"JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno.
The following specifications are implemented by
jose
The test suite utilizes examples defined in RFC7520 to confirm its JOSE implementation is correct.
example ESM import
import * as jose from 'jose'
example CJS require
const jose = require('jose')
example Deno import
import * as jose from 'https://deno.land/x/jose/index.ts'
|Version
|Security Fixes 🔑
|Other Bug Fixes 🐞
|New Features ⭐
|4.x.x
|✅
|✅
|✅
|3.x.x
|✅
|✅ until 2022-04-30
|❌
|2.x.x
|✅
|✅ until 2022-04-30
|❌
|1.x.x
|✅
|❌
|❌
Yes. All module's public API is subject to Semantic Versioning 2.0.0.
jws,
jwa or
jsonwebtoken?
node-jose?
node-jose is built to work in any javascript runtime, to be able to do that it packs a lot of
polyfills and javascript implementation code in the form of
node-forge, this significantly increases the footprint
of the modules with dependencies that either aren't ever used or have native implementation available
in the runtime already, those are often times faster and more reliable.
Uint8Array is a valid input, so is
Buffer since buffers are instances of Uint8Array.
Uint8Array is returned and you want a
Buffer instead, use
Buffer.from(uint8array).
Yes the bundle size is on the larger side, that is because each module is actually published multiple times so that it can remain truly without dependencies and be universal / isomorphic.
Nevertheless, since each module can be required independently and is fully tree-shakeable, the install size should not be a cause for concern.