JSON Web Token implementation for Node.js.
Fix typo
Merge pull request #6 from onelastjedi/dev
Merge branch 'dev'


browse  log 



You can also use your local clone with git send-email.

bundle size version downloads


JavaScript library to sign and verify JSON Web Tokens in it's simplest form. Has no dependencies.


If you use npm, npm install @onelastjedi/node-jwt. You can also download the latest release on GitHub.


import jwt from '@onelastjedi/node-jwt'

const secret = process.env.__SECRET__

const data = {
  exp: Math.floor(Date.now() / 1000) + 60 * 60,
  user: { id: 1, name: 'Mary' }

jwt.sign(data, secret) // eyJhbGc.....
jwt.verify(token, secret)
    alg: 'HS256',
    typ: 'JWT',
    user: { id: 1, name: 'Mary' },
    iat: ...,
    exp: ...,


#jwt.sign(body, secret, [alg])

Generated JWT will include an iat (issued at) claim by default. For expiration claim (exp) simply add it to payload. Default signature is HS256.

const exp = Math.floor(Date.now() / 1000) + 60
const token = jwt.sign({ foo: 'bar', exp: exp }, secret, 'HS384')
#jwt.verify(token, secret)

The result of this transformation will be a decrypted body. Possible thrown errors during verification.

const data = jwt.verify(token, secret)


TokenExpiredError: if the token is expired.

SignatureInvalidError: if the signature is invalid.

#Algorithms supported

Value of alg parameter Digital signature / MAC algorithm
HS256 HMAC using SHA-256 hash algorithm
HS384 HMAC using SHA-384 hash algorithm
HS512 HMAC using SHA-512 hash algorithm