npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

yajwt

v1.5.5

Published

yet another json web token library

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

simon-p-rsimon-p-r

Keywords

Readme

yajwt

Greenkeeper badge build status Current Version dependency Status devDependency Status Coveralls

An implementation of JSON Web Tokens.

This was developed against draft-ietf-oauth-json-web-token-08. It makes use of node-jws and has heavily used jsonwebtoken module as inspiration

Install

$ npm install yajwt

Usage

jwt.sign(options, [callback])

(Asynchronous) Callback has err, JWT string signature

jwt.signSync(options)

(Synchronous) Returns an object with an error(on failure) and token property (on success)

options:

  • header object with following properties
    • alg default: RS256
    • typ default 'JWT', this is only accepted value for this property
  • payload: object with the following properties
    • aud: string - audience of token
    • exp: number ms since EPOCH or a string describing a time duration added to seconds since EPOCH rauchg/ms. Eg: 60, "2 days", "10h", "7d" or Moment formats types ['DD-MM-YYYY', 'DD-MM-YY', 'DD/MM/YYYY', 'DD/MM/YY']
    • iat: same as above, defaults to the time payload is signed. If duration is used the value is added to Date.now()
    • iss: string - issuer of token
    • jti: string - unique identity of token
    • nbf: same as exp
    • sub: string - describing subject of token
  • privateKey: string or buffer of private key to sign token

All timestamp related fields if a number are coerced into seconds from ms.

Additional custom header properties can be provided via the header object.

Example


const jwt = require('yajwt');

// read key for signing
const key = fs.readFileSync('private.pem');  
const signed = jwt.signSync({ header: { alg: 'HS256' }, payload: {aud: 'private'}, privateKey: key });
console.log(signed.token); /// prints JWT string


// sign asynchronously
jwt.sign({ header: { alg: 'HS256' }, payload: {aud: 'private'}, privateKey: key }, (err, token) => {
  console.log(err, token);
});

jwt.verify(options, callback)

(Asynchronous) Callback has err, decoded JWT signature

jwt.verifySync(options)

(Synchronous) Returns true or false depending on whether token can be verified as valid

options

  • algorithms default: RS256.
  • signature json string to verify
  • publicKey: is a string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
// verify a token asymmetric
const publicKey = fs.readFileSync('public.pem');  // get public key

const valid = jwt.verifySync(token, publicKey);
console.log(valid) // true

// verify a token symmetric
jwt.verify({signature: jsonString, algorithm: 'HS256',  publicKey: publicKey}, (err, decoded) => {
  console.log(err) // null
  console.log(decoded) // decoded token meaning payload verified
});

Todo

  • improve error handling for missing callback on async funcs