npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

rei-jwt

v2.0.1

Published

Fastest access and refresh JWT

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

eve06eve06

Keywords

jwtauthorizationauthenticationjsonwebtokenexpresshttpbackend

Readme

Rei JWT

Fastest access and refresh JWT

Short description

This module provides simple API to fully manage access and refresh tokens in your application.

It is based on native http module, so it doesn't depend on express.

Installation

npm i rei-jwt

Example Usage with express & typescript

import { ReiJwt, ReiJwtExtractor, ReiJwtSender } from "rei-jwt";
import express from "express";

// your payload type
interface UserPayload {
  id: number;
  name: string;
}

// configuration
const reiJwt = new ReiJwt<UserPayload>({
  secret: "YOUR_SECRET_KEY",
  extractor: ReiJwtExtractor.fromAuthHeaderAsBearerToken(),
  sender: ReiJwtSender.toBody(),
  accessTokenOptions: {
    signOptions: { algorithm: "HS256", expiresIn: "5m" },
    verifyOptions: { algorithms: ["HS256"] },
  },
  refreshTokenOptions: {
    signOptions: { algorithm: "HS256", expiresIn: "12h" },
    verifyOptions: { algorithms: ["HS256"] },
  },
});

const app = express();

app.use(express.json());

// test protected page
app.get("/", reiJwt.middleware(), (req, res) => {
  // getting payload
  const payload = reiJwt.getPayload(req);
  // or use a static method if you don't want to use the instance
  // const payload = ReiJwt.getPayload<UserPayload>(req);

  res.json(payload);
});

// test sign in page
app.get("/sign", (req, res) => {
  // user authorization logic...
  const user: UserPayload = {
    id: 999,
    name: "Jane",
  };

  reiJwt.signAndSend(user, res);
  // or you can send tokens yourself
  // const tokenPair = reiJwt.sign(user);
  // res.json(tokenPair)
});

// token refresh page
app.get("/refresh", reiJwt.refresher());

app.listen(3000, () => {
  console.log("server is running...");
});

Extractors

There are two built-in extractors:

  • ReiJwtExtractor.fromCookie
  • ReiJwtExtractor.fromAuthHeaderAsBearerToken

If you want to make your own, just implement IReiJwtExtractor interface

Senders

There are two built-in senders:

  • ReiJwtSender.toBody(BodySenderOptions)
  • ReiJwtSender.toCookie(CookieSenderOptions)

They both can be configured.

Body Sender

interface BodySenderOptions {
  /**
   * Function for formatting token pair
   * as you want
   * @param {TokenPair} tokenPair
   * @returns {string}
   * @default (tokenPair) => JSON.stringify(tokenPair)
   */
  formatFunction?: (tokenPair: TokenPair) => string;

  /**
   * Content-Type header value
   * @default "application/json"
   */
  contentType?: string;
}

Cookie sender

interface CookieSenderOptions {
  /**
   * Max age for access token cookie
   * @default "10m"
   */
  accessTokenMaxAge?: ms.StringValue;

  /**
   * Max age for refresh token cookie
   * @default "24h"
   */
  refreshTokenMaxAge?: ms.StringValue;

  /**
   * Display debug messages?
   * @default false
   */
  debug?: boolean;

  /**
   * Allow only https cookies?
   * @default false
   */
  secure?: boolean;

  /**
   * If true, cookies cannot be accessed
   * from javascript on client side
   * @default true
   */
  httpOnly?: boolean;

  /**
   * Path for cookies
   * @default "/"
   */
  path?: string;

  /**
   * SameSite rule for cookies
   * @default "Strict"
   */
  sameSite?: "None" | "Strict" | "Lax";

  /**
   * Domain for cookies
   * @default undefined
   */
  domain?: string;
}

If you want to make your own token sender, just implement IReiJwtSender interface

TODO

  • improve debugging mode
  • make a client version of this (for vue/react)

Changelog

v1.0.0 - v.1.0.2

  • idk some patches

MAJOR v2.0.0

  • sending and extracting logic were divided, now you should manually provide "sender" and "extractor" in configuration
  • more jsdocs added