Skip to content

SK-2528: update jwt-decode library for Node SDK #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
skyflow-himanshu wants to merge 1 commit into
base: main
Choose a base branch
from
+26 −26
Open

SK-2528: update jwt-decode library for Node SDK #282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"formdata-node": "^6.0.3",
"js-base64": "3.7.7",
"jsonwebtoken": "^9.0.3",
"jwt-decode": "^2.2.0",
"jwt-decode": "^4.0.0",
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jwt-decode@4 is ESM-only. If this Node SDK is published/compiled to CommonJS (common for TS SDKs without \"type\": \"module\"), consumers will hit runtime errors when requiring the SDK (e.g., ERR_REQUIRE_ESM). If the SDK isn't ESM end-to-end, consider keeping jwt-decode on a CJS-compatible major (or switching the SDK build/publish output to ESM) before merging this dependency bump.

Suggested change
"jwt-decode": "^4.0.0",
"jwt-decode": "^3.1.2",

Copilot uses AI. Check for mistakes.
"node-fetch": "^2.7.0",
"qs": "^6.14.1",
"readable-stream": "^4.5.2",
Expand Down
6 changes: 3 additions & 3 deletions src/utils/jwt-utils/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import jwt_decode, { JwtPayload } from 'jwt-decode';
import { JwtPayload, jwtDecode } from 'jwt-decode';
import { MessageType, printLog } from '..';
import logs from '../logs';

Expand All @@ -9,7 +9,7 @@ function isExpired(token: string) {
return true;
}
let isJwtExpired = false;
const decoded: JwtPayload = jwt_decode(token);
const decoded: JwtPayload = jwtDecode(token);
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using the generic type parameter on jwtDecode (e.g., jwtDecode<JwtPayload>(token)) instead of annotating the variable as JwtPayload. This keeps the type aligned with the function’s return type and avoids masking type incompatibilities if the library typings change.

Copilot uses AI. Check for mistakes.
const currentTime = (new Date().getTime() / 1000);
const expiryTime = decoded.exp;
if (expiryTime && currentTime > expiryTime) {
Expand All @@ -26,7 +26,7 @@ function isTokenValid(token: string) {
try {
if (token === "") return false
let isJwtExpired = false;
const decoded: JwtPayload = jwt_decode(token);
const decoded: JwtPayload = jwtDecode(token);
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using the generic type parameter on jwtDecode (e.g., jwtDecode<JwtPayload>(token)) instead of annotating the variable as JwtPayload. This keeps the type aligned with the function’s return type and avoids masking type incompatibilities if the library typings change.

Copilot uses AI. Check for mistakes.
const currentTime = (new Date().getTime() / 1000);
const expiryTime = decoded.exp;
if (expiryTime && currentTime > expiryTime) {
Expand Down
8 changes: 4 additions & 4 deletions test/vault/utils/jwt-utils/jwt.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import jwt_decode from 'jwt-decode';
import { jwtDecode } from 'jwt-decode';
import { isTokenValid, isExpired } from '../../../../src/utils/jwt-utils';

jest.mock('jwt-decode');
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With a named export (jwtDecode), jest.mock('jwt-decode') may not produce a mocked jwtDecode function in the way this test expects—especially since jwt-decode@4 is ESM-only. This can cause jwtDecode.mockReturnValue / mockImplementation to throw because jwtDecode is not a Jest mock. Prefer providing an explicit Jest mock factory that exports jwtDecode as jest.fn() (and sets __esModule: true when applicable), or use Jest’s ESM mocking APIs if the test environment is ESM.

Suggested change
jest.mock('jwt-decode');
jest.mock('jwt-decode', () => ({
__esModule: true,
jwtDecode: jest.fn(),
}));

Copilot uses AI. Check for mistakes.
Expand All @@ -7,7 +7,7 @@ describe('isTokenValid Tests', () => {
const mockDecodedPayload = { sub: '12345', name: 'John Doe', exp: 1609459200 };

beforeEach(() => {
jwt_decode.mockReturnValue(mockDecodedPayload);
jwtDecode.mockReturnValue(mockDecodedPayload);
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With a named export (jwtDecode), jest.mock('jwt-decode') may not produce a mocked jwtDecode function in the way this test expects—especially since jwt-decode@4 is ESM-only. This can cause jwtDecode.mockReturnValue / mockImplementation to throw because jwtDecode is not a Jest mock. Prefer providing an explicit Jest mock factory that exports jwtDecode as jest.fn() (and sets __esModule: true when applicable), or use Jest’s ESM mocking APIs if the test environment is ESM.

