Merge branch 'beta' into frederikprijck-patch-1

.circleci/config.yml

@@ -23,22 +23,30 @@ jobs:
           name: Build
           command: npm run build
       - run:
-          name: Run Tests
-          command: npm run test
+          name: Lint
+          command: npm run lint && npm run lint:package
+      - run:
+          name: Run Tests against browser
+          command: npm run test:browser
+      - run:
+          name: Run Tests against node
+          command: npm run test:node
 workflows:
   build-and-test:
     jobs:
       - build:
           matrix:
             parameters:
-              node-version: ["14.20", "16.20", "18.16"]
+              node-version: ["16.20", "18.16", "20.4"]
       - ship/node-publish:
+          publish-command: npm publish --tag beta
           context:
             - publish-npm
             - publish-gh
           filters:
             branches:
               only:
                 - master
+                - beta
           requires:
             - build

.eslintrc.json

@@ -0,0 +1,24 @@
+{
+  "env": {
+    "node": true,
+    "commonjs": true,
+    "es2017": true,
+    "mocha": true
+  },
+  "ignorePatterns": ["**/*.mjs", "**/*.js"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended-type-checked",
+    "plugin:@typescript-eslint/stylistic-type-checked",
+    "plugin:prettier/recommended"
+  ],
+  "plugins": ["@typescript-eslint", "import"],
+  "parserOptions": {
+    "ecmaVersion": 9,
+    "project": true
+  },
+  "rules": {
+    "import/no-default-export": "error",
+    "import/extensions": ["error", "always"]
+  }
+}

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily

.gitignore

@@ -13,8 +13,9 @@ lib-cov
 pids
 logs
 results
+test-results
 
 npm-debug.log
 node_modules
 build/*
-!build/jwt-decode.js
+coverage/*

.prettierrc

@@ -0,0 +1,4 @@
+{
+    "printWidth": 100,
+    "singleQuote": false
+  }

CHANGELOG.md

@@ -1,5 +1,57 @@
 # Change log
 
+## Version [4.0.0-beta.3](https://github.com/auth0/jwt-decode/releases/tag/v4.0.0-beta.3)
+
+[Full Changelog](https://github.com/auth0/jwt-decode/compare/v4.0.0-beta.2..v4.0.0-beta.3)
+
+**Breaking changes**
+- Drop UMD bundle [\#193](https://github.com/auth0/jwt-decode/pull/193) ([frederikprijck](https://github.com/frederikprijck))
+
+**Changed**
+- Use modern JavaScript syntax [\#187](https://github.com/auth0/jwt-decode/pull/187) ([jonkoops](https://github.com/jonkoops))
+- Use ESNext as default module system [\#188](https://github.com/auth0/jwt-decode/pull/188) ([jonkoops](https://github.com/jonkoops))
+- Avoid using any bundlers but use tsc instead [\#192](https://github.com/auth0/jwt-decode/pull/192) ([frederikprijck](https://github.com/frederikprijck))
+
+## Version [4.0.0-beta.2](https://github.com/auth0/jwt-decode/releases/tag/v4.0.0-beta.2)
+
+[Full Changelog](https://github.com/auth0/jwt-decode/compare/v4.0.0-beta.1..v4.0.0-beta.2)
+
+**Changed**
+- Avoid using default exports [\#175](https://github.com/auth0/jwt-decode/pull/175) ([frederikprijck](https://github.com/frederikprijck))
+- Make options optional no default function parameter initializer [\#179](https://github.com/auth0/jwt-decode/pull/179) ([cristobal](https://github.com/cristobal))
+
+**Fixed**
+- Ensure types are bundled and correctly linked [\#174](https://github.com/auth0/jwt-decode/pull/174) ([jonkoops](https://github.com/jonkoops))
+
+## Version [4.0.0-beta.1](https://github.com/auth0/jwt-decode/releases/tag/v4.0.0-beta.1)
+
+[Full Changelog](https://github.com/auth0/jwt-decode/compare/v4.0.0-beta.0..v4.0.0-beta.1)
+
+**Fixed**
+- Ensure build is run on prepack [\#167](https://github.com/auth0/jwt-decode/pull/167) ([frederikprijck](https://github.com/frederikprijck))
+
+## Version [4.0.0-beta.0](https://github.com/auth0/jwt-decode/releases/tag/v4.0.0-beta.0)
+
+[Full Changelog](https://github.com/auth0/jwt-decode/compare/v3.1.2..v4.0.0-beta.0)
+
+A new version of the library, including a couple of improvements:
+
+- No longer include a polyfill for [atob](https://developer.mozilla.org/en-US/docs/Web/API/atob), as this is [supported in all major browsers](https://caniuse.com/?search=atob) (and [node environments > 14](https://developer.mozilla.org/en-US/docs/Web/API/atob#browser_compatibility)).
+- Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited [according to caniuse](https://caniuse.com/?search=es2017))
+- Use Node's atob when running on node.
+- Drop support for Node 14, add support for Node 20.
+- Add support for package.json's `exports` field, for better CJS/ESM support
+- Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
+- Drop manual UMD bundle creation in `index.standalone.ts`, but rely on rollup instead.
+- Infer JwtPayload and JwtHeader default types from the `header` argument by using overloads.
+
+**Additionally, this PR ensures the file size is decreased:**
+
+- **ESM and CJS decreased by 22%**
+- **UMD decreased by 37%**
+
+Even though some users might experience breaking changes, mostly because of the `exports` field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for `atob`.
+
 ## Version [3.1.2](https://github.com/auth0/jwt-decode/releases/tag/v3.1.2)
 
