JWT Auth Middleware Toolkit

1.0.4 verified Mon Apr 27 auth: no javascript

REWRITE: detexter-auth-kit v1.0.4 is a lightweight JWT authentication toolkit for Express.js, providing middleware and utilities for token signing, verification, and route protection. It uses the jsonwebtoken library under the hood. The package is currently in early stages with minimal configuration; future updates may include more robust options. Alternatives like express-jwt offer more features but are heavier. Release cadence is unknown.

Common errors

error TypeError: Cannot destructure property 'secret' of 'options' as it is undefined ↓

cause authMiddleware or signToken called without options object or missing secret property.

fix

Call authMiddleware({ secret: 'your-secret' }) or signToken(payload, { secret: 'your-secret' })

error Error: secretOrPrivateKey must have a value ↓

cause Secret is empty or undefined when calling signToken or verifyToken.

fix

Provide a non-empty string as secret; check environment variable is set.

error JsonWebTokenError: jwt malformed ↓

cause Token string is corrupted, not a valid JWT, or contains extra whitespace.

fix

Ensure token is exactly the JWT string; remove any extra quotes or spaces.

Warnings

breaking Package name 'detexter-auth-kit' is not the same as 'express-auth-kit' used in README imports (require("express-auth-kit") will fail). ↓

fix Use correct package name: require('detexter-auth-kit')

deprecated The secret option in signToken and authMiddleware should not be hardcoded; use environment variables. Future versions may enforce this. ↓

fix Store secret in process.env.JWT_SECRET and use it in options.

gotcha Missing token in Authorization header results in 401 with generic error message; no custom error handling. ↓

fix Implement your own error handling middleware to provide more context.

gotcha authMiddleware expects 'Authorization: Bearer <token>' header; other formats (e.g., 'token') are rejected. ↓

fix Ensure client sends 'Bearer' prefix.

Install

npm install detexter-auth-kit

yarn add detexter-auth-kit

pnpm add detexter-auth-kit

Imports

authMiddleware
wrong
```
import authMiddleware from 'detexter-auth-kit'
```
correct
```
import { authMiddleware } from 'detexter-auth-kit'
```
Named export, not default. CommonJS: const { authMiddleware } = require('detexter-auth-kit')

signToken

wrong

const signToken = require('detexter-auth-kit').signToken

correct

import { signToken } from 'detexter-auth-kit'

Named export, works in both ESM and CJS

verifyToken

wrong

import { verify } from 'detexter-auth-kit'

correct

import { verifyToken } from 'detexter-auth-kit'

Exact function name is verifyToken, not verify

Quickstart

Shows login token generation and protected route with middleware; includes secret from environment variable.

import express from 'express';
import { authMiddleware, signToken, verifyToken } from 'detexter-auth-kit';

const app = express();
app.use(express.json());

app.post('/login', (req, res) => {
  const payload = { id: 1, email: 'user@example.com' };
  const token = signToken(payload, { secret: process.env.JWT_SECRET ?? 'fallback', expiresIn: '1h' });
  res.json({ token });
});

app.get('/profile', authMiddleware({ secret: process.env.JWT_SECRET ?? 'fallback' }), (req, res) => {
  res.json({ user: req.user });
});

app.listen(3000, () => console.log('Server running on port 3000'));