crypto-js vs jose vs jsonwebtoken vs jws vs node-jose
JWT and Cryptographic Libraries for JavaScript Applications
Search packages..
crypto-jsjosejsonwebtokenjwsnode-joseSimilar Packages:

JWT and Cryptographic Libraries for JavaScript Applications

crypto-js, jose, jsonwebtoken, jws, and node-jose are JavaScript libraries used for cryptographic operations and JSON Web Token (JWT) handling. crypto-js provides general-purpose cryptographic functions like AES, SHA, and HMAC but does not natively support JWT standards. jsonwebtoken is a high-level library focused on creating and verifying JWTs, primarily in Node.js environments. jws implements the lower-level JSON Web Signature (JWS) specification, handling only the signing and verification of tokens without claim validation. jose is a modern, standards-compliant implementation of the full JOSE suite (including JWT, JWS, JWE, and JWK) that works seamlessly in both browser and Node.js environments. node-jose was a previous JOSE implementation for Node.js but has been officially deprecated and should not be used in new projects.

Npm Package Weekly Downloads Trend

3 Years

Github Stars Ranking

Stat Detail

Package
Downloads
Stars
Size
Issues
Publish
License
crypto-js016,398487 kB2752 years agoMIT
jose07,468258 kB212 days agoMIT
jsonwebtoken018,16643.4 kB1934 months agoMIT
jws072318.8 kB334 months agoMIT
node-jose0722353 kB713 years agoApache-2.0

JWT and Crypto Libraries in JavaScript: A Practical Guide for Frontend Developers

When building modern web applications that require authentication, secure data exchange, or cryptographic operations, choosing the right library is critical. The packages crypto-js, jose, jsonwebtoken, jws, and node-jose all operate in this space — but they serve different purposes, target different environments, and follow different standards. Let’s cut through the confusion with a clear, practical comparison.

🔐 Core Purpose and Standards Compliance

crypto-js is a general-purpose cryptographic library. It implements common algorithms like AES, SHA-256, HMAC, and PBKDF2. It does not handle JWTs natively — you’d need to manually encode/decode and sign tokens using its primitives.

// crypto-js: manual JWT-like token creation (not recommended for real JWTs)
import CryptoJS from 'crypto-js';

const header = CryptoJS.enc.Utf8.parse(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
const payload = CryptoJS.enc.Utf8.parse(JSON.stringify({ sub: '123', exp: 1735689600 }));
const encodedHeader = header.toString(CryptoJS.enc.Base64).replace(/=/g, '');
const encodedPayload = payload.toString(CryptoJS.enc.Base64).replace(/=/g, '');
const signature = CryptoJS.HmacSHA256(`${encodedHeader}.${encodedPayload}`, 'secret');
const jwt = `${encodedHeader}.${encodedPayload}.${signature.toString(CryptoJS.enc.Base64)}`;

jsonwebtoken is a high-level, widely used library for creating and verifying JSON Web Tokens (JWTs) using symmetric (HMAC) or asymmetric (RSA) keys. It’s designed primarily for Node.js but can be bundled for frontend use.

// jsonwebtoken: sign and verify a JWT
import jwt from 'jsonwebtoken';

const token = jwt.sign({ sub: '123' }, 'secret', { algorithm: 'HS256' });
const decoded = jwt.verify(token, 'secret');

jws is a lower-level library that implements the JSON Web Signature (JWS) specification — the core signing mechanism behind JWTs. It doesn’t handle claims validation (like expiration) — just signing and verification.

// jws: sign and verify a JWS (raw signature)
import jws from 'jws';

const sig = jws.sign({
  header: { alg: 'HS256' },
  payload: { sub: '123' },
  secret: 'secret'
});
const isValid = jws.verify(sig, 'HS256', 'secret');

jose is a modern, standards-compliant implementation of JOSE (JSON Object Signing and Encryption) specifications, including JWS, JWE, JWT, and JWK. It supports both browser and Node.js, uses Web Crypto APIs when available, and emphasizes security best practices.

