3.1.3

.github/workflows/publish.yml

@@ -1,5 +1,4 @@
 name: Publish
-run-name: Publish ${{ github.ref_name }}
 
 on:
   release:
@@ -14,27 +13,18 @@ jobs:
         with:
           node-version: latest
           registry-url: https://registry.npmjs.org/
-
       - name: Install dependencies
         run: npm ci
-
-      - name: Run tests
-        run: npm test
-
       - name: Build
         run: npm run build
-
       - name: Publish to npmjs
+        run: npm publish --tag latest --access public
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
-        run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public
-
       - uses: actions/setup-node@v3
         with:
-          node-version: latest
           registry-url: https://npm.pkg.github.com/
-
       - name: Publish to GPR
+        run: npm publish --tag latest --access public
         env:
           NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public

.github/workflows/release.yml

@@ -1,31 +0,0 @@
-name: Release
-run-name: Release ${{ github.ref_name }}
-
-on:
-  push:
-    tags:
-    - 'v*'
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: latest
-          registry-url: https://registry.npmjs.org/
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run tests
-        run: npm test
-
-      - name: Build
-        run: npm run build
-
-      - name: Create release
-        run: gh release create ${{ github.ref_name }} --draft ${{ contains(github.ref_name, '-') && '--prerelease --latest=false' || '--latest' }}
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -15,12 +15,7 @@ jobs:
         with:
           node-version: latest
           registry-url: https://registry.npmjs.org/
-
       - name: Install dependencies
         run: npm ci
-
       - name: Run tests
         run: npm test
-
-      - name: Build
-        run: npm run build

README.md

@@ -24,9 +24,8 @@ npm i @tsndr/cloudflare-worker-jwt
 ### Basic Example
 
 ```typescript
-import jwt from "@tsndr/cloudflare-worker-jwt"
-
 async () => {
+    import jwt from "@tsndr/cloudflare-worker-jwt"
 
     // Create a token
     const token = await jwt.sign({
@@ -53,9 +52,8 @@ async () => {
 ### Restrict Timeframe
 
 ```typescript
-import jwt from "@tsndr/cloudflare-worker-jwt"
-
 async () => {
+    import jwt from "@tsndr/cloudflare-worker-jwt"
 
     // Create a token
     const token = await jwt.sign({

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "3.1.7",
+  "version": "3.1.3",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
   "type": "module",
   "exports": "./index.js",
@@ -30,10 +30,10 @@
   },
   "homepage": "https://github.com/tsndr/cloudflare-worker-jwt#readme",
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20250525.0",
+    "@cloudflare/workers-types": "^4.20240925.0",
-    "@edge-runtime/vm": "^5.0.0",
+    "@edge-runtime/vm": "^4.0.3",
-    "esbuild": "^0.25.4",
+    "esbuild": "^0.24.0",
-    "typescript": "^5.8.3",
+    "typescript": "^5.6.2",
-    "vitest": "^3.1.4"
+    "vitest": "^2.1.1"
   }
 }

src/index.ts

@@ -1,7 +1,7 @@
 import {
-    textToUint8Array,
+    textToArrayBuffer,
     arrayBufferToBase64Url,
-    base64UrlToUint8Array,
+    base64UrlToArrayBuffer,
     textToBase64Url,
     importKey,
     decodePayload
@@ -143,7 +143,7 @@ const algorithms: JwtAlgorithms = {
  * @throws If there"s a validation issue.
  * @returns Returns token as a `string`.
  */
-export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKeyWithKid | CryptoKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
+export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKey | CryptoKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
     if (typeof options === "string")
         options = { algorithm: options }
 
@@ -169,7 +169,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
     const partialToken = `${textToBase64Url(JSON.stringify({ ...options.header, alg: options.algorithm }))}.${textToBase64Url(JSON.stringify(payload))}`
 
     const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["sign"])
-    const signature = await crypto.subtle.sign(algorithm, key, textToUint8Array(partialToken))
+    const signature = await crypto.subtle.sign(algorithm, key, textToArrayBuffer(partialToken))
 
     return `${partialToken}.${arrayBufferToBase64Url(signature)}`
 }
@@ -183,7 +183,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
  * @throws Throws integration errors and if `options.throwError` is set to `true` also throws `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`.
  * @returns Returns the decoded token or `undefined`.
  */
-export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKeyWithKid | CryptoKey, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> {
+export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKey | CryptoKey, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> {
     if (typeof options === "string")
         options = { algorithm: options }
     options = { algorithm: "HS256", clockTolerance: 0, throwError: false, ...options }
@@ -225,7 +225,7 @@ export async function verify<Payload = {}, Header = {}>(token: string, secret: s
 
         const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["verify"])
 
-        if (!await crypto.subtle.verify(algorithm, key, base64UrlToUint8Array(tokenParts[2]), textToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`)))
+        if (!await crypto.subtle.verify(algorithm, key, base64UrlToArrayBuffer(tokenParts[2]), textToArrayBuffer(`${tokenParts[0]}.${tokenParts[1]}`)))
             throw new Error("INVALID_SIGNATURE")
 
         return decodedToken

src/utils.ts

@@ -20,11 +20,11 @@ export function arrayBufferToBase64String(arrayBuffer: ArrayBuffer): string {
     return btoa(bytesToByteString(new Uint8Array(arrayBuffer)))
 }
 
