Node-jsonwebtoken: Please add ES6 module/ESM support

Created on 10 Jan 2020  Â·  7Comments  Â·  Source: auth0/node-jsonwebtoken

Describe the problem you'd like to have solved

When working in a ES6 module project I would like to be able to import jsonwebtoken.

Describe the ideal solution

A specific build for ESM/ES6 Module as other projects have, like this: https://github.com/vuejs/vue/blob/dev/dist/vue.runtime.esm.js . Or entirely switch to ESM/ES6 Modules in a new major release.

Alternatives and current work-arounds

In a ESM context I know of no workarounds, except rewriting how the project exports.

Additional context

Great docs on ESM over at Mozilla: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import

Most helpful comment

node.js now lists ESM as stable: https://nodejs.org/api/esm.html#esm_ecmascript_modules - so I see no reason not to go full blown ESM. :)

All 7 comments

Seeing this as well in the browser I get: ReferenceError: exports is not defined, coming from this dependent module: node_modules\minimalistic-crypto-utils\lib\utils.js:3:1

hello friends

awhile ago i actually created my own esm version of this library, i did something like this:

  1. create a commonjs entrypoint which exports only the functionality that you need
  2. run browserify on that entrypoint to generate a bundle
  3. edit that bundle and add an esm export for that functionality you need

the horrendous downside is that the resulting es module weighed like 500 KB.. but it worked.. if i had automated that above process, i would share the result with you, but my es module version is now out of date

now, here's the thing: we need question why we want to sign or verify json web tokens on the clientside to begin with (if we're using node instead, then our esm node code can still import the cjs)

the use-case i had, was mocking: in mock mode, my clientside would generate and sign a number of mock tokens — being in development mode, the 500 KB jwt library was fine

however now, i want to abandon this complexity, so i'm thinking of ditching the browser work here, and only signing/verifying tokens (and signatures) on the node server — so today i'm thinking of re-engineering my frontend to use a build step to generate those mock tokens in node ahead of time

now, here's something you do need to do on the clientside: you need to decode tokens — luckily, the implementation for that is quite straightforward, my bdecode.ts module can do that

this all being said: i'd still consider it a win if this library was fully modernized and browser compatible

it's a little upsetting – the split between node crypto and browser webcrypto

🥃 chase

ES6 modules will probably be standard in the back-end world pretty soon as well. No need to have commonjs around if both browsers and node supports the same module systems. :)

ES6 modules will probably be standard in the back-end world pretty soon as well.

Right now, the latest node.js release line has ECMAScript modules labeled as experimental. We plan to support dual publish in the future once this matures (i.e. its stability rating reaches a satisfactory value)

Browser runtime remains out of scope for the jsonwebtoken library.

in the meantime i'll share how i solved my use-case by creating a helper package called redcrypto

  • it exposes es-modules
  • it has functions to sign/verify tokens (node only, because it internally depends on jsonwebtoken's commonjs)
  • it has functions to decode tokens (browser and node)
  • and it has mock functions mock-sign/mock-verify tokens (browser and node)

and so using the above functionality, i can sign and verify tokens in node via jsonwebtoken, and also, i've architected my frontend so that in mock mode, it uses the browser-friendly mock token sign/verify functions

Any progress on this? I tend to always use import nowadays in my application so its weird to have this library as the only dependency that still uses const.

node.js now lists ESM as stable: https://nodejs.org/api/esm.html#esm_ecmascript_modules - so I see no reason not to go full blown ESM. :)

Was this page helpful?
0 / 5 - 0 ratings

Related issues

p-brighenti picture p-brighenti  Â·  4Comments

Teebo picture Teebo  Â·  4Comments

usamamashkoor picture usamamashkoor  Â·  4Comments

salali picture salali  Â·  5Comments

shea256 picture shea256  Â·  3Comments