npm - @sourceregistry/node-jwt - Versions diffs - 1.5.2 → 1.5.4 - Mend

@sourceregistry/node-jwt 1.5.2 → 1.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +35 -1
package/dist/index-BgMSfLZD.cjs +2 -0
package/dist/index-BgMSfLZD.cjs.map +1 -0
package/dist/index-tE21mX91.js +814 -0
package/dist/index-tE21mX91.js.map +1 -0
package/dist/index.cjs.js +1 -1
package/dist/index.es.js +7 -6
package/dist/jwks/index.d.ts +15 -12
package/dist/jwks/promises.d.ts +31 -1
package/dist/jwt/index.d.ts +20 -36
package/dist/jwt/promises.d.ts +3 -18
package/dist/promises.cjs.js +1 -1
package/dist/promises.cjs.js.map +1 -1
package/dist/promises.es.js +26 -24
package/dist/promises.es.js.map +1 -1
package/package.json +3 -3
package/dist/index-CJ4L1o5I.cjs +0 -2
package/dist/index-CJ4L1o5I.cjs.map +0 -1
package/dist/index-CQO8xUW-.js +0 -687
package/dist/index-CQO8xUW-.js.map +0 -1

package/dist/index-tE21mX91.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index-tE21mX91.js","sources":["../src/jwt/index.ts","../src/jwks/index.ts"],"sourcesContent":["import crypto, {\n createHmac,\n createSign,\n createVerify,\n createPrivateKey,\n createSecretKey,\n sign as cryptoSign,\n verify as cryptoVerify,\n timingSafeEqual,\n type BinaryLike,\n type KeyLike,\n type KeyObject\n} from 'crypto';\n\n// Base64URL helpers (padding-safe)\nexport const base64Url = {\n encode: (input: string | Buffer): string => Buffer.from(input).toString('base64url'),\n decode: (input: string): string => Buffer.from(input, 'base64url').toString()\n};\n\n/**\n * Timing-safe string comparison to prevent timing attacks\n * @param a\n * @param b\n */\nconst timingSafeCompare = (a: string, b: string): boolean => {\n if (a.length !== b.length) {\n return false;\n }\n return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n};\n\n// Standard JWT payload claims\nexport interface JWTPayload {\n /**\n * Issuer\n */\n iss?: string;\n /**\n * Subject\n */\n sub?: string;\n /**\n * Audience\n */\n aud?: string | string[];\n /**\n * Expiration Time (as UNIX timestamp)\n */\n exp?: number;\n /**\n * Not Before (as UNIX timestamp)\n */\n nbf?: number;\n /**\n * Issued At (as UNIX timestamp)\n */\n iat?: number;\n /**\n * JWT ID\n */\n jti?: string;\n /**\n * Session ID\n */\n sid?: string;\n\n /**\n * Custom claims\n */\n [key: string]: unknown;\n}\n\nexport interface JWTHeader {\n alg: string; // Allow unknown algs during decode\n typ?: string;\n kid?: string;\n}\n\nexport interface JWT {\n header: JWTHeader;\n payload: JWTPayload;\n signature: string;\n}\n\nconst BASE64URL_SEGMENT_REGEX = /^[A-Za-z0-9_-]+$/;\n\nfunction isPlainObject(input: unknown): input is Record<string, unknown> {\n return typeof input === 'object' && input !== null && !Array.isArray(input);\n}\n\nfunction isFiniteNumber(input: unknown): input is number {\n return typeof input === 'number' && Number.isFinite(input);\n}\n\nfunction isStringArray(input: unknown): input is string[] {\n return Array.isArray(input) && input.every((value) => typeof value === 'string');\n}\n\nfunction validateRegisteredClaims(payload: JWTPayload): { reason: string; code: string } | null {\n const claimValidators: Array<{ claim: keyof JWTPayload; valid: boolean; expected: string }> = [\n {claim: 'iss', valid: payload.iss === undefined || typeof payload.iss === 'string', expected: 'string'},\n {claim: 'sub', valid: payload.sub === undefined || typeof payload.sub === 'string', expected: 'string'},\n {claim: 'jti', valid: payload.jti === undefined || typeof payload.jti === 'string', expected: 'string'},\n {claim: 'sid', valid: payload.sid === undefined || typeof payload.sid === 'string', expected: 'string'},\n {claim: 'iat', valid: payload.iat === undefined || isFiniteNumber(payload.iat), expected: 'number'},\n {claim: 'exp', valid: payload.exp === undefined || isFiniteNumber(payload.exp), expected: 'number'},\n {claim: 'nbf', valid: payload.nbf === undefined || isFiniteNumber(payload.nbf), expected: 'number'},\n ];\n\n for (const entry of claimValidators) {\n if (!entry.valid) {\n return {\n reason: `Invalid \"${entry.claim}\" claim: expected ${entry.expected}`,\n code: 'INVALID_CLAIM'\n };\n }\n }\n\n if (payload.aud !== undefined) {\n const isValidAudience = typeof payload.aud === 'string' || isStringArray(payload.aud);\n if (!isValidAudience) {\n return {\n reason: 'Invalid \"aud\" claim: expected string or string[]',\n code: 'INVALID_CLAIM'\n };\n }\n }\n\n return null;\n}\n\nfunction validateVerifyOptions(options: VerifyOptions): { reason: string; code: string } | null {\n if (options.signatureFormat !== undefined && options.signatureFormat !== 'der' && options.signatureFormat !== 'jose') {\n return {\n reason: 'Invalid signatureFormat option: expected \"der\" or \"jose\"',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.clockSkew !== undefined && (!isFiniteNumber(options.clockSkew) || options.clockSkew < 0)) {\n return {\n reason: 'Invalid clockSkew option: expected a non-negative finite number',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.maxTokenAge !== undefined && (!isFiniteNumber(options.maxTokenAge) || options.maxTokenAge < 0)) {\n return {\n reason: 'Invalid maxTokenAge option: expected a non-negative finite number',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.issuer !== undefined && typeof options.issuer !== 'string') {\n return {\n reason: 'Invalid issuer option: expected string',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.subject !== undefined && typeof options.subject !== 'string') {\n return {\n reason: 'Invalid subject option: expected string',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.jwtId !== undefined && typeof options.jwtId !== 'string') {\n return {\n reason: 'Invalid jwtId option: expected string',\n code: 'INVALID_OPTIONS'\n };\n }\n\n if (options.audience !== undefined) {\n const isValidAudience = typeof options.audience === 'string' || isStringArray(options.audience);\n if (!isValidAudience) {\n return {\n reason: 'Invalid audience option: expected string or string[]',\n code: 'INVALID_OPTIONS'\n };\n }\n }\n\n if (options.algorithms !== undefined) {\n if (!Array.isArray(options.algorithms)) {\n return {\n reason: 'Invalid algorithms option: expected an array',\n code: 'INVALID_OPTIONS'\n };\n }\n\n const invalidAlgorithm = options.algorithms.find((alg) => !(alg in SignatureAlgorithm));\n if (invalidAlgorithm) {\n return {\n reason: `Invalid algorithms option: unsupported algorithm \"${invalidAlgorithm}\"`,\n code: 'INVALID_OPTIONS'\n };\n }\n }\n\n return null;\n}\n\n\n//JOSE-helpers\nfunction joseLenForAlg(alg: string): number {\n switch (alg) {\n case 'ES256':\n case 'ES256K':\n return 64; // 32 + 32\n case 'ES384':\n return 96; // 48 + 48\n case 'ES512':\n return 132; // 66 + 66 (P-521)\n /* c8 ignore next 2 */\n default:\n throw new Error(`Unsupported ECDSA alg for JOSE conversion: ${alg}`);\n }\n}\n\nfunction derToJose(der: Buffer, outLen: number): Buffer {\n let i = 0;\n if (der[i++] !== 0x30) throw new Error('Invalid DER ECDSA signature');\n\n // seq length (short/long form)\n let seqLen = der[i++];\n if (seqLen & 0x80) {\n const n = seqLen & 0x7f;\n seqLen = 0;\n for (let k = 0; k < n; k++) seqLen = (seqLen << 8) | der[i++];\n }\n\n if (der[i++] !== 0x02) throw new Error('Invalid DER ECDSA signature (r)');\n const rLen = der[i++];\n let r = der.subarray(i, i + rLen);\n i += rLen;\n\n if (der[i++] !== 0x02) throw new Error('Invalid DER ECDSA signature (s)');\n const sLen = der[i++];\n let s = der.subarray(i, i + sLen);\n\n // strip leading zeros\n while (r.length > outLen / 2 && r[0] === 0x00) r = r.subarray(1);\n while (s.length > outLen / 2 && s[0] === 0x00) s = s.subarray(1);\n\n const rPad = Buffer.concat([Buffer.alloc(outLen / 2 - r.length, 0), r]);\n const sPad = Buffer.concat([Buffer.alloc(outLen / 2 - s.length, 0), s]);\n return Buffer.concat([rPad, sPad]);\n}\n\nfunction joseToDer(jose: Buffer): Buffer {\n const half = jose.length / 2;\n let r = jose.subarray(0, half);\n let s = jose.subarray(half);\n\n // trim leading zeros\n while (r.length > 1 && r[0] === 0x00 && (r[1] & 0x80) === 0) r = r.subarray(1);\n while (s.length > 1 && s[0] === 0x00 && (s[1] & 0x80) === 0) s = s.subarray(1);\n\n // if high bit set, prepend 0x00\n if (r[0] & 0x80) r = Buffer.concat([Buffer.from([0x00]), r]);\n if (s[0] & 0x80) s = Buffer.concat([Buffer.from([0x00]), s]);\n\n const rPart = Buffer.concat([Buffer.from([0x02, r.length]), r]);\n const sPart = Buffer.concat([Buffer.from([0x02, s.length]), s]);\n\n const seqLen = rPart.length + sPart.length;\n\n let lenBytes: Buffer;\n if (seqLen < 0x80) {\n lenBytes = Buffer.from([seqLen]);\n } else {\n const tmp: number[] = [];\n let n = seqLen;\n while (n > 0) {\n tmp.unshift(n & 0xff);\n n >>= 8;\n }\n lenBytes = Buffer.from([0x80 | tmp.length, ...tmp]);\n }\n\n return Buffer.concat([Buffer.from([0x30]), lenBytes, rPart, sPart]);\n}\n\nfunction isEcdsaAlg(alg: string): boolean {\n return alg === 'ES256' || alg === 'ES384' || alg === 'ES512' || alg === 'ES256K';\n}\n\n\n// Signature algorithms\nexport const SignatureAlgorithm = {\n // HMAC\n HS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha256', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha256', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n HS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha384', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha384', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n HS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha512', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha512', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n\n // RSA (DER-encoded signatures, base64url)\n RS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n RS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA384').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA384')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n RS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA512').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA512')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n\n // ECDSA (DER-encoded by default — no dsaEncoding!)\n ES256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA384').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA384')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA512').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA512')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES256K: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA256')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 32\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA256')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 32\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA384')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 48\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA384')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 48\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA512')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 64\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA512')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 64\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n EdDSA: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n cryptoSign(null, typeof data === 'string' ? Buffer.from(data, 'utf8') : data, secret)\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return cryptoVerify(\n null,\n typeof data === 'string' ? Buffer.from(data, 'utf8') : data,\n secret,\n Buffer.from(signature, 'base64url')\n );\n } catch {\n return false;\n }\n }\n }\n} as const;\n\nexport type SupportedAlgorithm = keyof typeof SignatureAlgorithm;\n\nexport const SupportedAlgorithms = Object.keys(SignatureAlgorithm) as Array<SupportedAlgorithm>;\n\n/**\n * Autodetection of algorithm for KeyObjects\n * @param key\n * @constructor\n */\nexport function AutodetectAlgorithm(key: KeyObject): SupportedAlgorithm {\n if (key.type === 'secret') return 'HS256';\n if (key.type !== 'private') throw new Error('Only private or symmetric keys can be used to sign JWTs');\n\n const asymKeyType = key.asymmetricKeyType;\n const details = key.asymmetricKeyDetails;\n\n switch (asymKeyType) {\n case 'rsa':\n return 'RS256';\n case 'rsa-pss': {\n const hash = details?.hashAlgorithm ?? 'sha256';\n switch (hash) {\n case 'sha256':\n return 'PS256';\n case 'sha384':\n return 'PS384';\n case 'sha512':\n return 'PS512';\n default:\n throw new Error(`Unsupported RSA-PSS hash algorithm: ${hash}`);\n }\n }\n case 'ec': {\n const curve = details?.namedCurve;\n switch (curve) {\n case 'P-256':\n case 'prime256v1':\n return 'ES256';\n case 'P-384':\n case 'secp384r1':\n return 'ES384';\n case 'P-521':\n case 'secp521r1':\n return 'ES512';\n case 'secp256k1':\n return 'ES256K';\n default:\n throw new Error(`Unsupported EC curve: ${curve}`);\n }\n }\n case 'ed25519':\n return 'EdDSA';\n default:\n throw new Error(`Unsupported asymmetric key type: ${asymKeyType}`);\n }\n}\n\n/**\n * Normalize KeyLike input to a KeyObject\n * @param key\n */\nfunction toKeyObject(key: KeyLike): KeyObject {\n // Already a KeyObject (private, public, or secret)\n if (typeof key === 'object' && 'type' in key) return key as KeyObject;\n\n // Try asymmetric private key (PEM / DER / JWK)\n try {\n return createPrivateKey(key);\n } catch {\n // Fallback: symmetric key (HMAC)\n const buffer =\n typeof key === 'string'\n ? Buffer.from(key, 'utf8')\n : Buffer.isBuffer(key)\n ? key\n : (() => {\n throw new Error('Unsupported key type');\n })();\n\n return createSecretKey(buffer);\n }\n}\n\n/**\n * Decode a JWT string into its parts (without verification)\n * @param token\n */\nexport const decode = (token: string): JWT => {\n const parts = token.split('.');\n if (parts.length !