{"library":"express-jwt","type":"library","category":null,"description":"Express middleware for validating JWTs (JSON Web Tokens) via the jsonwebtoken library. As of v8.5.1, it supports async secret retrieval, token revocation checks, and a customizable request property (default `req.auth`). It is fully typed (TypeScript) and ESM/CJS compatible. Key differentiators: built-in `.unless()` for path exclusion, optional `credentialsRequired` for public endpoints, and all jsonwebtoken verify options (audience, issuer, clockTolerance, etc.). However, v7→v8 introduced several breaking changes: the exported function is now `expressjwt` (not `jwt`), the request property changed from `req.user` to `req.auth`, and `algorithms` is now required to prevent downgrade attacks. The package is maintained by Auth0 with quarterly releases.","language":"javascript","status":"active","version":"8.5.1","tags":["javascript","auth","authn","authentication","authz","authorization","http","jwt","token","typescript"],"last_verified":"Wed May 27","install":[{"cmd":"npm install express-jwt","imports":["import { expressjwt } from 'express-jwt'","import { ExpressJwtRequest as RequestWithAuth } from 'express-jwt'","import type { GetVerificationKey } from 'express-jwt'"]},{"cmd":"yarn add express-jwt","imports":[]},{"cmd":"pnpm add express-jwt","imports":[]}],"homepage":null,"github":"https://github.com/auth0/express-jwt","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/express-jwt","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/express-jwt/compatibility"}}