express-jwt
JSON →Express middleware for validating JWTs (JSON Web Tokens) via the jsonwebtoken library. As of v8.5.1, it supports async secret retrieval, token revocation checks, and a customizable request property (default `req.auth`). It is fully typed (TypeScript) and ESM/CJS compatible. Key differentiators: built-in `.unless()` for path exclusion, optional `credentialsRequired` for public endpoints, and all jsonwebtoken verify options (audience, issuer, clockTolerance, etc.). However, v7→v8 introduced several breaking changes: the exported function is now `expressjwt` (not `jwt`), the request property changed from `req.user` to `req.auth`, and `algorithms` is now required to prevent downgrade attacks. The package is maintained by Auth0 with quarterly releases.
Traffic · last 30 days ↑10% vs prev 7d
top countries 🇺🇸 United States · 🇸🇬 Singapore · 🇨🇦 Canada · 🇩🇪 Germany · 🇪🇸 Spain