt decoderdecode jwtjwt.io alternativeinspect tokenjwt offlinebearer tokenjson web tokentoken expiryzero dependencies

Readme

jwt-decode (CLI)

Zero dependencies Node License: MIT Platform

Decode and inspect a JWT from your terminal — header, claims, and human-readable expiry. Zero dependencies.

The safe alternative to pasting tokens into jwt.io: this runs entirely locally, so your token never leaves your machine.

Installs the jwt-decode command. (npm package name is jwt-decode-cli because jwt-decode is an existing library.)

Install

npm install -g jwt-decode-cli

Or without installing:

npx jwt-decode-cli <token>

Usage

jwt-decode eyJhbGciOiJ...           # Decode a token
jwt-decode -f token.txt             # Read from a file
echo "$TOKEN" | jwt-decode -        # From stdin / clipboard
jwt-decode "$TOKEN" --payload       # Just the claims (JSON)
jwt-decode "$TOKEN" --json          # Full header+payload as JSON

A leading Bearer (as copied from an Authorization header) is stripped automatically.

Example Output

jwt-decode

  Header
    alg                   "HS256"
    typ                   "JWT"

  Payload
    sub                   "1234567890"          subject
    name                  "Alice"               name
    iat                   1716200000  → 2024-05-20T10:13:20.000Z   3d ago
    exp                   1716203600  → 2024-05-20T11:13:20.000Z   EXPIRED 3d ago

  Signature
    present               SflKxwRJSMeKKF2QT4fw…   43 chars
    not verified — this tool only decodes

  ● Token is EXPIRED

What It Shows

  • Header — algorithm and type, with a warning if alg=none (unsigned).
  • Payload — every claim, with standard claims annotated (iss, sub, aud, …).
  • Time claimsexp, iat, nbf are converted to ISO timestamps and a relative time (expires in 2h, EXPIRED 3d ago).
  • Signature — whether one is present and how long it is.
  • Validity — a one-line verdict: valid window / expired / not-yet-valid.

⚠ Decode ≠ Verify

This tool decodes a token — it does not verify the signature. Anyone can craft a token with any claims. Never make authorization decisions based on an unverified token; always verify the signature server-side with your secret/public key.

Options

| Flag | Description | |---|---| | -f, --file <path> | Read the token from a file | | --json | Output header + payload as JSON | | --payload | Print only the payload | | --header | Print only the header | | --raw | No color or annotations |

License

MIT

Keywords

jwt decoder · decode jwt · jwt.io alternative · inspect token · jwt offline · bearer token · json web token · token expiry · zero dependencies · cli

Built to solve, shared to help — Rushabh Shah 🛠️✨

One of 40+ zero-dependency developer CLI tools — no node_modules, ever.