== 3) {\n throw new Error('Invalid JWT: must contain exactly 3 parts separated by \".\"');\n }\n\n const [headerPart, payloadPart, signature] = parts;\n\n if (!headerPart || !payloadPart || !signature) {\n throw new Error('Invalid JWT: empty part detected');\n }\n\n if (!BASE64URL_SEGMENT_REGEX.test(headerPart) || !BASE64URL_SEGMENT_REGEX.test(payloadPart) || !BASE64URL_SEGMENT_REGEX.test(signature)) {\n throw new Error('Invalid JWT: non-base64url characters detected');\n }\n\n try {\n const decodedHeader = JSON.parse(base64Url.decode(headerPart));\n const decodedPayload = JSON.parse(base64Url.decode(payloadPart));\n\n if (!isPlainObject(decodedHeader) || !isPlainObject(decodedPayload)) {\n throw new Error('header and payload must be JSON objects');\n }\n\n const header = decodedHeader as unknown as JWTHeader;\n const payload = decodedPayload as JWTPayload;\n\n if (typeof header.alg !== 'string' || header.alg.length === 0) {\n throw new Error('header.alg must be a non-empty string');\n }\n if (header.typ !== undefined && typeof header.typ !== 'string') {\n throw new Error('header.typ must be a string');\n }\n if (header.kid !== undefined && typeof header.kid !== 'string') {\n throw new Error('header.kid must be a string');\n }\n\n return {header, payload, signature};\n } catch (err) {\n throw new Error(`Invalid JWT: malformed header or payload (${(err as Error).message})`);\n }\n}\n\nexport type SignOptions = {\n alg?: SupportedAlgorithm;\n kid?: string;\n typ?: string;\n /**\n * default 'der'\n */\n signatureFormat?: 'der' | 'jose';\n}\n\n/**\n * Sign a JWT\n * @param payload\n * @param secret\n * @param options\n */\nexport const sign = (\n payload: JWTPayload,\n secret: KeyLike,\n options: SignOptions = {}\n): string => {\n const key = toKeyObject(secret);\n const alg = options.alg ?? AutodetectAlgorithm(key);\n const signatureFormat = options.signatureFormat ?? 'der';\n const typ = options.typ ?? 'JWT';\n\n if (!(alg in SignatureAlgorithm)) throw new Error(`Unsupported algorithm: ${alg}`);\n\n const header: JWTHeader = {alg, typ};\n if (options.kid) header.kid = options.kid;\n\n const headerEncoded = base64Url.encode(JSON.stringify(header));\n const payloadEncoded = base64Url.encode(JSON.stringify(payload));\n\n const signingInput = `${headerEncoded}.${payloadEncoded}`;\n\n // existing DER/base64url signature from algorithms\n let signature = SignatureAlgorithm[alg].sign(signingInput, secret);\n\n // If ES* and caller requested JOSE, convert the DER signature bytes to JOSE bytes\n if (signatureFormat === 'jose' && isEcdsaAlg(alg)) {\n const der = Buffer.from(signature, 'base64url');\n const jose = derToJose(der, joseLenForAlg(alg));\n signature = jose.toString('base64url');\n }\n\n return `${headerEncoded}.${payloadEncoded}.${signature}`;\n\n};\n\nexport type VerifyOptions = {\n algorithms?: SupportedAlgorithm[]; // Whitelist of allowed algorithms\n issuer?: string;\n subject?: string;\n audience?: string | string[];\n jwtId?: string;\n ignoreExpiration?: boolean;\n clockSkew?: number; // in seconds, default 0\n maxTokenAge?: number; // Maximum age in seconds\n signatureFormat?: 'der' | 'jose';\n};\n\n/**\n * Verify and validate a JWT\n * @param token\n * @param secret\n * @param options\n */\nexport const verify = (\n token: string,\n secret: KeyLike,\n options: VerifyOptions = {}\n):\n | { valid: true; header: JWTHeader; payload: JWTPayload; signature: string }\n | { valid: false; error: { reason: string; code: string } } => {\n const invalidOptions = validateVerifyOptions(options);\n if (invalidOptions) {\n return {\n valid: false,\n error: invalidOptions\n };\n }\n\n let decoded: JWT;\n try {\n decoded = decode(token);\n } catch (err) {\n return {\n valid: false,\n error: {\n reason: (err as Error).message,\n code: 'INVALID_TOKEN'\n }\n };\n }\n\n const {header, payload, signature} = decoded;\n const invalidClaims = validateRegisteredClaims(payload);\n if (invalidClaims) {\n return {\n valid: false,\n error: invalidClaims\n };\n }\n\n // Validate algorithm\n const alg = header.alg as SupportedAlgorithm;\n if (!(alg in SignatureAlgorithm)) {\n return {\n valid: false,\n error: {\n reason: `Unsupported or unknown algorithm: ${header.alg}`,\n code: 'INVALID_ALGORITHM'\n }\n };\n }\n\n // Algorithm whitelist validation (prevents algorithm confusion attacks)\n if (options.algorithms && options.algorithms.length > 0) {\n if (!options.algorithms.includes(alg)) {\n return {\n valid: false,\n error: {\n reason: `Algorithm \"${alg}\" is not in the allowed algorithms list`,\n code: 'ALGORITHM_NOT_ALLOWED'\n }\n };\n }\n }\n\n // Validate 'typ' header (must be 'JWT' if present)\n if (header.typ !== undefined && header.typ !== 'JWT') {\n return {\n valid: false,\n error: {\n reason: `Invalid token type: expected 'JWT', got '${header.typ}'`,\n code: 'INVALID_TYPE'\n }\n };\n }\n\n // Verify signature against the exact original JWT signing input.\n const [headerPart, payloadPart] = token.split('.');\n const signingInput = `${headerPart}.${payloadPart}`;\n\n if (!isEcdsaAlg(alg)) {\n // non-ES* algorithms unchanged\n let isValidSignature = false;\n try {\n isValidSignature = SignatureAlgorithm[alg].verify(signingInput, secret, signature);\n } catch {\n isValidSignature = false;\n }\n if (!isValidSignature) {\n return {valid: false, error: {reason: \"Signature verification failed\", code: 'INVALID_SIGNATURE'}};\n }\n } else {\n // ES* algorithms: verify DER by default, but allow JOSE + auto-detect\n const format = options.signatureFormat; // undefined means \"auto\"\n\n let ok: boolean;\n\n // 1) If explicitly JOSE -> convert to DER for verification\n if (format === 'jose') {\n try {\n const jose = Buffer.from(signature, 'base64url');\n const derSigB64Url = joseToDer(jose).toString('base64url');\n ok = SignatureAlgorithm[alg].verify(signingInput, secret, derSigB64Url);\n } catch {\n ok = false;\n }\n }\n // 2) If explicitly DER -> verify as-is\n else if (format === 'der') {\n ok = SignatureAlgorithm[alg].verify(signingInput, secret, signature);\n }\n // 3) Auto-detect: try DER first, then JOSE\n else {\n ok = SignatureAlgorithm[alg].verify(signingInput, secret, signature);\n if (!ok) {\n try {\n const jose = Buffer.from(signature, 'base64url');\n // quick sanity: only attempt conversion if size matches expected\n if (jose.length === joseLenForAlg(alg)) {\n const derSigB64Url = joseToDer(jose).toString('base64url');\n ok = SignatureAlgorithm[alg].verify(signingInput, secret, derSigB64Url);\n }\n } catch {\n // ignore\n }\n }\n }\n\n if (!ok) {\n return {valid: false, error: {reason: \"Signature verification failed\", code: 'INVALID_SIGNATURE'}};\n }\n }\n\n // Time validation\n const now = Math.floor(Date.now() / 1000);\n const skew = options.clockSkew ?? 0;\n\n if (!options.ignoreExpiration) {\n if (payload.exp !== undefined && now > payload.exp + skew) {\n return {\n valid: false,\n error: {\n reason: 'Token expired',\n code: 'TOKEN_EXPIRED'\n }\n };\n }\n }\n\n if (payload.nbf !== undefined && now + skew < payload.nbf) {\n return {\n valid: false,\n error: {\n reason: 'Token not yet valid',\n code: 'TOKEN_NOT_ACTIVE'\n }\n };\n }\n\n if (payload.iat !== undefined && now + skew < payload.iat) {\n return {\n valid: false,\n error: {\n reason: 'Token issued in the future',\n code: 'TOKEN_FUTURE_ISSUED'\n }\n };\n }\n\n // Maximum token age validation\n if (options.maxTokenAge !== undefined && payload.iat !== undefined) {\n const tokenAge = now - payload.iat;\n if (tokenAge > options.maxTokenAge) {\n return {\n valid: false,\n error: {\n reason: `Token age (${tokenAge}s) exceeds maximum allowed age (${options.maxTokenAge}s)`,\n code: 'TOKEN_TOO_OLD'\n }\n };\n }\n }\n\n // --- Claim validations (only if options provided) ---\n\n // Issuer (`iss`)\n if (options.issuer !== undefined) {\n if (payload.iss === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required issuer claim (\"iss\")',\n code: 'MISSING_ISSUER'\n }\n };\n }\n if (options.issuer !== payload.iss) {\n return {\n valid: false,\n error: {\n reason: `Invalid token issuer: expected \"${options.issuer}\", got \"${payload.iss}\"`,\n code: 'INVALID_ISSUER'\n }\n };\n }\n }\n\n // Subject (`sub`)\n if (options.subject !== undefined) {\n if (payload.sub === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required subject claim (\"sub\")',\n code: 'MISSING_SUBJECT'\n }\n };\n }\n if (options.subject !== payload.sub) {\n return {\n valid: false,\n error: {\n reason: `Invalid token subject: expected \"${options.subject}\", got \"${payload.sub}\"`,\n code: 'INVALID_SUBJECT'\n }\n };\n }\n }\n\n // Audience (`aud`)\n if (options.audience !== undefined) {\n const aud = payload.aud;\n if (aud === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required audience claim (\"aud\")',\n code: 'MISSING_AUDIENCE'\n }\n };\n }\n\n const expectedAud = Array.isArray(options.audience) ? options.audience : [options.audience];\n const tokenAud = Array.isArray(aud) ? aud : [aud];\n\n const hasMatch = expectedAud.some(a => tokenAud.includes(a));\n if (!hasMatch) {\n return {\n valid: false,\n error: {\n reason: 'Audience claim mismatch',\n code: 'INVALID_AUDIENCE'\n }\n };\n }\n }\n\n // JWT ID (`jti`)\n if (options.jwtId !== undefined) {\n if (payload.jti === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required JWT ID claim (\"jti\")',\n code: 'MISSING_JTI'\n }\n };\n }\n if (options.jwtId !== payload.jti) {\n return {\n valid: false,\n error: {\n reason: `Invalid JWT ID: expected \"${options.jwtId}\", got \"${payload.jti}\"`,\n code: 'INVALID_JTI'\n }\n };\n }\n }\n\n return {valid: true, header, payload, signature};\n};\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n} as const;\n","import {\n createPrivateKey,\n createPublicKey,\n createSecretKey,\n createHash,\n type KeyObject\n} from 'crypto';\n\n// JWK Types\nexport type JWK =\n | RSAJWK\n | ECJWK\n | OKPJWK\n | OctJWK;\n\nexport type JWKWithHelpers = JWK & {\n toKeyObject(): KeyObject;\n};\n\nexport interface BaseJWK {\n kty: string;\n kid?: string;\n alg?: string;\n use?: 'sig' | 'enc';\n key_ops?: Array<'sign' | 'verify'>;\n x5c?: string[]; // X.509 cert chain\n x5t?: string; // Base64url thumbprint\n}\n\nexport interface RSAJWK extends BaseJWK {\n kty: 'RSA';\n n: string;\n e: string;\n d?: string;\n p?: string;\n q?: string;\n dp?: string;\n dq?: string;\n qi?: string;\n}\n\nexport interface ECJWK extends BaseJWK {\n kty: 'EC';\n crv: 'P-256' | 'P-384' | 'P-521' | 'secp256k1';\n x: string;\n y: string;\n d?: string;\n}\n\nexport interface OKPJWK extends BaseJWK {\n kty: 'OKP';\n crv: 'Ed25519';\n x: string;\n d?: string;\n}\n\nexport interface OctJWK extends BaseJWK {\n kty: 'oct';\n k: string;\n}\n\n/**\n * Export KeyObject to JWK\n * @param key\n */\nexport function exportJWK(key: KeyObject): JWK {\n if (!key || typeof key !== 'object') throw new Error('Invalid KeyObject');\n return key.export({format: 'jwk'}) as JWK;\n}\n\n/**\n * Import JWK to KeyObject\n * @param jwk\n */\nexport function importJWK(jwk: JWK): KeyObject {\n if (!jwk || typeof jwk !== 'object') throw new Error('Invalid JWK');\n\n switch (jwk.kty) {\n case 'oct': {\n if (!('k' in jwk) || typeof jwk.k !== 'string') {\n throw new Error('Invalid oct JWK: missing \"k\"');\n }\n\n return createSecretKey(Buffer.from(jwk.k, 'base64url'));\n }\n\n case 'RSA':\n case 'EC':\n case 'OKP': {\n // private key\n if ('d' in jwk && typeof (jwk as any).d === 'string') {\n // @ts-ignore\n return createPrivateKey({format: 'jwk', key: jwk});\n }\n\n // public key\n // @ts-ignore\n return createPublicKey({format: 'jwk', key: jwk});\n }\n\n default:\n throw new Error(`Unsupported JWK key type: ${(jwk as any).kty}`);\n }\n}\n\n/**\n * Export public-only JWK\n * @param key\n */\nexport function toPublicJWK(key: KeyObject): JWK {\n if (!key || typeof key !== 'object') {\n throw new Error('Invalid KeyObject');\n }\n\n const publicKey =\n key.type === 'private'\n ? createPublicKey(key)\n : key;\n\n const jwk = publicKey.export({format: 'jwk'}) as JWK;\n\n // Ensure private fields are not present\n delete (jwk as any).d;\n delete (jwk as any).p;\n delete (jwk as any).q;\n delete (jwk as any).dp;\n delete (jwk as any).dq;\n delete (jwk as any).qi;\n return jwk;\n}\n\n/**\n * RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n */\nexport function getJWKThumbprint(jwk: JWK, hashAlg: 'sha256' = 'sha256'): string {\n if (!jwk || typeof jwk !