-export function base64StringToUint8Array(b64str: string): Uint8Array {
+export function base64StringToArrayBuffer(b64str: string): ArrayBuffer {
-    return byteStringToBytes(atob(b64str))
+    return byteStringToBytes(atob(b64str)).buffer
 }
 
-export function textToUint8Array(str: string): Uint8Array {
+export function textToArrayBuffer(str: string): ArrayBuffer {
     return byteStringToBytes(str)
 }
 
@@ -36,8 +36,8 @@ export function arrayBufferToBase64Url(arrayBuffer: ArrayBuffer): string {
     return arrayBufferToBase64String(arrayBuffer).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
 }
 
-export function base64UrlToUint8Array(b64url: string): Uint8Array {
+export function base64UrlToArrayBuffer(b64url: string): ArrayBuffer {
-    return base64StringToUint8Array(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, ""))
+    return base64StringToArrayBuffer(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, ""))
 }
 
 export function textToBase64Url(str: string): string {
@@ -48,15 +48,15 @@ export function textToBase64Url(str: string): string {
     return btoa(binaryStr).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
 }
 
-export function pemToBinary(pem: string): Uint8Array {
+export function pemToBinary(pem: string): ArrayBuffer {
-    return base64StringToUint8Array(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""))
+    return base64StringToArrayBuffer(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""))
 }
 
 export async function importTextSecret(key: string, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
-    return await crypto.subtle.importKey("raw", textToUint8Array(key), algorithm, true, keyUsages)
+    return await crypto.subtle.importKey("raw", textToArrayBuffer(key), algorithm, true, keyUsages)
 }
 
-export async function importJwk(key: JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
+export async function importJwk(key: JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
     return await crypto.subtle.importKey("jwk", key, algorithm, true, keyUsages)
 }
 
@@ -68,7 +68,7 @@ export async function importPrivateKey(key: string, algorithm: SubtleCryptoImpor
     return await crypto.subtle.importKey("pkcs8", pemToBinary(key), algorithm, true, keyUsages)
 }
 
-export async function importKey(key: string | JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
+export async function importKey(key: string | JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
     if (typeof key === "object")
         return importJwk(key, algorithm, keyUsages)
 

tests/index.spec.ts

@@ -13,27 +13,27 @@ describe("Verify", async () => {
     const notYetValidToken = await jwt.sign({ sub: "me", nbf: now + offset }, secret)
     const expiredToken = await jwt.sign({ sub: "me", exp: now - offset }, secret)
 
-    test("Valid", async () => {
+    test("Valid", () => {
-        await expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy()
+        expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy()
     })
 
-    test("Not yet expired", async () => {
+    test("Not yet expired", () => {
-        await expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy()
+        expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy()
     })
 
-    test("Not yet valid", async () => {
+    test("Not yet valid", () => {
-        await expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID")
+        expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID")
     })
 
-    test("Expired", async () => {
+    test("Expired", () => {
-        await expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED")
+        expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED")
     })
 
-    test("Clock offset", async () => {
+    test("Clock offset", () => {
-        await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
+        expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
-        await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
+        expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
 
-        await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID")
+        expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID")
-        await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED")
+        expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED")
     })
 })

tests/utils.spec.ts

@@ -3,11 +3,11 @@ import {
     bytesToByteString,
     byteStringToBytes,
     arrayBufferToBase64String,
-    base64StringToUint8Array,
+    base64StringToArrayBuffer,
-    textToUint8Array,
+    textToArrayBuffer,
     arrayBufferToText,
     arrayBufferToBase64Url,
-    base64UrlToUint8Array,
+    base64UrlToArrayBuffer,
     textToBase64Url,
     pemToBinary,
     importTextSecret
@@ -18,7 +18,7 @@ describe("Converters", () => {
     const testByteArray = [ 99, 108, 111, 117, 100, 102, 108, 97, 114, 101, 45, 119, 111, 114, 107, 101, 114, 45, 106, 119, 116 ]
     const testUint8Array = new Uint8Array(testByteArray)
     const testBase64String = "Y2xvdWRmbGFyZS13b3JrZXItand0"
-    const testArrayBuffer = testUint8Array
+    const testArrayBuffer = testUint8Array.buffer
 
     test("bytesToByteString", () => {
         expect(bytesToByteString(testUint8Array)).toStrictEqual(testString)
@@ -33,11 +33,11 @@ describe("Converters", () => {
     })
 
     test("base64StringToArrayBuffer", () => {
-        expect(base64StringToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
+        expect(base64StringToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer)
     })
 
     test("textToArrayBuffer", () => {
-        expect(textToUint8Array(testString)).toStrictEqual(testUint8Array)
+        expect(textToArrayBuffer(testString)).toStrictEqual(testUint8Array)
     })
 
     test("arrayBufferToText", () => {
@@ -49,7 +49,7 @@ describe("Converters", () => {
     })
 
     test("base64UrlToArrayBuffer", () => {
-        expect(base64UrlToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
+        expect(base64UrlToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer)
     })
 
     test("textToBase64Url", () => {
@@ -67,7 +67,7 @@ describe("Imports", () => {
         const testAlgorithm = { name: "HMAC", hash: { name: "SHA-256" } }
         const testCryptoKey = { type: "secret", extractable: true, algorithm: { ...testAlgorithm, length: 168 }, usages: ["verify", "sign"] }
 
-        await expect(importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).resolves.toMatchObject(testCryptoKey)
+        expect(await importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).toMatchObject(testCryptoKey)
     })
 
     test.todo("importJwk")