Copilot uses AI. Check for mistakes.
});

test('should return false for an invalid token', () => {
Expand All @@ -21,15 +21,15 @@ describe('isTokenValid Tests', () => {
});

test('should return false in catch', () => {
jwt_decode.mockImplementation(() => {
jwtDecode.mockImplementation(() => {
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With a named export (jwtDecode), jest.mock('jwt-decode') may not produce a mocked jwtDecode function in the way this test expects—especially since jwt-decode@4 is ESM-only. This can cause jwtDecode.mockReturnValue / mockImplementation to throw because jwtDecode is not a Jest mock. Prefer providing an explicit Jest mock factory that exports jwtDecode as jest.fn() (and sets __esModule: true when applicable), or use Jest’s ESM mocking APIs if the test environment is ESM.

Copilot uses AI. Check for mistakes.
throw new Error("Invalid Token");
});
const isValid = isTokenValid("TOKEN");
expect(isValid).toBe(false);
});

test('should return false in catch for isExpired', () => {
jwt_decode.mockImplementation(() => {
jwtDecode.mockImplementation(() => {
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With a named export (jwtDecode), jest.mock('jwt-decode') may not produce a mocked jwtDecode function in the way this test expects—especially since jwt-decode@4 is ESM-only. This can cause jwtDecode.mockReturnValue / mockImplementation to throw because jwtDecode is not a Jest mock. Prefer providing an explicit Jest mock factory that exports jwtDecode as jest.fn() (and sets __esModule: true when applicable), or use Jest’s ESM mocking APIs if the test environment is ESM.

Copilot uses AI. Check for mistakes.
throw new Error("Invalid Token");
});
const isValid = isExpired("TOKEN");
Expand Down
10 changes: 5 additions & 5 deletions test/vault/utils/utils.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import errorMessages from "../../../src/error/messages";
import { Env, getConnectionBaseURL, getVaultURL, validateToken, isValidURL, fillUrlWithPathAndQueryParams, generateSDKMetrics, printLog, getToken, getBearerToken, MessageType, LogLevel } from "../../../src/utils";
import jwt_decode from 'jwt-decode';
import { jwtDecode } from 'jwt-decode';
import os from 'os';
import { generateBearerTokenFromCreds, generateBearerToken } from '../../../src/service-account';
import sdkDetails from '../../../package.json';
Expand Down Expand Up @@ -69,7 +69,7 @@ describe('Validate Token Helper', () => {

beforeEach(() => {
jest.clearAllMocks();
jwt_decode.mockReturnValue(mockPrevDecodedPayload);
jwtDecode.mockReturnValue(mockPrevDecodedPayload);
});

test('should throw an error for invalid token', () => {
Expand All @@ -78,13 +78,13 @@ describe('Validate Token Helper', () => {
});

test('should throw an error for invalid token', () => {
jwt_decode.mockReturnValue(mockFutureDecodedPayload);
jwtDecode.mockReturnValue(mockFutureDecodedPayload);
expect(validateToken("connectionId"))
.toBeTruthy();
});

test('should throw an error for invalid token', () => {
jwt_decode.mockReturnValue(mockDecodedPayload);
jwtDecode.mockReturnValue(mockDecodedPayload);
expect(validateToken("connectionId"))
.toBeTruthy();
});
Expand Down Expand Up @@ -493,7 +493,7 @@ describe('getBearerToken', () => {
const credentials = {
token: 'validToken'
};
jwt_decode.mockReturnValue({ exp: Date.now() / 1000 + 3600 }); // Valid for 1 hour
jwtDecode.mockReturnValue({ exp: Date.now() / 1000 + 3600 }); // Valid for 1 hour

const result = await getBearerToken(credentials, logLevel);

Expand Down
Loading