== 'object') {\n throw new Error('Invalid JWK');\n }\n\n let fields: Record<string, string>;\n\n switch (jwk.kty) {\n case 'RSA':\n fields = {e: jwk.e, kty: jwk.kty, n: jwk.n};\n break;\n\n case 'EC':\n fields = {crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y};\n break;\n\n case 'OKP':\n fields = {crv: jwk.crv, kty: jwk.kty, x: jwk.x};\n break;\n\n case 'oct':\n fields = {k: jwk.k, kty: jwk.kty};\n break;\n\n default:\n throw new Error(`Unsupported JWK key type: ${(jwk as any).kty}`);\n }\n\n // Lexicographically sorted JSON\n const json = JSON.stringify(\n Object.keys(fields)\n .sort()\n .reduce((acc, k) => {\n acc[k] = fields[k];\n return acc;\n }, {} as Record<string, string>)\n );\n\n return createHash(hashAlg)\n .update(json)\n .digest('base64url');\n}\n\n\n/**\n * Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport function computeX5T(jwk: JWK): string | undefined {\n if (!jwk.x5c?.length) return undefined;\n return createHash('sha1').update(Buffer.from(jwk.x5c[0], 'base64')).digest('base64url');\n}\n\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n}\n\nexport interface JWKS {\n keys: JWK[];\n}\n\n/**\n * Convert JWKS specific key of first key to KeyObject\n * @param jwks\n * @param kid\n * @constructor\n */\nexport function JWKSToKeyObject(\n jwks: JWKS,\n kid?: string\n): KeyObject {\n if (!jwks || !Array.isArray(jwks.keys)) throw new Error('Invalid JWKS');\n\n let jwk: JWK | undefined;\n\n if (kid) jwk = jwks.keys.find(k => k.kid === kid);\n\n // Fallback: single-key JWKS\n if (!jwk && jwks.keys.length === 1) jwk = jwks.keys[0];\n\n if (!jwk) throw new Error('Key not found in JWKS');\n return importJWK(jwk);\n}\n\n/**\n * Normalize JWKS\n * @param jwks\n */\nexport function normalizeJWKS(jwks: JWKS): JWKS {\n return {\n keys: normalizeJWK(...jwks.keys)\n };\n}\n\nexport function normalizeJWK(...keys: JWK[]): JWKWithHelpers[] {\n return keys.map((jwk) => {\n const normalized = {\n ...jwk,\n kid: jwk.kid ?? getJWKThumbprint(jwk),\n x5t: jwk.x5t ?? computeX5T(jwk)\n } as JWKWithHelpers;\n\n // Keep helper API out of object enumeration/serialization.\n Object.defineProperty(normalized, 'toKeyObject', {\n enumerable: false,\n configurable: false,\n writable: false,\n value: () => importJWK(normalized)\n });\n\n return normalized;\n })\n}\n\nexport const fromWeb = async (\n url: string | URL,\n options: Partial<{\n fetch: typeof fetch;\n ttl: number;\n timeoutMs: number;\n endpointOverride: string;\n overrideEndpointCheck: boolean;\n cache: {\n get: (key: string) => JWKS | undefined | Promise<JWKS | undefined>;\n set: (key: string, value: JWKS) => void | Promise<void>;\n };\n }> = {}\n) => {\n const baseUrl = typeof url === 'string' ? url : url.toString();\n const fetchFn = options.fetch ?? globalThis.fetch;\n const ttl = Math.max(0, options.ttl ?? 5 * 60_000);\n const timeoutMs = Math.max(0, options.timeoutMs ?? 5_000);\n const wellKnownPath = '/.well-known/jwks.json';\n\n if (!fetchFn) {\n throw new Error('No fetch implementation available');\n }\n\n const endpoint = (() => {\n if (options.endpointOverride) {\n const override = options.endpointOverride;\n try {\n return new URL(override, baseUrl).toString();\n } catch {\n return override;\n }\n }\n\n if (options.overrideEndpointCheck) {\n return baseUrl;\n }\n\n if (baseUrl.endsWith(wellKnownPath)) {\n return baseUrl;\n }\n\n return `${baseUrl.replace(/\\/+$/, '')}${wellKnownPath}`;\n })();\n\n const cache = (() => {\n if (options.cache) return options.cache;\n let memoryValue: JWKS | undefined;\n return {\n get: () => memoryValue,\n set: (_key: string, value: JWKS) => {\n memoryValue = value;\n }\n };\n })();\n\n let cachedJWKS: JWKS | undefined;\n let nextRefreshAt = 0;\n let refreshInFlight: Promise<JWKS> | undefined;\n let consecutiveFailures = 0;\n\n const fetchJWKS = async (allowStaleOnFailure: boolean): Promise<JWKS> => {\n if (refreshInFlight) return refreshInFlight;\n\n refreshInFlight = (async () => {\n const controller = new AbortController();\n let timeoutHandle: ReturnType<typeof setTimeout> | undefined;\n\n if (timeoutMs > 0) {\n timeoutHandle = setTimeout(() => controller.abort(), timeoutMs);\n }\n\n let response: Response;\n try {\n response = await fetchFn(endpoint, {signal: controller.signal});\n } catch (error) {\n if (controller.signal.aborted) {\n throw new Error(`JWKS fetch timed out after ${timeoutMs}ms`);\n }\n throw error;\n } finally {\n if (timeoutHandle) clearTimeout(timeoutHandle);\n }\n\n if (!response.ok) {\n throw new Error(`Failed to fetch JWKS: ${response.status} ${response.statusText}`);\n }\n\n const body = await response.json();\n if (!body || typeof body !== 'object' || !Array.isArray((body as any).keys)) {\n throw new Error('Invalid JWKS');\n }\n\n return normalizeJWKS(body as JWKS);\n })();\n\n try {\n const fresh = await refreshInFlight;\n cachedJWKS = fresh;\n await cache.set(endpoint, fresh);\n consecutiveFailures = 0;\n if (ttl > 0) nextRefreshAt = Date.now() + ttl;\n return fresh;\n } catch (error) {\n if (!allowStaleOnFailure || !cachedJWKS) {\n throw error;\n }\n\n consecutiveFailures += 1;\n /* c8 ignore start - stale-on-failure is only reachable when ttl > 0 (auto-refresh path) */\n if (ttl > 0) {\n const backoff = Math.min(\n Math.max(ttl, 30_000) * Math.pow(2, consecutiveFailures - 1),\n 15 * 60_000\n );\n nextRefreshAt = Date.now() + backoff;\n }\n /* c8 ignore stop */\n console.warn(`JWKS refresh failed for \"${endpoint}\", using stale cache.`, error);\n return cachedJWKS;\n } finally {\n refreshInFlight = undefined;\n }\n };\n\n cachedJWKS = await cache.get(endpoint);\n if (!cachedJWKS) {\n cachedJWKS = await fetchJWKS(false);\n } else {\n cachedJWKS = normalizeJWKS(cachedJWKS);\n if (ttl > 0) nextRefreshAt = Date.now() + ttl;\n }\n\n\n return ({\n async list(): Promise<JWKWithHelpers[]> {\n if (ttl > 0 && Date.now() >= nextRefreshAt) {\n await fetchJWKS(true);\n }\n return normalizeJWK(...(cachedJWKS as JWKS).keys);\n },\n async refresh() {\n await fetchJWKS(false);\n return this;\n },\n async key(kid: string): Promise<JWKWithHelpers | undefined> {\n const keys = await this.list();\n const key = keys.find((v) => v.kid === kid)\n if (!key) return undefined;\n return normalizeJWK(key)[0];\n },\n async find(input: Partial<BaseJWK>): Promise<JWKWithHelpers[]> {\n const keys = await this.list();\n const entries = Object.entries(input) as Array<[keyof BaseJWK, BaseJWK[keyof BaseJWK]]>;\n\n if (entries.length === 0) return normalizeJWK(...keys);\n\n return normalizeJWK(...keys.filter((key) =>\n entries.every(([field, expected]) => {\n const value = key[field];\n if (Array.isArray(expected)) {\n return Array.isArray(value)\n && value.length === expected.length\n && value.every((item, i) => item === expected[i]);\n }\n return value === expected;\n })\n ));\n },\n async findFirst(input: Partial<BaseJWK>): Promise<JWKWithHelpers | undefined> {\n return this.find(input).then(([key]) => key);\n },\n export(): JWKS | undefined {\n return cachedJWKS;\n }\n });\n}\n\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n fromWeb\n}\n"],"names":["base64Url","input","timingSafeCompare","a","b","timingSafeEqual","BASE64URL_SEGMENT_REGEX","isPlainObject","isFiniteNumber","isStringArray","value","validateRegisteredClaims","payload","claimValidators","entry","validateVerifyOptions","options","invalidAlgorithm","alg","SignatureAlgorithm","joseLenForAlg","derToJose","der","outLen","i","seqLen","n","k","rLen","r","sLen","rPad","sPad","joseToDer","jose","half","s","rPart","sPart","lenBytes","tmp","isEcdsaAlg","data","secret","createHmac","signature","expected","createSign","createVerify","crypto","cryptoSign","cryptoVerify","SupportedAlgorithms","AutodetectAlgorithm","key","asymKeyType","details","hash","curve","toKeyObject","createPrivateKey","buffer","createSecretKey","decode","token","parts","headerPart","payloadPart","decodedHeader","decodedPayload","header","err","sign","signatureFormat","typ","headerEncoded","payloadEncoded","signingInput","verify","invalidOptions","decoded","invalidClaims","format","ok","derSigB64Url","isValidSignature","now","skew","tokenAge","aud","expectedAud","tokenAud","JWT","exportJWK","importJWK","jwk","createPublicKey","toPublicJWK","getJWKThumbprint","hashAlg","fields","json","acc","createHash","computeX5T","JWK","JWKSToKeyObject","jwks","kid","normalizeJWKS","normalizeJWK","keys","normalized","fromWeb","url","baseUrl","fetchFn","ttl","timeoutMs","wellKnownPath","endpoint","override","cache","memoryValue","_key","cachedJWKS","nextRefreshAt","refreshInFlight","consecutiveFailures","fetchJWKS","allowStaleOnFailure","controller","timeoutHandle","response","error","body","fresh","backoff","v","entries","field","item","JWKS"],"mappings":";AAeO,MAAMA,IAAY;AAAA,EACrB,QAAQ,CAACC,MAAmC,OAAO,KAAKA,CAAK,EAAE,SAAS,WAAW;AAAA,EACnF,QAAQ,CAACA,MAA0B,OAAO,KAAKA,GAAO,WAAW,EAAE,SAAA;AACvE,GAOMC,IAAoB,CAACC,GAAWC,MAC9BD,EAAE,WAAWC,EAAE,SACR,KAEJC,EAAgB,OAAO,KAAKF,CAAC,GAAG,OAAO,KAAKC,CAAC,CAAC,GAwDnDE,IAA0B;AAEhC,SAASC,EAAcN,GAAkD;AACrE,SAAO,OAAOA,KAAU,YAAYA,MAAU,QAAQ,CAAC,MAAM,QAAQA,CAAK;AAC9E;AAEA,SAASO,EAAeP,GAAiC;AACrD,SAAO,OAAOA,KAAU,YAAY,OAAO,SAASA,CAAK;AAC7D;AAEA,SAASQ,EAAcR,GAAmC;AACtD,SAAO,MAAM,QAAQA,CAAK,KAAKA,EAAM,MAAM,CAACS,MAAU,OAAOA,KAAU,QAAQ;AACnF;AAEA,SAASC,EAAyBC,GAA8D;AAC5F,QAAMC,IAAwF;AAAA,IAC1F,EAAC,OAAO,OAAO,OAAOD,EAAQ,QAAQ,UAAa,OAAOA,EAAQ,OAAQ,UAAU,UAAU,SAAA;AAAA,IAC9F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAa,OAAOA,EAAQ,OAAQ,UAAU,UAAU,SAAA;AAAA,IAC9F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAa,OAAOA,EAAQ,OAAQ,UAAU,UAAU,SAAA;AAAA,IAC9F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAa,OAAOA,EAAQ,OAAQ,UAAU,UAAU,SAAA;AAAA,IAC9F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAaJ,EAAeI,EAAQ,GAAG,GAAG,UAAU,SAAA;AAAA,IAC1F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAaJ,EAAeI,EAAQ,GAAG,GAAG,UAAU,SAAA;AAAA,IAC1F,EAAC,OAAO,OAAO,OAAOA,EAAQ,QAAQ,UAAaJ,EAAeI,EAAQ,GAAG,GAAG,UAAU,SAAA;AAAA,EAAQ;AAGtG,aAAWE,KAASD;AAChB,QAAI,CAACC,EAAM;AACP,aAAO;AAAA,QACH,QAAQ,YAAYA,EAAM,KAAK,qBAAqBA,EAAM,QAAQ;AAAA,QAClE,MAAM;AAAA,MAAA;AAKlB,SAAIF,EAAQ,QAAQ,UAEZ,EADoB,OAAOA,EAAQ,OAAQ,YAAYH,EAAcG,EAAQ,GAAG,KAEzE;AAAA,IACH,QAAQ;AAAA,IACR,MAAM;AAAA,EAAA,IAKX;AACX;AAEA,SAASG,EAAsBC,GAAiE;AAC5F,MAAIA,EAAQ,oBAAoB,UAAaA,EAAQ,oBAAoB,SAASA,EAAQ,oBAAoB;AAC1G,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,cAAc,WAAc,CAACR,EAAeQ,EAAQ,SAAS,KAAKA,EAAQ,YAAY;AAC9F,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,gBAAgB,WAAc,CAACR,EAAeQ,EAAQ,WAAW,KAAKA,EAAQ,cAAc;AACpG,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,WAAW,UAAa,OAAOA,EAAQ,UAAW;AAC1D,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,YAAY,UAAa,OAAOA,EAAQ,WAAY;AAC5D,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,UAAU,UAAa,OAAOA,EAAQ,SAAU;AACxD,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAId,MAAIA,EAAQ,aAAa,UAEjB,EADoB,OAAOA,EAAQ,YAAa,YAAYP,EAAcO,EAAQ,QAAQ;AAE1F,WAAO;AAAA,MACH,QAAQ;AAAA,MACR,MAAM;AAAA,IAAA;AAKlB,MAAIA,EAAQ,eAAe,QAAW;AAClC,QAAI,CAAC,MAAM,QAAQA,EAAQ,UAAU;AACjC,aAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAId,UAAMC,IAAmBD,EAAQ,WAAW,KAAK,CAACE,MAAQ,EAAEA,KAAOC,EAAmB;AACtF,QAAIF;AACA,aAAO;AAAA,QACH,QAAQ,qDAAqDA,CAAgB;AAAA,QAC7E,MAAM;AAAA,MAAA;AAAA,EAGlB;AAEA,SAAO;AACX;AAIA,SAASG,EAAcF,GAAqB;AACxC,UAAQA,GAAA;AAAA,IACJ,KAAK;AAAA,IACL,KAAK;AACD,aAAO;AAAA;AAAA,IACX,KAAK;AACD,aAAO;AAAA;AAAA,IACX,KAAK;AACD,aAAO;AAAA;AAAA;AAAA,IAEX;AACI,YAAM,IAAI,MAAM,8CAA8CA,CAAG,EAAE;AAAA,EAAA;AAE/E;AAEA,SAASG,EAAUC,GAAaC,GAAwB;AACpD,MAAIC,IAAI;AACR,MAAIF,EAAIE,GAAG,MAAM,GAAM,OAAM,IAAI,MAAM,6BAA6B;AAGpE,MAAIC,IAASH,EAAIE,GAAG;AACpB,MAAIC,IAAS,KAAM;AACf,UAAMC,IAAID,IAAS;AACnB,IAAAA,IAAS;AACT,aAASE,IAAI,GAAGA,IAAID,GAAGC,IAAK,CAAAF,IAAUA,KAAU,IAAKH,EAAIE,GAAG;AAAA,EAChE;AAEA,MAAIF,EAAIE,GAAG,MAAM,EAAM,OAAM,IAAI,MAAM,iCAAiC;AACxE,QAAMI,IAAON,EAAIE,GAAG;AACpB,MAAIK,IAAIP,EAAI,SAASE,GAAGA,IAAII,CAAI;AAGhC,MAFAJ,KAAKI,GAEDN,EAAIE,GAAG,MAAM,EAAM,OAAM,IAAI,MAAM,iCAAiC;AACxE,QAAMM,IAAOR,EAAIE,GAAG;AACpB,MAAI,IAAIF,EAAI,SAASE,GAAGA,IAAIM,CAAI;AAGhC,SAAOD,EAAE,SAASN,IAAS,KAAKM,EAAE,CAAC,MAAM,IAAM,CAAAA,IAAIA,EAAE,SAAS,CAAC;AAC/D,SAAO,EAAE,SAASN,IAAS,KAAK,EAAE,CAAC,MAAM,IAAM,KAAI,EAAE,SAAS,CAAC;AAE/D,QAAMQ,IAAO,OAAO,OAAO,CAAC,OAAO,MAAMR,IAAS,IAAIM,EAAE,QAAQ,CAAC,GAAGA,CAAC,CAAC,GAChEG,IAAO,OAAO,OAAO,CAAC,OAAO,MAAMT,IAAS,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;AACtE,SAAO,OAAO,OAAO,CAACQ,GAAMC,CAAI,CAAC;AACrC;AAEA,SAASC,EAAUC,GAAsB;AACrC,QAAMC,IAAOD,EAAK,SAAS;AAC3B,MAAI,IAAIA,EAAK,SAAS,GAAGC,CAAI,GACzBC,IAAIF,EAAK,SAASC,CAAI;AAG1B,SAAO,EAAE,SAAS,KAAK,EAAE,CAAC,MAAM,MAAS,EAAE,CAAC,IAAI,SAAU,IAAG,KAAI,EAAE,SAAS,CAAC;AAC7E,SAAOC,EAAE,SAAS,KAAKA,EAAE,CAAC,MAAM,MAASA,EAAE,CAAC,IAAI,SAAU,IAAG,CAAAA,IAAIA,EAAE,SAAS,CAAC;AAG7E,EAAI,EAAE,CAAC,IAAI,YAAU,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,CAAI,CAAC,GAAG,CAAC,CAAC,IACvDA,EAAE,CAAC,IAAI,YAAU,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,CAAI,CAAC,GAAGA,CAAC,CAAC;AAE3D,QAAMC,IAAQ,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,GAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,GACxDC,IAAQ,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,GAAMF,EAAE,MAAM,CAAC,GAAGA,CAAC,CAAC,GAExDX,IAASY,EAAM,SAASC,EAAM;AAEpC,MAAIC;AACJ,MAAId,IAAS;AACT,IAAAc,IAAW,OAAO,KAAK,CAACd,CAAM,CAAC;AAAA,OAC5B;AACH,UAAMe,IAAgB,CAAA;AACtB,QAAId,IAAID;AACR,WAAOC,IAAI;AACP,MAAAc,EAAI,QAAQd,IAAI,GAAI,GACpBA,MAAM;AAEV,IAAAa,IAAW,OAAO,KAAK,CAAC,MAAOC,EAAI,QAAQ,GAAGA,CAAG,CAAC;AAAA,EACtD;AAEA,SAAO,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,EAAI,CAAC,GAAGD,GAAUF,GAAOC,CAAK,CAAC;AACtE;AAEA,SAASG,EAAWvB,GAAsB;AACtC,SAAOA,MAAQ,WAAWA,MAAQ,WAAWA,MAAQ,WAAWA,MAAQ;AAC5E;AAIO,MAAMC,IAAqB;AAAA;AAAA,EAE9B,OAAO;AAAA,IACH,MAAM,CAACuB,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOxC,EAAkB4C,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOxC,EAAkB4C,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOxC,EAAkB4C,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA;AAAA,EAIJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA;AAAA,EAIJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,QAAQ;AAAA,IACJ,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBO,EAAW,MAAM,OAAOR,KAAS,WAAW,OAAO,KAAKA,GAAM,MAAM,IAAIA,GAAMC,CAAM,EAC/E,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOM;AAAAA,UACH;AAAA,UACA,OAAOT,KAAS,WAAW,OAAO,KAAKA,GAAM,MAAM,IAAIA;AAAA,UACvDC;AAAA,UACA,OAAO,KAAKE,GAAW,WAAW;AAAA,QAAA;AAAA,MAE1C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAER,GAIaO,KAAsB,OAAO,KAAKjC,CAAkB;AAO1D,SAASkC,EAAoBC,GAAoC;AACpE,MAAIA,EAAI,SAAS,SAAU,QAAO;AAClC,MAAIA,EAAI,SAAS,UAAW,OAAM,IAAI,MAAM,yDAAyD;AAErG,QAAMC,IAAcD,EAAI,mBAClBE,IAAUF,EAAI;AAEpB,UAAQC,GAAA;AAAA,IACJ,KAAK;AACD,aAAO;AAAA,IACX,KAAK,WAAW;AACZ,YAAME,IAAOD,GAAS,iBAAiB;AACvC,cAAQC,GAAA;AAAA,QACJ,KAAK;AACD,iBAAO;AAAA,QACX,KAAK;AACD,iBAAO;AAAA,QACX,KAAK;AACD,iBAAO;AAAA,QACX;AACI,gBAAM,IAAI,MAAM,uCAAuCA,CAAI,EAAE;AAAA,MAAA;AAAA,IAEzE;AAAA,IACA,KAAK,MAAM;AACP,YAAMC,IAAQF,GAAS;AACvB,cAAQE,GAAA;AAAA,QACJ,KAAK;AAAA,QACL,KAAK;AACD,iBAAO;AAAA,QACX,KAAK;AAAA,QACL,KAAK;AACD,iBAAO;AAAA,QACX,KAAK;AAAA,QACL,KAAK;AACD,iBAAO;AAAA,QACX,KAAK;AACD,iBAAO;AAAA,QACX;AACI,gBAAM,IAAI,MAAM,yBAAyBA,CAAK,EAAE;AAAA,MAAA;AAAA,IAE5D;AAAA,IACA,KAAK;AACD,aAAO;AAAA,IACX;AACI,YAAM,IAAI,MAAM,oCAAoCH,CAAW,EAAE;AAAA,EAAA;AAE7E;AAMA,SAASI,EAAYL,GAAyB;AAE1C,MAAI,OAAOA,KAAQ,YAAY,UAAUA,EAAK,QAAOA;AAGrD,MAAI;AACA,WAAOM,EAAiBN,CAAG;AAAA,EAC/B,QAAQ;AAEJ,UAAMO,IACF,OAAOP,KAAQ,WACT,OAAO,KAAKA,GAAK,MAAM,IACvB,OAAO,SAASA,CAAG,IACfA,KACC,MAAM;AACL,YAAM,IAAI,MAAM,sBAAsB;AAAA,IAC1C,GAAA;AAEZ,WAAOQ,EAAgBD,CAAM;AAAA,EACjC;AACJ;AAMO,MAAME,IAAS,CAACC,MAAuB;AAC1C,QAAMC,IAAQD,EAAM,MAAM,GAAG;AAC7B,MAAIC,EAAM,WAAW;AACjB,UAAM,IAAI,MAAM,4DAA4D;AAGhF,QAAM,CAACC,GAAYC,GAAatB,CAAS,IAAIoB;AAE7C,MAAI,CAACC,KAAc,CAACC,KAAe,CAACtB;AAChC,UAAM,IAAI,MAAM,kCAAkC;AAGtD,MAAI,CAACvC,EAAwB,KAAK4D,CAAU,KAAK,CAAC5D,EAAwB,KAAK6D,CAAW,KAAK,CAAC7D,EAAwB,KAAKuC,CAAS;AAClI,UAAM,IAAI,MAAM,gDAAgD;AAGpE,MAAI;AACA,UAAMuB,IAAgB,KAAK,MAAMpE,EAAU,OAAOkE,CAAU,CAAC,GACvDG,IAAiB,KAAK,MAAMrE,EAAU,OAAOmE,CAAW,CAAC;AAE/D,QAAI,CAAC5D,EAAc6D,CAAa,KAAK,CAAC7D,EAAc8D,CAAc;AAC9D,YAAM,IAAI,MAAM,yCAAyC;AAG7D,UAAMC,IAASF,GACTxD,IAAUyD;AAEhB,QAAI,OAAOC,EAAO,OAAQ,YAAYA,EAAO,IAAI,WAAW;AACxD,YAAM,IAAI,MAAM,uCAAuC;AAE3D,QAAIA,EAAO,QAAQ,UAAa,OAAOA,EAAO,OAAQ;AAClD,YAAM,IAAI,MAAM,6BAA6B;AAEjD,QAAIA,EAAO,QAAQ,UAAa,OAAOA,EAAO,OAAQ;AAClD,YAAM,IAAI,MAAM,6BAA6B;AAGjD,WAAO,EAAC,QAAAA,GAAQ,SAAA1D,GAAS,WAAAiC,EAAA;AAAA,EAC7B,SAAS0B,GAAK;AACV,UAAM,IAAI,MAAM,6CAA8CA,EAAc,OAAO,GAAG;AAAA,EAC1F;AACJ,GAkBaC,KAAO,CAChB5D,GACA+B,GACA3B,IAAuB,CAAA,MACd;AACT,QAAMsC,IAAMK,EAAYhB,CAAM,GACxBzB,IAAMF,EAAQ,OAAOqC,EAAoBC,CAAG,GAC5CmB,IAAkBzD,EAAQ,mBAAmB,OAC7C0D,IAAM1D,EAAQ,OAAO;AAE3B,MAAI,EAAEE,KAAOC,GAAqB,OAAM,IAAI,MAAM,0BAA0BD,CAAG,EAAE;AAEjF,QAAMoD,IAAoB,EAAC,KAAApD,GAAK,KAAAwD,EAAA;AAChC,EAAI1D,EAAQ,QAAKsD,EAAO,MAAMtD,EAAQ;AAEtC,QAAM2D,IAAgB3E,EAAU,OAAO,KAAK,UAAUsE,CAAM,CAAC,GACvDM,IAAiB5E,EAAU,OAAO,KAAK,UAAUY,CAAO,CAAC,GAEzDiE,IAAe,GAAGF,CAAa,IAAIC,CAAc;AAGvD,MAAI/B,IAAY1B,EAAmBD,CAAG,EAAE,KAAK2D,GAAclC,CAAM;AAGjE,MAAI8B,MAAoB,UAAUhC,EAAWvB,CAAG,GAAG;AAC/C,UAAMI,IAAM,OAAO,KAAKuB,GAAW,WAAW;AAE9C,IAAAA,IADaxB,EAAUC,GAAKF,EAAcF,CAAG,CAAC,EAC7B,SAAS,WAAW;AAAA,EACzC;AAEA,SAAO,GAAGyD,CAAa,IAAIC,CAAc,IAAI/B,CAAS;AAE1D,GAoBaiC,KAAS,CAClBd,GACArB,GACA3B,IAA0B,CAAA,MAGqC;AAC/D,QAAM+D,IAAiBhE,EAAsBC,CAAO;AACpD,MAAI+D;AACA,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAOA;AAAA,IAAA;AAIf,MAAIC;AACJ,MAAI;AACA,IAAAA,IAAUjB,EAAOC,CAAK;AAAA,EAC1B,SAASO,GAAK;AACV,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAASA,EAAc;AAAA,QACvB,MAAM;AAAA,MAAA;AAAA,IACV;AAAA,EAER;AAEA,QAAM,EAAC,QAAAD,GAAQ,SAAA1D,GAAS,WAAAiC,EAAA,IAAamC,GAC/BC,IAAgBtE,EAAyBC,CAAO;AACtD,MAAIqE;AACA,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAOA;AAAA,IAAA;AAKf,QAAM/D,IAAMoD,EAAO;AACnB,MAAI,EAAEpD,KAAOC;AACT,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,qCAAqCmD,EAAO,GAAG;AAAA,QACvD,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,MAAItD,EAAQ,cAAcA,EAAQ,WAAW,SAAS,KAC9C,CAACA,EAAQ,WAAW,SAASE,CAAG;AAChC,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,cAAcA,CAAG;AAAA,QACzB,MAAM;AAAA,MAAA;AAAA,IACV;AAMZ,MAAIoD,EAAO,QAAQ,UAAaA,EAAO,QAAQ;AAC3C,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,4CAA4CA,EAAO,GAAG;AAAA,QAC9D,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,QAAM,CAACJ,GAAYC,CAAW,IAAIH,EAAM,MAAM,GAAG,GAC3Ca,IAAe,GAAGX,CAAU,IAAIC,CAAW;AAEjD,MAAK1B,EAAWvB,CAAG,GAWZ;AAEH,UAAMgE,IAASlE,EAAQ;AAEvB,QAAImE;AAGJ,QAAID,MAAW;AACX,UAAI;AACA,cAAMhD,IAAO,OAAO,KAAKW,GAAW,WAAW,GACzCuC,IAAenD,EAAUC,CAAI,EAAE,SAAS,WAAW;AACzD,QAAAiD,IAAKhE,EAAmBD,CAAG,EAAE,OAAO2D,GAAclC,GAAQyC,CAAY;AAAA,MAC1E,QAAQ;AACJ,QAAAD,IAAK;AAAA,MACT;AAAA,aAGKD,MAAW;AAChB,MAAAC,IAAKhE,EAAmBD,CAAG,EAAE,OAAO2D,GAAclC,GAAQE,CAAS;AAAA,aAInEsC,IAAKhE,EAAmBD,CAAG,EAAE,OAAO2D,GAAclC,GAAQE,CAAS,GAC/D,CAACsC;AACD,UAAI;AACA,cAAMjD,IAAO,OAAO,KAAKW,GAAW,WAAW;AAE/C,YAAIX,EAAK,WAAWd,EAAcF,CAAG,GAAG;AACpC,gBAAMkE,IAAenD,EAAUC,CAAI,EAAE,SAAS,WAAW;AACzD,UAAAiD,IAAKhE,EAAmBD,CAAG,EAAE,OAAO2D,GAAclC,GAAQyC,CAAY;AAAA,QAC1E;AAAA,MACJ,QAAQ;AAAA,MAER;AAIR,QAAI,CAACD;AACD,aAAO,EAAC,OAAO,IAAO,OAAO,EAAC,QAAQ,iCAAiC,MAAM,sBAAmB;AAAA,EAExG,OAnDsB;AAElB,QAAIE,IAAmB;AACvB,QAAI;AACA,MAAAA,IAAmBlE,EAAmBD,CAAG,EAAE,OAAO2D,GAAclC,GAAQE,CAAS;AAAA,IACrF,QAAQ;AACJ,MAAAwC,IAAmB;AAAA,IACvB;AACA,QAAI,CAACA;AACD,aAAO,EAAC,OAAO,IAAO,OAAO,EAAC,QAAQ,iCAAiC,MAAM,sBAAmB;AAAA,EAExG;AA2CA,QAAMC,IAAM,KAAK,MAAM,KAAK,IAAA,IAAQ,GAAI,GAClCC,IAAOvE,EAAQ,aAAa;AAElC,MAAI,CAACA,EAAQ,oBACLJ,EAAQ,QAAQ,UAAa0E,IAAM1E,EAAQ,MAAM2E;AACjD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAKZ,MAAI3E,EAAQ,QAAQ,UAAa0E,IAAMC,IAAO3E,EAAQ;AAClD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAIR,MAAIA,EAAQ,QAAQ,UAAa0E,IAAMC,IAAO3E,EAAQ;AAClD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,MAAII,EAAQ,gBAAgB,UAAaJ,EAAQ,QAAQ,QAAW;AAChE,UAAM4E,IAAWF,IAAM1E,EAAQ;AAC/B,QAAI4E,IAAWxE,EAAQ;AACnB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,cAAcwE,CAAQ,mCAAmCxE,EAAQ,WAAW;AAAA,UACpF,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAKA,MAAIA,EAAQ,WAAW,QAAW;AAC9B,QAAIJ,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAII,EAAQ,WAAWJ,EAAQ;AAC3B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,mCAAmCI,EAAQ,MAAM,WAAWJ,EAAQ,GAAG;AAAA,UAC/E,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAII,EAAQ,YAAY,QAAW;AAC/B,QAAIJ,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAII,EAAQ,YAAYJ,EAAQ;AAC5B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,oCAAoCI,EAAQ,OAAO,WAAWJ,EAAQ,GAAG;AAAA,UACjF,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAII,EAAQ,aAAa,QAAW;AAChC,UAAMyE,IAAM7E,EAAQ;AACpB,QAAI6E,MAAQ;AACR,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAIR,UAAMC,IAAc,MAAM,QAAQ1E,EAAQ,QAAQ,IAAIA,EAAQ,WAAW,CAACA,EAAQ,QAAQ,GACpF2E,IAAW,MAAM,QAAQF,CAAG,IAAIA,IAAM,CAACA,CAAG;AAGhD,QAAI,CADaC,EAAY,KAAK,OAAKC,EAAS,SAASxF,CAAC,CAAC;AAEvD,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAIa,EAAQ,UAAU,QAAW;AAC7B,QAAIJ,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAII,EAAQ,UAAUJ,EAAQ;AAC1B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,6BAA6BI,EAAQ,KAAK,WAAWJ,EAAQ,GAAG;AAAA,UACxE,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAEA,SAAO,EAAC,OAAO,IAAM,QAAA0D,GAAQ,SAAA1D,GAAS,WAAAiC,EAAA;AAC1C,GAGa+C,KAAM;AAAA,EACf,MAAApB;AAAA,EACA,QAAAM;AAAA,EACA,QAAAf;AAAA,EACA,YAAY5C;AAChB;AC76BO,SAAS0E,GAAUvC,GAAqB;AAC3C,MAAI,CAACA,KAAO,OAAOA,KAAQ,SAAU,OAAM,IAAI,MAAM,mBAAmB;AACxE,SAAOA,EAAI,OAAO,EAAC,QAAQ,OAAM;AACrC;AAMO,SAASwC,EAAUC,GAAqB;AAC3C,MAAI,CAACA,KAAO,OAAOA,KAAQ,SAAU,OAAM,IAAI,MAAM,aAAa;AAElE,UAAQA,EAAI,KAAA;AAAA,IACR,KAAK,OAAO;AACR,UAAI,EAAE,OAAOA,MAAQ,OAAOA,EAAI,KAAM;AAClC,cAAM,IAAI,MAAM,8BAA8B;AAGlD,aAAOjC,EAAgB,OAAO,KAAKiC,EAAI,GAAG,WAAW,CAAC;AAAA,IAC1D;AAAA,IAEA,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAED,aAAI,OAAOA,KAAO,OAAQA,EAAY,KAAM,WAEjCnC,EAAiB,EAAC,QAAQ,OAAO,KAAKmC,GAAI,IAK9CC,EAAgB,EAAC,QAAQ,OAAO,KAAKD,GAAI;AAAA,IAGpD;AACI,YAAM,IAAI,MAAM,6BAA8BA,EAAY,GAAG,EAAE;AAAA,EAAA;AAE3E;AAMO,SAASE,GAAY3C,GAAqB;AAC7C,MAAI,CAACA,KAAO,OAAOA,KAAQ;AACvB,UAAM,IAAI,MAAM,mBAAmB;AAQvC,QAAMyC,KAJFzC,EAAI,SAAS,YACP0C,EAAgB1C,CAAG,IACnBA,GAEY,OAAO,EAAC,QAAQ,OAAM;AAG5C,gBAAQyC,EAAY,GACpB,OAAQA,EAAY,GACpB,OAAQA,EAAY,GACpB,OAAQA,EAAY,IACpB,OAAQA,EAAY,IACpB,OAAQA,EAAY,IACbA;AACX;AAOO,SAASG,EAAiBH,GAAUI,IAAoB,UAAkB;AAC7E,MAAI,CAACJ,KAAO,OAAOA,KAAQ;AACvB,UAAM,IAAI,MAAM,aAAa;AAGjC,MAAIK;AAEJ,UAAQL,EAAI,KAAA;AAAA,IACR,KAAK;AACD,MAAAK,IAAS,EAAC,GAAGL,EAAI,GAAG,KAAKA,EAAI,KAAK,GAAGA,EAAI,EAAA;AACzC;AAAA,IAEJ,KAAK;AACD,MAAAK,IAAS,EAAC,KAAKL,EAAI,KAAK,KAAKA,EAAI,KAAK,GAAGA,EAAI,GAAG,GAAGA,EAAI,EAAA;AACvD;AAAA,IAEJ,KAAK;AACD,MAAAK,IAAS,EAAC,KAAKL,EAAI,KAAK,KAAKA,EAAI,KAAK,GAAGA,EAAI,EAAA;AAC7C;AAAA,IAEJ,KAAK;AACD,MAAAK,IAAS,EAAC,GAAGL,EAAI,GAAG,KAAKA,EAAI,IAAA;AAC7B;AAAA,IAEJ;AACI,YAAM,IAAI,MAAM,6BAA8BA,EAAY,GAAG,EAAE;AAAA,EAAA;AAIvE,QAAMM,IAAO,KAAK;AAAA,IACd,OAAO,KAAKD,CAAM,EACb,OACA,OAAO,CAACE,GAAK3E,OACV2E,EAAI3E,CAAC,IAAIyE,EAAOzE,CAAC,GACV2E,IACR,CAAA,CAA4B;AAAA,EAAA;AAGvC,SAAOC,EAAWJ,CAAO,EACpB,OAAOE,CAAI,EACX,OAAO,WAAW;AAC3B;AAOO,SAASG,GAAWT,GAA8B;AACrD,MAAKA,EAAI,KAAK;AACd,WAAOQ,EAAW,MAAM,EAAE,OAAO,OAAO,KAAKR,EAAI,IAAI,CAAC,GAAG,QAAQ,CAAC,EAAE,OAAO,WAAW;AAC1F;AAEO,MAAMU,KAAM;AAAA,EACf,QAAQZ;AAAA,EACR,QAAQC;AAAA,EACR,UAAUG;AAAA,EACV,YAAYC;AAChB;AAYO,SAASQ,GACZC,GACAC,GACS;AACT,MAAI,CAACD,KAAQ,CAAC,MAAM,QAAQA,EAAK,IAAI,EAAG,OAAM,IAAI,MAAM,cAAc;AAEtE,MAAIZ;AAOJ,MALIa,UAAWD,EAAK,KAAK,KAAK,CAAAhF,MAAKA,EAAE,QAAQiF,CAAG,IAG5C,CAACb,KAAOY,EAAK,KAAK,WAAW,MAAGZ,IAAMY,EAAK,KAAK,CAAC,IAEjD,CAACZ,EAAK,OAAM,IAAI,MAAM,uBAAuB;AACjD,SAAOD,EAAUC,CAAG;AACxB;AAMO,SAASc,EAAcF,GAAkB;AAC5C,SAAO;AAAA,IACH,MAAMG,EAAa,GAAGH,EAAK,IAAI;AAAA,EAAA;AAEvC;AAEO,SAASG,KAAgBC,GAA+B;AAC3D,SAAOA,EAAK,IAAI,CAAChB,MAAQ;AACrB,UAAMiB,IAAa;AAAA,MACf,GAAGjB;AAAA,MACH,KAAKA,EAAI,OAAOG,EAAiBH,CAAG;AAAA,MACpC,KAAKA,EAAI,OAAOS,GAAWT,CAAG;AAAA,IAAA;AAIlC,kBAAO,eAAeiB,GAAY,eAAe;AAAA,MAC7C,YAAY;AAAA,MACZ,cAAc;AAAA,MACd,UAAU;AAAA,MACV,OAAO,MAAMlB,EAAUkB,CAAU;AAAA,IAAA,CACpC,GAEMA;AAAA,EACX,CAAC;AACL;AAEO,MAAMC,KAAU,OACnBC,GACAlG,IAUK,OACJ;AACD,QAAMmG,IAAU,OAAOD,KAAQ,WAAWA,IAAMA,EAAI,SAAA,GAC9CE,IAAUpG,EAAQ,SAAS,WAAW,OACtCqG,IAAM,KAAK,IAAI,GAAGrG,EAAQ,OAAO,IAAI,GAAM,GAC3CsG,IAAY,KAAK,IAAI,GAAGtG,EAAQ,aAAa,GAAK,GAClDuG,IAAgB;AAEtB,MAAI,CAACH;AACD,UAAM,IAAI,MAAM,mCAAmC;AAGvD,QAAMI,KAAY,MAAM;AACpB,QAAIxG,EAAQ,kBAAkB;AAC1B,YAAMyG,IAAWzG,EAAQ;AACzB,UAAI;AACA,eAAO,IAAI,IAAIyG,GAAUN,CAAO,EAAE,SAAA;AAAA,MACtC,QAAQ;AACJ,eAAOM;AAAA,MACX;AAAA,IACJ;AAMA,WAJIzG,EAAQ,yBAIRmG,EAAQ,SAASI,CAAa,IACvBJ,IAGJ,GAAGA,EAAQ,QAAQ,QAAQ,EAAE,CAAC,GAAGI,CAAa;AAAA,EACzD,GAAA,GAEMG,KAAS,MAAM;AACjB,QAAI1G,EAAQ,MAAO,QAAOA,EAAQ;AAClC,QAAI2G;AACJ,WAAO;AAAA,MACH,KAAK,MAAMA;AAAA,MACX,KAAK,CAACC,GAAclH,MAAgB;AAChC,QAAAiH,IAAcjH;AAAA,MAClB;AAAA,IAAA;AAAA,EAER,GAAA;AAEA,MAAImH,GACAC,IAAgB,GAChBC,GACAC,IAAsB;AAE1B,QAAMC,IAAY,OAAOC,MAAgD;AACrE,QAAIH,EAAiB,QAAOA;AAE5B,IAAAA,KAAmB,YAAY;AAC3B,YAAMI,IAAa,IAAI,gBAAA;AACvB,UAAIC;AAEJ,MAAId,IAAY,MACZc,IAAgB,WAAW,MAAMD,EAAW,MAAA,GAASb,CAAS;AAGlE,UAAIe;AACJ,UAAI;AACA,QAAAA,IAAW,MAAMjB,EAAQI,GAAU,EAAC,QAAQW,EAAW,QAAO;AAAA,MAClE,SAASG,GAAO;AACZ,cAAIH,EAAW,OAAO,UACZ,IAAI,MAAM,8BAA8Bb,CAAS,IAAI,IAEzDgB;AAAA,MACV,UAAA;AACI,QAAIF,kBAA4BA,CAAa;AAAA,MACjD;AAEA,UAAI,CAACC,EAAS;AACV,cAAM,IAAI,MAAM,yBAAyBA,EAAS,MAAM,IAAIA,EAAS,UAAU,EAAE;AAGrF,YAAME,IAAO,MAAMF,EAAS,KAAA;AAC5B,UAAI,CAACE,KAAQ,OAAOA,KAAS,YAAY,CAAC,MAAM,QAASA,EAAa,IAAI;AACtE,cAAM,IAAI,MAAM,cAAc;AAGlC,aAAO1B,EAAc0B,CAAY;AAAA,IACrC,GAAA;AAEA,QAAI;AACA,YAAMC,IAAQ,MAAMT;AACpB,aAAAF,IAAaW,GACb,MAAMd,EAAM,IAAIF,GAAUgB,CAAK,GAC/BR,IAAsB,GAClBX,IAAM,MAAGS,IAAgB,KAAK,QAAQT,IACnCmB;AAAA,IACX,SAASF,GAAO;AACZ,UAAI,CAACJ,KAAuB,CAACL;AACzB,cAAMS;AAKV,UAFAN,KAAuB,GAEnBX,IAAM,GAAG;AACT,cAAMoB,IAAU,KAAK;AAAA,UACjB,KAAK,IAAIpB,GAAK,GAAM,IAAI,KAAK,IAAI,GAAGW,IAAsB,CAAC;AAAA,UAC3D;AAAA,QAAK;AAET,QAAAF,IAAgB,KAAK,QAAQW;AAAA,MACjC;AAEA,qBAAQ,KAAK,4BAA4BjB,CAAQ,yBAAyBc,CAAK,GACxET;AAAA,IACX,UAAA;AACI,MAAAE,IAAkB;AAAA,IACtB;AAAA,EACJ;AAEA,SAAAF,IAAa,MAAMH,EAAM,IAAIF,CAAQ,GAChCK,KAGDA,IAAahB,EAAcgB,CAAU,GACjCR,IAAM,MAAGS,IAAgB,KAAK,QAAQT,MAH1CQ,IAAa,MAAMI,EAAU,EAAK,GAO9B;AAAA,IACJ,MAAM,OAAkC;AACpC,aAAIZ,IAAM,KAAK,KAAK,IAAA,KAASS,KACzB,MAAMG,EAAU,EAAI,GAEjBnB,EAAa,GAAIe,EAAoB,IAAI;AAAA,IACpD;AAAA,IACA,MAAM,UAAU;AACZ,mBAAMI,EAAU,EAAK,GACd;AAAA,IACX;AAAA,IACA,MAAM,IAAIrB,GAAkD;AAExD,YAAMtD,KADO,MAAM,KAAK,KAAA,GACP,KAAK,CAACoF,MAAMA,EAAE,QAAQ9B,CAAG;AAC1C,UAAKtD;AACL,eAAOwD,EAAaxD,CAAG,EAAE,CAAC;AAAA,IAC9B;AAAA,IACA,MAAM,KAAKrD,GAAoD;AAC3D,YAAM8G,IAAO,MAAM,KAAK,KAAA,GAClB4B,IAAU,OAAO,QAAQ1I,CAAK;AAEpC,aAAI0I,EAAQ,WAAW,IAAU7B,EAAa,GAAGC,CAAI,IAE9CD,EAAa,GAAGC,EAAK;AAAA,QAAO,CAACzD,MAChCqF,EAAQ,MAAM,CAAC,CAACC,GAAO9F,CAAQ,MAAM;AACjC,gBAAMpC,IAAQ4C,EAAIsF,CAAK;AACvB,iBAAI,MAAM,QAAQ9F,CAAQ,IACf,MAAM,QAAQpC,CAAK,KACnBA,EAAM,WAAWoC,EAAS,UAC1BpC,EAAM,MAAM,CAACmI,GAAMrH,MAAMqH,MAAS/F,EAAStB,CAAC,CAAC,IAEjDd,MAAUoC;AAAA,QACrB,CAAC;AAAA,MAAA,CACJ;AAAA,IACL;AAAA,IACA,MAAM,UAAU7C,GAA8D;AAC1E,aAAO,KAAK,KAAKA,CAAK,EAAE,KAAK,CAAC,CAACqD,CAAG,MAAMA,CAAG;AAAA,IAC/C;AAAA,IACA,SAA2B;AACvB,aAAOuE;AAAA,IACX;AAAA,EAAA;AAER,GAEaiB,KAAO;AAAA,EAChB,aAAapC;AAAA,EACb,WAAWG;AAAA,EACX,SAAAI;AACJ;"}

