npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

jsonwebtoken-parser

v1.0.5

Published

Simple JWT parser and validator

Downloads

50

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ivan_devxivan_devx

Keywords

jwtdecodervalidatortokenjson web tokenjwt toolkit

Readme

cat > README.md << 'EOF'

JWT Parser

A lightweight JavaScript library for parsing, validating, and working with JSON Web Tokens (JWTs). Supports easy access to claims, headers, and signature verification.

Installation

npm i jsonwebtoken-parser

Importing

import { Jwt } from "jsonwebtoken-parser";

Basic Usage

const tokenString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ...";

// Using destructuring
const { headers, claims, parsed, signature, validate } = new Jwt(tokenString);

// OR
const jwt = new Jwt(tokenString);

Accessing JWT Headers and Claims

JWT headers and claims are accessible as Map objects for convenience:

// Get specific claims
const sub = claims.get('sub'); // Example: "1234567890"
const typ = headers.get('typ'); // Example: "JWT"

// Check if a claim exists
const hasExp = claims.has('exp'); // true or false

⚠️ Note: Always check for existence before accessing claims to avoid undefined values.

Validating JWT Claims

The validate object provides several useful methods for checking token validity:

// Check if the token has expired
const isExpired = validate.isExpired(); // true/false

// Check if the token relates to a specific subject
const isRelatedTo = validate.isRelatedTo(sub); // true/false

// Check if the token was issued by a specific issuer
const hasBeenIssuedBy = validate.hasBeenIssuedBy('https://example.com'); // true/false

The validate object currently supports expiration, issuer, subject, and other common JWT checks. Additional custom validations can be added as needed.

Accessing the Signature

console.log("Signature (hex):", signature);

The signature is provided as a hexadecimal string, useful for manual verification or debugging.

Full Decoded Object

You can inspect the entire decoded JWT:

console.log("Full decoded object:", parsed);

parsed contains:

{
    headers: {...},
    claims: {...},
    signature: "abcdef1234...",
}

Notes

  • This library does not support JWE (encrypted JWTs). Only standard JWTs (JWS) are supported.
  • Headers and claims are returned as Map objects, which makes checking and accessing keys simple.
  • For secure usage, always verify the signature on the backend before trusting the claims. EOF

Author

Ivan Macabontoc

🪪 License

This project is licensed under the MIT License.