About Community

jsonwebtoken

9.0.0Last updated on Dec 21, 2022

JSON Web Token implementation (symmetric and asymmetric)

Used on 70 websites

hostelworld.com

opencollective.com

dashboard.fingerprint.com

quizspot.online

Top usage distribution

66

8.5.0

66

8.5.1

4

8.2.1

4

8.2.2

4

8.4.0

3

8.2.0

3

8.3.0

1

5.5.0

Vulnerabilities

MODERATEGHSA-qwph-4952-7xr6

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

>=0 <9.0.0

MODERATEGHSA-8cf7-32gw-wr33

jsonwebtoken unrestricted key type could lead to legacy keys usage

>=0 <9.0.0

HIGHGHSA-27h2-hvpr-p74q

jsonwebtoken has insecure input validation in jwt.verify function

>=0 <9.0.0

MODERATEGHSA-hjrf-2m68-5959

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

>=0 <9.0.0

CRITICALGHSA-c7hr-j4mj-j2w6

Verification Bypass in jsonwebtoken

>=0 <4.2.2

Versions

Sort by

9.0.0 Dec 21, 2022

1Website

42 KBUnpacked size

15Modules

8.5.1 Mar 18, 2019

66Websites

72 KBUnpacked size

13Modules

8.5.0 Feb 20, 2019

66Websites

71 KBUnpacked size

13Modules

8.4.0 Nov 14, 2018

4Websites

68 KBUnpacked size

12Modules

8.3.0 Jun 11, 2018

3Websites

60 KBUnpacked size

12Modules

Popular search queries

urlreact-scriptsreactlottie-apireact-helmet-async+8 packages

color-convertengine.io-clientlit-htmlweb-vitalsnext+18 packages

lodashrelay-runtimereact-queryreact-relayreact-use+50 packages

Popular packages

React is a JavaScript library for building user interfaces.

+6 634 websites

Standard library

+10 238 websites

ECMAScript extensions and shims

+10 229 websites

babel's modular runtime helpers

+8 352 websites

Lodash modular utilities.

+4 826 websites

Promise based HTTP client for the browser and node.js

+4 742 websites