package/dist/index.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./index-CJ4L1o5I.cjs");exports.AutodetectAlgorithm=e.AutodetectAlgorithm;exports.JWK=e.JWK;exports.JWKS=e.JWKS;exports.JWKSToKeyObject=e.JWKSToKeyObject;exports.JWT=e.JWT;exports.SignatureAlgorithm=e.SignatureAlgorithm;exports.SupportedAlgorithms=e.SupportedAlgorithms;exports.base64Url=e.base64Url;exports.computeX5T=e.computeX5T;exports.decode=e.decode;exports.exportJWK=e.exportJWK;exports.fromWeb=e.fromWeb;exports.getJWKThumbprint=e.getJWKThumbprint;exports.importJWK=e.importJWK;exports.normalizeJWKS=e.normalizeJWKS;exports.sign=e.sign;exports.toPublicJWK=e.toPublicJWK;exports.verify=e.verify;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./index-BgMSfLZD.cjs");exports.AutodetectAlgorithm=e.AutodetectAlgorithm;exports.JWK=e.JWK;exports.JWKS=e.JWKS;exports.JWKSToKeyObject=e.JWKSToKeyObject;exports.JWT=e.JWT;exports.SignatureAlgorithm=e.SignatureAlgorithm;exports.SupportedAlgorithms=e.SupportedAlgorithms;exports.base64Url=e.base64Url;exports.computeX5T=e.computeX5T;exports.decode=e.decode;exports.exportJWK=e.exportJWK;exports.fromWeb=e.fromWeb;exports.getJWKThumbprint=e.getJWKThumbprint;exports.importJWK=e.importJWK;exports.normalizeJWK=e.normalizeJWK;exports.normalizeJWKS=e.normalizeJWKS;exports.sign=e.sign;exports.toPublicJWK=e.toPublicJWK;exports.verify=e.verify;
 //# sourceMappingURL=index.cjs.js.map

