Releases: DWTechs/Toker.js
Releases · DWTechs/Toker.js
Release list
update @dwtechs/checkard to v3.6.1
security and performances improvements
expclaim is now validated as a finite number before any time-based comparison, preventing crafted payloads (null, strings,Infinity) from bypassing expiration checkskidheader field is now validated as a strict integer usingisInteger()from@dwtechs/checkard, preventing float values (e.g.0.5) from producing an out-of-bounds array access- Fixed
causedByparameter type in error class declarations - Eliminated redundant JSON parsing in
verify(): header and payload are now decoded and parsed in a single pass - Hoisted the
/\s+/regex inparseBearer()to a module-level constant to avoid recompilation on every call
dwtechs/hashitaka v0.4.0
- Now distributed as a native ES2022 ECMAScript module (ESM)
- Signature is now verified before checking
nbf/expclaims, preventing timing-based information leakage on forged tokens - Updated
@dwtechs/hashitakato 0.4.0
nbf immediately valid
- Fixed JWT token "not before" (nbf) claim timing. Tokens are now immediately valid upon issuance (nbf = iat)
Improve error management
- Updated dependencies in package.json:
- @dwtechs/checkard to 3.5.1
- @dwtechs/hashitaka to 0.3.1
- Improved error messages using Hashitaka and Checkard errors