// jose: sign and verify a JWT
import { SignJWT, jwtVerify } from 'jose';

const secret = new TextEncoder().encode('secret');
const token = await new SignJWT({ sub: '123' })
  .setProtectedHeader({ alg: 'HS256' })
  .setIssuedAt()
  .setExpirationTime('1h')
  .sign(secret);

const { payload } = await jwtVerify(token, secret);

node-jose was a popular JOSE implementation for Node.js, but it has been officially deprecated as of 2021. Its GitHub repository states: “This library is no longer maintained. Please migrate to jose.” Do not use it in new projects.

⚠️ Deprecation Notice: node-jose is deprecated. Avoid it entirely. Use jose instead.

🌐 Environment Support: Browser vs Node.js

  • crypto-js: Works in both browser and Node.js. Pure JavaScript, no native dependencies.
  • jsonwebtoken: Designed for Node.js but can be bundled for browsers (though not officially optimized for it).
  • jws: Also Node.js–first, but can run in browsers via bundlers.
  • jose: Built for both environments. Uses Web Crypto in browsers and Node.js’s crypto module under the hood. Tree-shakable and modular.
  • node-jose: Node.js only — and deprecated.

If you’re building a frontend-only app (e.g., SPA that validates tokens issued by a backend), jose is the safest, most future-proof choice.

🔑 Key Management and Algorithms

jose stands out for its support of JWK (JSON Web Keys) and modern key formats:

// jose: import a public key from PEM
import { importSPKI } from 'jose';

const publicKey = await importSPKI(pemKey, 'RS256');
const { payload } = await jwtVerify(token, publicKey);

In contrast, jsonwebtoken and jws expect raw strings or buffers for secrets/keys, making key rotation and format handling more manual.

crypto-js only supports symmetric cryptography (no RSA/ECDSA), so it cannot verify standard asymmetric JWTs used in OAuth/OpenID flows.

🛡️ Security and Best Practices

  • jose enforces strict validation by default (e.g., requires explicit algorithm declaration, rejects none alg).
  • jsonwebtoken allows disabling validation (e.g., ignoreExpiration: true), which can lead to insecure usage if misconfigured.
  • jws provides minimal abstraction — you must validate claims yourself.
  • crypto-js gives you full control but no JWT-specific safeguards — easy to implement insecure token schemes.

For production systems, especially those handling user authentication, jose’s opinionated, spec-compliant approach reduces the risk of common JWT pitfalls (like algorithm confusion).

🧩 Real-World Usage Scenarios

Scenario 1: Validating an ID Token from Auth0 in a React App

You receive a JWT from an OAuth provider and need to verify its signature and claims in the browser.

  • Best choice: jose
  • Why? Supports RS256, imports JWKs, validates expiration, and works in browsers.
// Using jose in a React component
import { jwtVerify } from 'jose';

async function verifyToken(token, jwk) {
  const publicKey = await jose.importJWK(jwk, 'RS256');
  return await jwtVerify(token, publicKey, {
    issuer: 'https://your-domain.auth0.com/',
    audience: 'your-audience'
  });
}

Scenario 2: Generating a Session Token in a Next.js API Route

You control both issuance and verification in a Node.js backend.

  • Good choice: jsonwebtoken
  • Why? Simple, battle-tested, and sufficient for symmetric HMAC tokens.
// Next.js API route
import jwt from 'jsonwebtoken';

export default function handler(req, res) {
  const token = jwt.sign({ userId: req.user.id }, process.env.JWT_SECRET, {
    expiresIn: '1h'
  });
  res.json({ token });
}

Scenario 3: Encrypting Sensitive Data in Local Storage

You need to encrypt user data before storing it in the browser.

  • Only viable choice: crypto-js
  • Why? jose supports JWE but is overkill; jsonwebtoken and jws don’t do encryption.
// crypto-js for local encryption
import CryptoJS from 'crypto-js';

const encrypted = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret').toString();
const bytes = CryptoJS.AES.decrypt(encrypted, 'secret');
const decrypted = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));

📌 Summary Table

PackageJWT SupportBrowser ReadyAsymmetric CryptoDeprecation StatusBest For
crypto-js❌ (manual)ActiveGeneral crypto (AES, SHA, HMAC)
jose✅ (full)ActiveModern, secure JWT/JWS/JWE in any environment
jsonwebtoken⚠️ (bundled)ActiveNode.js backends with simple token needs
jws✅ (JWS only)⚠️ (bundled)ActiveLow-level JWS operations
node-joseDeprecatedDo not use

💡 Final Recommendation

  • For new frontend projects: Use jose. It’s the only actively maintained, browser-friendly, standards-compliant library that handles JWTs securely and correctly.
  • For legacy Node.js backends: jsonwebtoken is acceptable if you’re already using it, but consider migrating to jose for better security defaults.
  • Avoid node-jose completely — it’s deprecated and unmaintained.
  • Use crypto-js only for non-JWT cryptographic tasks, like encrypting local data.