package/dist/index.es.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { A as e, f as t, k as o, h as r, J as i, S as J, a as W, b as m, c as K, d as g, e as p, j as b, g as c, i as l, n as u, s as S, t as d, v as h } from "./index-CQO8xUW-.js";
+import { A as e, J as t, a as o, b as r, c as i, S as J, d as W, e as m, f as K, g as l, h as g, i as p, j as b, k as c, n, l as u, s as S, t as d, v as h } from "./index-tE21mX91.js";
 export {
   e as AutodetectAlgorithm,
   t as JWK,
@@ -9,11 +9,12 @@ export {
   W as SupportedAlgorithms,
   m as base64Url,
   K as computeX5T,
-  g as decode,
-  p as exportJWK,
-  b as fromWeb,
-  c as getJWKThumbprint,
-  l as importJWK,
+  l as decode,
+  g as exportJWK,
+  p as fromWeb,
+  b as getJWKThumbprint,
+  c as importJWK,
+  n as normalizeJWK,
   u as normalizeJWKS,
   S as sign,
   d as toPublicJWK,

package/dist/jwks/index.d.ts CHANGED Viewed

@@ -1,6 +1,9 @@
 import { KeyObject } from 'crypto';
 export type JWK = RSAJWK | ECJWK | OKPJWK | OctJWK;
-interface BaseJWK {
+export type JWKWithHelpers = JWK & {
+    toKeyObject(): KeyObject;
+};
+export interface BaseJWK {
     kty: string;
     kid?: string;
     alg?: string;
@@ -84,6 +87,7 @@ export declare function JWKSToKeyObject(jwks: JWKS, kid?: string): KeyObject;
  * @param jwks
  */
 export declare function normalizeJWKS(jwks: JWKS): JWKS;
+export declare function normalizeJWK(...keys: JWK[]): JWKWithHelpers[];
 export declare const fromWeb: (url: string | URL, options?: Partial<{
     fetch: typeof fetch;
     ttl: number;
@@ -95,11 +99,11 @@ export declare const fromWeb: (url: string | URL, options?: Partial<{
         set: (key: string, value: JWKS) => void | Promise<void>;
     };
 }>) => Promise<{
-    list(): Promise<JWK[]>;
-    refresh(): Promise<JWK[]>;
-    key(kid: string): Promise<JWK | undefined>;
-    find(input: Partial<BaseJWK>): Promise<JWK[]>;
-    findFirst(input: Partial<BaseJWK>): Promise<JWK>;
+    list(): Promise<JWKWithHelpers[]>;
+    refresh(): Promise</*elided*/ any>;
+    key(kid: string): Promise<JWKWithHelpers | undefined>;
+    find(input: Partial<BaseJWK>): Promise<JWKWithHelpers[]>;
+    findFirst(input: Partial<BaseJWK>): Promise<JWKWithHelpers | undefined>;
     export(): JWKS | undefined;
 }>;
 export declare const JWKS: {
@@ -116,12 +120,11 @@ export declare const JWKS: {
             set: (key: string, value: JWKS) => void | Promise<void>;
         };
     }>) => Promise<{
-        list(): Promise<JWK[]>;
-        refresh(): Promise<JWK[]>;
-        key(kid: string): Promise<JWK | undefined>;
-        find(input: Partial<BaseJWK>): Promise<JWK[]>;
-        findFirst(input: Partial<BaseJWK>): Promise<JWK>;
+        list(): Promise<JWKWithHelpers[]>;
+        refresh(): Promise</*elided*/ any>;
+        key(kid: string): Promise<JWKWithHelpers | undefined>;
+        find(input: Partial<BaseJWK>): Promise<JWKWithHelpers[]>;
+        findFirst(input: Partial<BaseJWK>): Promise<JWKWithHelpers | undefined>;
         export(): JWKS | undefined;
     }>;
 };
-export {};

