Seeing this as well in the browser I get: ReferenceError: exports is not defined, coming from this dependent module: node_modules\minimalistic-crypto-utils\lib\utils.js:3:1

hello friends

awhile ago i actually created my own esm version of this library, i did something like this:

1. create a commonjs entrypoint which exports only the functionality that you need
2. run browserify on that entrypoint to generate a bundle
3. edit that bundle and add an esm export for that functionality you need

the horrendous downside is that the resulting es module weighed like 500 KB.. but it worked.. if i had automated that above process, i would share the result with you, but my es module version is now out of date

now, here's the thing: we need question why we want to sign or verify json web tokens on the clientside to begin with (if we're using node instead, then our esm node code can still import the cjs)

the use-case i had, was mocking: in mock mode, my clientside would generate and sign a number of mock tokens — being in development mode, the 500 KB jwt library was fine

however now, i want to abandon this complexity, so i'm thinking of ditching the browser work here, and only signing/verifying tokens (and signatures) on the node server — so today i'm thinking of re-engineering my frontend to use a build step to generate those mock tokens in node ahead of time

now, here's something you do need to do on the clientside: you need to decode tokens — luckily, the implementation for that is quite straightforward, my bdecode.ts module can do that

this all being said: i'd still consider it a win if this library was fully modernized and browser compatible

it's a little upsetting – the split between node crypto and browser webcrypto

🥃 chase

ES6 modules will probably be standard in the back-end world pretty soon as well. No need to have commonjs around if both browsers and node supports the same module systems. :)

ES6 modules will probably be standard in the back-end world pretty soon as well.

Right now, the latest node.js release line has ECMAScript modules labeled as experimental. We plan to support dual publish in the future once this matures (i.e. its stability rating reaches a satisfactory value)

Browser runtime remains out of scope for the jsonwebtoken library.

in the meantime i'll share how i solved my use-case by creating a helper package called redcrypto

• it exposes es-modules
• it has functions to sign/verify tokens (node only, because it internally depends on jsonwebtoken's commonjs)
• it has functions to decode tokens (browser and node)
• and it has mock functions mock-sign/mock-verify tokens (browser and node)

and so using the above functionality, i can sign and verify tokens in node via jsonwebtoken, and also, i've architected my frontend so that in mock mode, it uses the browser-friendly mock token sign/verify functions

Any progress on this? I tend to always use import nowadays in my application so its weird to have this library as the only dependency that still uses const.

node.js now lists ESM as stable: https://nodejs.org/api/esm.html#esm_ecmascript_modules - so I see no reason not to go full blown ESM. :)

Hi! I did a little workaround that might work for you as well: https://github.com/stipsan/jsonwebtoken-esm

import jwt from 'jsonwebtoken' seems to be working for me without any changes!

I'm using SvelteKit and the problem with doing import jwt from 'jsonwebtoken' is that after building for node, the built code doesn't work unless you make a node_modules directory in the build directory and copy jsonwebtoken and all of its dependencies there -- tree shaking doesn't work for modules fully imported.

There's https://www.npmjs.com/package/jsonwebtoken-esm so it's quite possible to provide jsonwebtoken in ESM format -- why auth0 still aren't doing it is beyond me.

Hi! I did a little workaround that might work for you as well: https://github.com/stipsan/jsonwebtoken-esm

Big Thx! You save my life!

I'm using vite & this library has the following error:

An unhandled error occured: ReferenceError: module is not defined

I'll give jsonwebtoken-esm a try...

To the Auth0 team...Please for the love of God support ESM in this library

Here it is late 2024, 1.75 years on from the last post of this and no movement. The hubris of some companies (Auth0) to crap on ESM support because they simply don't like a new standard exists.