Skip to content

Releases: DWTechs/Toker.js

update @dwtechs/checkard to v3.6.1

Choose a tag to compare

@LCluber LCluber released this 11 Jul 08:24
  • Updated dependencies :
    • @dwtechs/checkard to 3.6.1

security and performances improvements

Choose a tag to compare

@LCluber LCluber released this 10 May 12:24
  • exp claim is now validated as a finite number before any time-based comparison, preventing crafted payloads (null, strings, Infinity) from bypassing expiration checks
  • kid header field is now validated as a strict integer using isInteger() from @dwtechs/checkard, preventing float values (e.g. 0.5) from producing an out-of-bounds array access
  • Fixed causedBy parameter type in error class declarations
  • Eliminated redundant JSON parsing in verify(): header and payload are now decoded and parsed in a single pass
  • Hoisted the /\s+/ regex in parseBearer() to a module-level constant to avoid recompilation on every call

dwtechs/hashitaka v0.4.0

Choose a tag to compare

@LCluber LCluber released this 10 May 09:04
  • Now distributed as a native ES2022 ECMAScript module (ESM)
  • Signature is now verified before checking nbf/exp claims, preventing timing-based information leakage on forged tokens
  • Updated @dwtechs/hashitaka to 0.4.0

nbf immediately valid

Choose a tag to compare

@LCluber LCluber released this 07 Feb 12:26
  • Fixed JWT token "not before" (nbf) claim timing. Tokens are now immediately valid upon issuance (nbf = iat)

Improve error management

Choose a tag to compare

@LCluber LCluber released this 10 Sep 11:27
  • Updated dependencies in package.json:
    • @dwtechs/checkard to 3.5.1
    • @dwtechs/hashitaka to 0.3.1
  • Improved error messages using Hashitaka and Checkard errors

Initial version

Choose a tag to compare

@LCluber LCluber released this 10 Aug 20:42
  • Initial version