package/dist/jwks/promises.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { KeyObject } from 'crypto';
-import { JWK as JWKType, JWKS as JSONWebKeySet } from './';
+import { JWK as JWKType, JWKS as JSONWebKeySet, fromWeb as fromWebSYNC } from './';
 /**
  * Export a KeyObject to JWK
  * @param key
@@ -38,6 +38,18 @@ export declare const normalizeJWKS: (jwks: JSONWebKeySet) => Promise<JSONWebKeyS
  * @param jwk
  */
 export declare const computeX5T: (jwk: JWKType) => Promise<string | undefined>;
+/**
+ * Load and resolve JWKS from a remote endpoint
+ * @param args
+ */
+export declare const fromWeb: (...args: Parameters<typeof fromWebSYNC>) => Promise<{
+    list(): Promise<import('./').JWKWithHelpers[]>;
+    refresh(): Promise</*elided*/ any>;
+    key(kid: string): Promise<import('./').JWKWithHelpers | undefined>;
+    find(input: Partial<import('./').BaseJWK>): Promise<import('./').JWKWithHelpers[]>;
+    findFirst(input: Partial<import('./').BaseJWK>): Promise<import('./').JWKWithHelpers | undefined>;
+    export(): JSONWebKeySet | undefined;
+}>;
 export declare const JWK: {
     export: (key: KeyObject) => Promise<JWKType>;
     import: (jwk: JWKType) => Promise<KeyObject>;
@@ -48,4 +60,22 @@ export declare const JWK: {
 export declare const JWKS: {
     toKeyObject: (jwks: JSONWebKeySet, kid?: string) => Promise<KeyObject>;
     normalize: (jwks: JSONWebKeySet) => Promise<JSONWebKeySet>;
+    fromWeb: (url: string | URL, options?: Partial<{
+        fetch: typeof fetch;
+        ttl: number;
+        timeoutMs: number;
+        endpointOverride: string;
+        overrideEndpointCheck: boolean;
+        cache: {
+            get: (key: string) => JSONWebKeySet | undefined | Promise<JSONWebKeySet | undefined>;
+            set: (key: string, value: JSONWebKeySet) => void | Promise<void>;
+        };
+    }> | undefined) => Promise<{
+        list(): Promise<import('./').JWKWithHelpers[]>;
+        refresh(): Promise</*elided*/ any>;
+        key(kid: string): Promise<import('./').JWKWithHelpers | undefined>;
+        find(input: Partial<import('./').BaseJWK>): Promise<import('./').JWKWithHelpers[]>;
+        findFirst(input: Partial<import('./').BaseJWK>): Promise<import('./').JWKWithHelpers | undefined>;
+        export(): JSONWebKeySet | undefined;
+    }>;
 };

package/dist/jwt/index.d.ts CHANGED Viewed

@@ -122,28 +122,23 @@ export declare function AutodetectAlgorithm(key: KeyObject): SupportedAlgorithm;
  * @param token
  */
 export declare const decode: (token: string) => JWT;
-/**
- * Sign a JWT
- * @param payload
- * @param secret
- * @param options
- */
-export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
+export type SignOptions = {
     alg?: SupportedAlgorithm;
     kid?: string;
     typ?: string;
     /**
      * default 'der'
      */
-    signatureFormat?: "der" | "jose";
-}) => string;
+    signatureFormat?: 'der' | 'jose';
+};
 /**
- * Verify and validate a JWT
- * @param token
+ * Sign a JWT
+ * @param payload
  * @param secret
  * @param options
  */
-export declare const verify: (token: string, secret: KeyLike, options?: {
+export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: SignOptions) => string;
+export type VerifyOptions = {
     algorithms?: SupportedAlgorithm[];
     issuer?: string;
     subject?: string;
@@ -152,8 +147,15 @@ export declare const verify: (token: string, secret: KeyLike, options?: {
     ignoreExpiration?: boolean;
     clockSkew?: number;
     maxTokenAge?: number;
-    signatureFormat?: "der" | "jose";
-}) => {
+    signatureFormat?: 'der' | 'jose';
+};
+/**
+ * Verify and validate a JWT
+ * @param token
+ * @param secret
+ * @param options
+ */
+export declare const verify: (token: string, secret: KeyLike, options?: VerifyOptions) => {
     valid: true;
     header: JWTHeader;
     payload: JWTPayload;
@@ -166,26 +168,8 @@ export declare const verify: (token: string, secret: KeyLike, options?: {
     };
 };
 export declare const JWT: {
-    sign: (payload: JWTPayload, secret: KeyLike, options?: {
-        alg?: SupportedAlgorithm;
-        kid?: string;
-        typ?: string;
-        /**
-         * default 'der'
-         */
-        signatureFormat?: "der" | "jose";
-    }) => string;
-    verify: (token: string, secret: KeyLike, options?: {
-        algorithms?: SupportedAlgorithm[];
-        issuer?: string;
-        subject?: string;
-        audience?: string | string[];
-        jwtId?: string;
-        ignoreExpiration?: boolean;
-        clockSkew?: number;
-        maxTokenAge?: number;
-        signatureFormat?: "der" | "jose";
-    }) => {
+    readonly sign: (payload: JWTPayload, secret: KeyLike, options?: SignOptions) => string;
+    readonly verify: (token: string, secret: KeyLike, options?: VerifyOptions) => {
         valid: true;
         header: JWTHeader;
         payload: JWTPayload;
@@ -197,8 +181,8 @@ export declare const JWT: {
             code: string;
         };
     };
-    decode: (token: string) => JWT;
-    algorithms: {
+    readonly decode: (token: string) => JWT;
+    readonly algorithms: {
         readonly HS256: {
             readonly sign: (data: BinaryLike, secret: KeyLike) => string;
             readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;

package/dist/jwt/promises.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { JWT as JSONWebToken, sign as signSync, verify as verifySync, JWTPayload, SupportedAlgorithm, JWTHeader } from '../';
+import { JWT as JSONWebToken, sign as signSync, verify as verifySync, JWTPayload, JWTHeader } from '../';
 export { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from '../index';
 /**
  * Decode a JWT string into its parts (without verification)
@@ -21,23 +21,8 @@ export declare const verify: (...args: Parameters<typeof verifySync>) => Promise
 }>;
 export type JWT = JSONWebToken;
 export declare const JWT: {
-    sign: (payload: JWTPayload, secret: import('node:crypto').KeyLike, options?: {
-        alg?: SupportedAlgorithm;
-        kid?: string;
-        typ?: string;
-        signatureFormat?: "der" | "jose";
-    } | undefined) => Promise<string>;
-    verify: (token: string, secret: import('node:crypto').KeyLike, options?: {
-        algorithms?: SupportedAlgorithm[];
-        issuer?: string;
-        subject?: string;
-        audience?: string | string[];
-        jwtId?: string;
-        ignoreExpiration?: boolean;
-        clockSkew?: number;
-        maxTokenAge?: number;
-        signatureFormat?: "der" | "jose";
-    } | undefined) => Promise<{
+    sign: (payload: JWTPayload, secret: import('node:crypto').KeyLike, options?: import('.').SignOptions | undefined) => Promise<string>;
+    verify: (token: string, secret: import('node:crypto').KeyLike, options?: import('.').VerifyOptions | undefined) => Promise<{
         header: JWTHeader;
         payload: JWTPayload;
         signature: string;

package/dist/promises.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./index-CJ4L1o5I.cjs");require("crypto");const r=e=>Promise.resolve().then(()=>o.decode(e)),i=(...e)=>Promise.resolve().then(()=>o.sign(...e)),s=(...e)=>Promise.resolve().then(()=>{const t=o.verify(...e);if(!t.valid)throw t.error;const{header:W,payload:h,signature:p}=t;return{header:W,payload:h,signature:p}}),g={sign:i,verify:s,decode:r,algorithms:o.SignatureAlgorithm},n=e=>Promise.resolve().then(()=>o.exportJWK(e)),c=e=>Promise.resolve().then(()=>o.importJWK(e)),m=e=>Promise.resolve().then(()=>o.toPublicJWK(e)),l=(e,t="sha256")=>Promise.resolve().then(()=>o.getJWKThumbprint(e,t)),K=(e,t)=>Promise.resolve().then(()=>o.JWKSToKeyObject(e,t)),u=e=>Promise.resolve().then(()=>o.normalizeJWKS(e)),J=e=>Promise.resolve().then(()=>o.computeX5T(e)),a={export:n,import:c,toPublic:m,thumbprint:l,computeX5T:J},v={toKeyObject:K,normalize:u};exports.SignatureAlgorithm=o.SignatureAlgorithm;exports.SupportedAlgorithms=o.SupportedAlgorithms;exports.JWK=a;exports.JWKS=v;exports.JWKSToKeyObject=K;exports.JWT=g;exports.computeX5T=J;exports.decode=r;exports.exportJWK=n;exports.getJWKThumbprint=l;exports.importJWK=c;exports.normalizeJWKS=u;exports.sign=i;exports.toPublicJWK=m;exports.verify=s;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./index-BgMSfLZD.cjs");require("crypto");const r=e=>Promise.resolve().then(()=>o.decode(e)),i=(...e)=>Promise.resolve().then(()=>o.sign(...e)),s=(...e)=>Promise.resolve().then(()=>{const t=o.verify(...e);if(!t.valid)throw t.error;const{header:J,payload:p,signature:g}=t;return{header:J,payload:p,signature:g}}),b={sign:i,verify:s,decode:r,algorithms:o.SignatureAlgorithm},n=e=>Promise.resolve().then(()=>o.exportJWK(e)),m=e=>Promise.resolve().then(()=>o.importJWK(e)),c=e=>Promise.resolve().then(()=>o.toPublicJWK(e)),l=(e,t="sha256")=>Promise.resolve().then(()=>o.getJWKThumbprint(e,t)),W=(e,t)=>Promise.resolve().then(()=>o.JWKSToKeyObject(e,t)),K=e=>Promise.resolve().then(()=>o.normalizeJWKS(e)),h=e=>Promise.resolve().then(()=>o.computeX5T(e)),u=(...e)=>Promise.resolve().then(()=>o.fromWeb(...e)),a={export:n,import:m,toPublic:c,thumbprint:l,computeX5T:h},v={toKeyObject:W,normalize:K,fromWeb:u};exports.SignatureAlgorithm=o.SignatureAlgorithm;exports.SupportedAlgorithms=o.SupportedAlgorithms;exports.JWK=a;exports.JWKS=v;exports.JWKSToKeyObject=W;exports.JWT=b;exports.computeX5T=h;exports.decode=r;exports.exportJWK=n;exports.fromWeb=u;exports.getJWKThumbprint=l;exports.importJWK=m;exports.normalizeJWKS=K;exports.sign=i;exports.toPublicJWK=c;exports.verify=s;
 //# sourceMappingURL=promises.cjs.js.map

