perf: replace jsonwebtoken with jose #8217
Conversation
The jose package has 0 dependencies and is tree shakable ESM. So we get lower actual bundle size and get rid of 10 dependencies.
|
@AlessioGr On the quest for lower bundle size this will reduce payload bundle size from 4,008 KB to 3,824 KB (4.6% reduction). In addition there are some security concerns with the lodash packages included in jsonwebtoken. Ref the comment here: auth0/node-jsonwebtoken#933 (comment) All in all jose seems more modern, updated and is ESM. I have used it successfully in other projects instead of jsonwebtoken. I have also checked that the generated token with my change is same as before using the debugger on https://jwt.io/ |
|
Hey @andershermansen good PR! We will review shortly. I think we will be able to merge it. THANK YOU!!! |
|
@jmikrut @AlessioGr Any concerns about the change? Or just still waiting for code review? |
|
No concerns atm, just need to find time to review |
The jose package has 0 dependencies and is tree shakable ESM.
So we get lower bundle size and get rid of 10 dependencies.