 [Full Changelog](https://github.com/auth0/jwt-decode/compare/v3.1.1..v3.1.2)

README.md

@@ -1,6 +1,6 @@
 ![Browser library that helps decoding JWT tokens which are Base64Url encoded](https://cdn.auth0.com/website/sdks/banners/jwt-decode-banner.png)
 
-**IMPORTANT:** This library doesn't validate the token, any well formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Owin Bearer JWT](https://github.com/michaelnoonan/Auth0-Owin-JwtBearerAuthentication), etc.
+**IMPORTANT:** This library doesn't validate the token, any well-formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Microsoft.AspNetCore.Authentication.JwtBearer](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer), etc.
 
 ![Release](https://img.shields.io/npm/v/jwt-decode)
 ![Downloads](https://img.shields.io/npm/dw/jwt-decode)
@@ -24,10 +24,10 @@ Run `npm install jwt-decode` or `yarn add jwt-decode` to install the library.
 ### Usage
 
 ```js
-import jwt_decode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";
 
-var token = "eyJ0eXAiO.../// jwt token";
-var decoded = jwt_decode(token);
+const token = "eyJ0eXAiO.../// jwt token";
+const decoded = jwtDecode(token);
 
 console.log(decoded);
 
@@ -40,7 +40,7 @@ console.log(decoded);
  */
 
 // decode header by passing in options (useful for when you need `kid` to verify a JWT):
-var decodedHeader = jwt_decode(token, { header: true });
+const decodedHeader = jwtDecode(token, { header: true });
 console.log(decodedHeader);
 
 /* prints:
@@ -67,36 +67,41 @@ Not adhering to the format will result in a `InvalidTokenError` with one of the
 - `Invalid token specified: must be a string` => the token passed was not a string, this library only works on strings. 
 - `Invalid token specified: missing part #` => this probably means you are missing a dot (`.`) in the token 
 - `Invalid token specified: invalid base64 for part #` => the part could not be base64 decoded (the message should contain the error the base64 decoder gave)
-- `Invalid token specified: invalid json for part #` => the part was correctly base64 decoded, however the decoded value was not valid json (the message should contain the error the json parser gave)
+- `Invalid token specified: invalid json for part #` => the part was correctly base64 decoded, however, the decoded value was not valid JSON (the message should contain the error the JSON parser gave)
 
-#### Use with typescript
+#### Use with TypeScript
 
-The `jwt_decode` function will return an `unknown` type by default. You can specify what the expected return type should be by passing a type argument to the `jwt_decode` function.
+The return type of the `jwtDecode` function is determined by the `header` property of the object passed as the second argument. If omitted (or set to false), it'll use `JwtPayload`, when true it will use `JwtHeader`. 
+If needed, you can specify what the expected return type should be by passing a type argument to the `jwtDecode` function.
 
-The package also exports types for a `JwtHeader` and `JwtPayload` with some default claims. You can either use them as-is, or extend them to include non standard claims or properties.
+You can extend both `JwtHeader` and `JwtPayload` to include non-standard claims or properties.
 
 ```typescript
-import jwtDecode, { JwtPayload } from "jwt-decode";
+import { jwtDecode } from "jwt-decode";
 
-const token: string = "eyJhsw5c";
+const token = "eyJhsw5c";
 const decoded = jwtDecode<JwtPayload>(token); // Returns with the JwtPayload type
 ```
 
 #### Use as a CommonJS package
 
 ```javascript
-const jwt_decode = require('jwt-decode');
+const { jwtDecode } = require('jwt-decode');
 ...
 ```
 
 #### Include with a script tag
 
-Copy the file `jwt-decode.js` from the `build/` folder to your project somewhere, then include like so:
+Copy the file `jwt-decode.js` from the root of the `build/esm` folder to your project somewhere, then import `jwtDecode` from it inside a script tag that's marked with `type="module"`:
 
 ```html
-<script src="jwt-decode.js"></script>
-```
+<script type="module">
+  import { jwtDecode } from "/path/to/jwt-decode.js";
 
+  const token = "eyJhsw5c";
+  const decoded = jwtDecode(token);
+</script>
+```
 
 ## Feedback
 

bs-config.json

@@ -0,0 +1,6 @@
+{
+  "port": 3000,
+  "watch": true,
+  "server": ["build", "static"],
+  "files": ["build", "static"]
+}