package/dist/promises.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"promises.cjs.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/*\n Decode a JWT string into its parts (without verification)\n * @param token\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n * @see(synchronous parameters)\n /\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/\n Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n /\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC\n} from './';\n\n/\n Export a KeyObject to JWK\n * @param key\n /\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/\n Import a JWK to KeyObject\n * @param jwk\n /\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/\n Export public-only JWK\n * @param key\n /\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/\n RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n /\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/\n Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n /\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/\n Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n /\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/\n Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","JWK","JWKS"],"mappings":"0IAmBO,MAAMA,EAAUC,GACnB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,OAAWD,CAAK,CAAC,EAMrCE,EAAO,IAAIC,IACpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,OAAS,GAAGD,CAAI,CAAC,EAMrCE,EAAS,IAAIF,IAKtB,QAAQ,QAAA,EAAU,KAAK,IAAM,CACzB,MAAMG,EAASC,SAAW,GAAGJ,CAAI,EACjC,GAAI,CAACG,EAAO,MACR,MAAMA,EAAO,MAEjB,KAAM,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,EAAaJ,EACrC,MAAO,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,CAC7B,CAAC,EAKQC,EAAM,CACf,KAAAT,EACA,OAAAG,EACA,OAAAN,EACA,WAAYa,EAAAA,kBAChB,~~ECrCaC~~,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAeL,GACxB,QAAQ,QAAA,EAAU,KAAK,IAAMM,EAAAA,YAAgBN,CAAG,CAAC,EAOxCO,EAAmB,CAC5BJ,EACAK,EAAoB,WAEpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,mBAAqBN,EAAKK,CAAO,CAAC,EAQtDE,EAAkB,CAC3BC,EACAC,IAEA,QAAQ,UAAU,KAAK,IAAMC,EAAAA,gBAAoBF,EAAMC,CAAG,CAAC,EAMlDE,EACTH,GAEA,QAAQ,QAAA,EAAU,KAAK,IAAMI,EAAAA,cAAkBJ,CAAI,CAAC,EAM3CK,EAAcb,GAAiB,QAAQ,QAAA,EAAU,KAAK,IAAMc,EAAAA,WAAed,CAAG,CAAC,~~EAG~~/Ee,EAAM,CACf,~~OAAQnB~~,EACR,OAAQG,EACR,SAAUG,EACV,WAAYE,EACZ,WAAAS,CACJ,~~EAGaG~~,EAAO,CAChB,~~YAAaT~~,EACb,UAAWI,~~CACf~~"}
1	+ {"version":3,"file":"promises.cjs.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/*\n Decode a JWT string into its parts (without verification)\n * @param token\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n * @see(synchronous parameters)\n /\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/\n Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n /\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC,\n fromWeb as fromWebSYNC\n} from './';\n\n/\n Export a KeyObject to JWK\n * @param key\n /\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/\n Import a JWK to KeyObject\n * @param jwk\n /\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/\n Export public-only JWK\n * @param key\n /\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/\n RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n /\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/\n Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n /\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/\n Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n /\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/\n Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n /\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n/\n Load and resolve JWKS from a remote endpoint\n * @param args\n */\nexport const fromWeb = (\n ...args: Parameters<typeof fromWebSYNC>\n) => Promise.resolve().then(() => fromWebSYNC(...args));\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n fromWeb,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","fromWeb","fromWebSYNC","JWK","JWKS"],"mappings":"0IAmBO,MAAMA,EAAUC,GACnB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,OAAWD,CAAK,CAAC,EAMrCE,EAAO,IAAIC,IACpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,OAAS,GAAGD,CAAI,CAAC,EAMrCE,EAAS,IAAIF,IAKtB,QAAQ,QAAA,EAAU,KAAK,IAAM,CACzB,MAAMG,EAASC,SAAW,GAAGJ,CAAI,EACjC,GAAI,CAACG,EAAO,MACR,MAAMA,EAAO,MAEjB,KAAM,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,EAAaJ,EACrC,MAAO,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,CAC7B,CAAC,EAKQC,EAAM,CACf,KAAAT,EACA,OAAAG,EACA,OAAAN,EACA,WAAYa,EAAAA,kBAChB,ECpCaC,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAeL,GACxB,QAAQ,QAAA,EAAU,KAAK,IAAMM,EAAAA,YAAgBN,CAAG,CAAC,EAOxCO,EAAmB,CAC5BJ,EACAK,EAAoB,WAEpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,mBAAqBN,EAAKK,CAAO,CAAC,EAQtDE,EAAkB,CAC3BC,EACAC,IAEA,QAAQ,UAAU,KAAK,IAAMC,EAAAA,gBAAoBF,EAAMC,CAAG,CAAC,EAMlDE,EACTH,GAEA,QAAQ,QAAA,EAAU,KAAK,IAAMI,EAAAA,cAAkBJ,CAAI,CAAC,EAM3CK,EAAcb,GAAiB,QAAQ,QAAA,EAAU,KAAK,IAAMc,EAAAA,WAAed,CAAG,CAAC,EAM/Ee,EAAU,IAChB7B,IACF,QAAQ,QAAA,EAAU,KAAK,IAAM8B,UAAY,GAAG9B,CAAI,CAAC,EAGzC+B,EAAM,CACf,OAAQrB,EACR,OAAQG,EACR,SAAUG,EACV,WAAYE,EACZ,WAAAS,CACJ,EAGaK,EAAO,CAChB,YAAaX,EACb,UAAWI,EACX,QAAAI,CACJ"}

package/dist/promises.es.js CHANGED Viewed

@@ -1,42 +1,44 @@
-import { S as n, d as i, s as m, v as c, e as a, i as l, t as h, g as p, h as K, n as J, c as W } from "./index-CQO8xUW-.js";
-import { a as w } from "./index-CQO8xUW-.js";
+import { S as n, g as i, v as m, s as c, f as a, j as l, t as h, k as p, h as K, i as W, l as v, b as J } from "./index-tE21mX91.js";
+import { d as q } from "./index-tE21mX91.js";
 import "crypto";
-const v = (e) => Promise.resolve().then(() => i(e)), u = (...e) => Promise.resolve().then(() => m(...e)), P = (...e) => Promise.resolve().then(() => {
-  const o = c(...e);
+const P = (e) => Promise.resolve().then(() => i(e)), u = (...e) => Promise.resolve().then(() => c(...e)), b = (...e) => Promise.resolve().then(() => {
+  const o = m(...e);
   if (!o.valid)
     throw o.error;
   const { header: t, payload: s, signature: r } = o;
   return { header: t, payload: s, signature: r };
-}), j = {
+}), O = {
   sign: u,
-  verify: P,
-  decode: v,
+  verify: b,
+  decode: P,
   algorithms: n
-}, g = (e) => Promise.resolve().then(() => a(e)), $ = (e) => Promise.resolve().then(() => l(e)), b = (e) => Promise.resolve().then(() => h(e)), d = (e, o = "sha256") => Promise.resolve().then(() => p(e, o)), S = (e, o) => Promise.resolve().then(() => K(e, o)), T = (e) => Promise.resolve().then(() => J(e)), y = (e) => Promise.resolve().then(() => W(e)), z = {
-  export: g,
-  import: $,
-  toPublic: b,
-  thumbprint: d,
+}, $ = (e) => Promise.resolve().then(() => K(e)), g = (e) => Promise.resolve().then(() => p(e)), d = (e) => Promise.resolve().then(() => h(e)), f = (e, o = "sha256") => Promise.resolve().then(() => l(e, o)), S = (e, o) => Promise.resolve().then(() => J(e, o)), T = (e) => Promise.resolve().then(() => v(e)), y = (e) => Promise.resolve().then(() => a(e)), x = (...e) => Promise.resolve().then(() => W(...e)), A = {
+  export: $,
+  import: g,
+  toPublic: d,
+  thumbprint: f,
   computeX5T: y
-}, O = {
+}, X = {
   toKeyObject: S,
-  normalize: T
+  normalize: T,
+  fromWeb: x
 };
 export {
-  z as JWK,
-  O as JWKS,
+  A as JWK,
+  X as JWKS,
   S as JWKSToKeyObject,
-  j as JWT,
+  O as JWT,
   n as SignatureAlgorithm,
-  w as SupportedAlgorithms,
+  q as SupportedAlgorithms,
   y as computeX5T,
-  v as decode,
-  g as exportJWK,
-  d as getJWKThumbprint,
-  $ as importJWK,
+  P as decode,
+  $ as exportJWK,
+  x as fromWeb,
+  f as getJWKThumbprint,
+  g as importJWK,
   T as normalizeJWKS,
   u as sign,
-  b as toPublicJWK,
-  P as verify
+  d as toPublicJWK,
+  b as verify
 };
 //# sourceMappingURL=promises.es.js.map

package/dist/promises.es.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"promises.es.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/*\n Decode a JWT string into its parts (without verification)\n * @param token\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n * @see(synchronous parameters)\n /\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/\n Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n /\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC\n} from './';\n\n/\n Export a KeyObject to JWK\n * @param key\n /\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/\n Import a JWK to KeyObject\n * @param jwk\n /\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/\n Export public-only JWK\n * @param key\n /\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/\n RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n /\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/\n Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n /\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/\n Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n /\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/\n Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","JWK","JWKS"],"mappings":";;;AAmBO,MAAMA,IAAS,CAACC,MACnB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAWD,CAAK,CAAC,GAMrCE,IAAO,IAAIC,MACpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAS,GAAGD,CAAI,CAAC,GAMrCE,IAAS,IAAIF,MAKtB,QAAQ,QAAA,EAAU,KAAK,MAAM;AACzB,QAAMG,IAASC,EAAW,GAAGJ,CAAI;AACjC,MAAI,CAACG,EAAO;AACR,UAAMA,EAAO;AAEjB,QAAM,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA,IAAaJ;AACrC,SAAO,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA;AAC7B,CAAC,GAKQC,IAAM;AAAA,EACf,MAAAT;AAAA,EACA,QAAAG;AAAA,EACA,QAAAN;AAAA,EACA,YAAYa;AAChB,~~GCrCaC~~,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAc,CAACL,MACxB,QAAQ,QAAA,EAAU,KAAK,MAAMM,EAAgBN,CAAG,CAAC,GAOxCO,IAAmB,CAC5BJ,GACAK,IAAoB,aAEpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAqBN,GAAKK,CAAO,CAAC,GAQtDE,IAAkB,CAC3BC,GACAC,MAEA,QAAQ,UAAU,KAAK,MAAMC,EAAoBF,GAAMC,CAAG,CAAC,GAMlDE,IAAgB,CACzBH,MAEA,QAAQ,QAAA,EAAU,KAAK,MAAMI,EAAkBJ,CAAI,CAAC,GAM3CK,IAAa,CAACb,MAAiB,QAAQ,QAAA,EAAU,KAAK,MAAMc,EAAed,CAAG,CAAC,~~GAG~~/Ee,IAAM;AAAA,EACf,~~QAAQnB~~;AAAA,EACR,QAAQG;AAAA,EACR,UAAUG;AAAA,EACV,YAAYE;AAAA,EACZ,YAAAS;AACJ,~~GAGaG~~,IAAO;AAAA,EAChB,~~aAAaT~~;AAAA,EACb,WAAWI;~~AACf~~;"}
1	+ {"version":3,"file":"promises.es.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/*\n Decode a JWT string into its parts (without verification)\n * @param token\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n * @see(synchronous parameters)\n /\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/\n Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n /\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC,\n fromWeb as fromWebSYNC\n} from './';\n\n/\n Export a KeyObject to JWK\n * @param key\n /\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/\n Import a JWK to KeyObject\n * @param jwk\n /\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/\n Export public-only JWK\n * @param key\n /\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/\n RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n /\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/\n Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n /\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/\n Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n /\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/\n Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n /\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n/\n Load and resolve JWKS from a remote endpoint\n * @param args\n */\nexport const fromWeb = (\n ...args: Parameters<typeof fromWebSYNC>\n) => Promise.resolve().then(() => fromWebSYNC(...args));\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n fromWeb,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","fromWeb","fromWebSYNC","JWK","JWKS"],"mappings":";;;AAmBO,MAAMA,IAAS,CAACC,MACnB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAWD,CAAK,CAAC,GAMrCE,IAAO,IAAIC,MACpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAS,GAAGD,CAAI,CAAC,GAMrCE,IAAS,IAAIF,MAKtB,QAAQ,QAAA,EAAU,KAAK,MAAM;AACzB,QAAMG,IAASC,EAAW,GAAGJ,CAAI;AACjC,MAAI,CAACG,EAAO;AACR,UAAMA,EAAO;AAEjB,QAAM,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA,IAAaJ;AACrC,SAAO,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA;AAC7B,CAAC,GAKQC,IAAM;AAAA,EACf,MAAAT;AAAA,EACA,QAAAG;AAAA,EACA,QAAAN;AAAA,EACA,YAAYa;AAChB,GCpCaC,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAc,CAACL,MACxB,QAAQ,QAAA,EAAU,KAAK,MAAMM,EAAgBN,CAAG,CAAC,GAOxCO,IAAmB,CAC5BJ,GACAK,IAAoB,aAEpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAqBN,GAAKK,CAAO,CAAC,GAQtDE,IAAkB,CAC3BC,GACAC,MAEA,QAAQ,UAAU,KAAK,MAAMC,EAAoBF,GAAMC,CAAG,CAAC,GAMlDE,IAAgB,CACzBH,MAEA,QAAQ,QAAA,EAAU,KAAK,MAAMI,EAAkBJ,CAAI,CAAC,GAM3CK,IAAa,CAACb,MAAiB,QAAQ,QAAA,EAAU,KAAK,MAAMc,EAAed,CAAG,CAAC,GAM/Ee,IAAU,IAChB7B,MACF,QAAQ,QAAA,EAAU,KAAK,MAAM8B,EAAY,GAAG9B,CAAI,CAAC,GAGzC+B,IAAM;AAAA,EACf,QAAQrB;AAAA,EACR,QAAQG;AAAA,EACR,UAAUG;AAAA,EACV,YAAYE;AAAA,EACZ,YAAAS;AACJ,GAGaK,IAAO;AAAA,EAChB,aAAaX;AAAA,EACb,WAAWI;AAAA,EACX,SAAAI;AACJ;"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sourceregistry/node-jwt",
-  "version": "1.5.2",
+  "version": "1.5.4",
   "description": "A lightweight, zero-dependency TypeScript library for creating, verifying and decoding JSON Web Tokens (JWT).",
   "main": "./dist/index.cjs.js",
   "module": "./dist/index.es.js",
@@ -62,9 +62,9 @@
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/commit-analyzer": "^13.0.1",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/npm": "^12.0.2",
+    "@semantic-release/npm": "^13.1.5",
     "@semantic-release/release-notes-generator": "^14.0.3",
-    "@types/node": "^25.3.0",
+    "@types/node": "^25.3.3",
     "@vitest/coverage-v8": "^4.0.18",
     "@vitest/ui": "^4.0.18",
     "typedoc": "^0.28.17",