In short: jose is the future. It’s built for the modern web, respects standards, and keeps you out of trouble.

How to Choose: crypto-js vs jose vs jsonwebtoken vs jws vs node-jose

  • crypto-js:

    Choose crypto-js if you need general-purpose cryptographic utilities like AES encryption, SHA hashing, or HMAC signing in the browser or Node.js, and you are not working with JWTs. It’s useful for encrypting local data or implementing custom security protocols, but avoid it for JWT-related tasks since it lacks built-in support for token standards and validation.

  • jose:

    Choose jose if you're building a modern application that requires secure, standards-compliant JWT handling in either the browser or Node.js. It supports the full JOSE suite (JWT, JWS, JWE, JWK), uses platform-native crypto APIs, enforces secure defaults, and is actively maintained. Ideal for validating ID tokens from OAuth providers or implementing secure token-based auth in SPAs.

  • jsonwebtoken:

    Choose jsonwebtoken if you're working in a Node.js backend environment and need a simple, high-level API for issuing and verifying symmetric (HMAC) or asymmetric (RSA) JWTs. It’s widely adopted and sufficient for basic token use cases, but be cautious about its permissive defaults and limited browser optimization.

  • jws:

    Choose jws if you need low-level control over JSON Web Signatures without automatic claim validation (like expiration or issuer checks). It’s suitable for specialized scenarios where you’re implementing custom token logic or integrating with systems that only require raw JWS operations, but you’ll need to handle all validation manually.

  • node-jose:

    Do not choose node-jose for any new project. It has been officially deprecated since 2021, is no longer maintained, and lacks support for modern security practices. Migrate existing implementations to jose, which is its recommended successor and offers better performance, security, and cross-environment compatibility.

Similar Npm Packages to crypto-js

crypto-js is a widely used JavaScript library designed for cryptographic operations. It provides a variety of cryptographic algorithms, including hashing, encryption, and decryption, making it a versatile tool for developers looking to implement security features in their applications. While crypto-js is a robust solution for cryptographic needs, there are several alternatives available in the JavaScript ecosystem. Here are a few notable ones:

  • bcrypt is a popular library specifically designed for hashing passwords. It implements the bcrypt hashing algorithm, which is known for its strength and resistance to brute-force attacks. bcrypt is an excellent choice for developers who need to securely store user passwords, as it provides built-in salting and hashing mechanisms that enhance security. If your primary focus is on password hashing and user authentication, bcrypt is a reliable option.
  • node-forge is a comprehensive library that provides a wide range of cryptographic functionalities, including encryption, decryption, signing, and verification. It is designed to work in both Node.js and browser environments, making it a versatile choice for developers. node-forge supports various cryptographic standards and protocols, making it suitable for applications that require more than just basic cryptographic operations. If you need a full-featured cryptographic library that can handle complex tasks, node-forge is a strong candidate.
  • sjcl (Stanford Javascript Crypto Library) is another lightweight library that focuses on providing secure cryptographic functions. It includes various algorithms for encryption, decryption, hashing, and key derivation. sjcl is designed to be easy to use and integrate into web applications, making it a good choice for developers who need a straightforward cryptographic solution. If you are looking for a simple yet effective library for basic cryptographic tasks, sjcl is worth considering.

To explore how crypto-js compares with bcrypt, node-forge, and sjcl, check out the comparison: Comparing bcrypt vs crypto-js vs node-forge vs sjcl.

Similar Npm Packages to jose

jose is a modern JavaScript library for working with JSON Web Tokens (JWT), JWS (JSON Web Signature), JWE (JSON Web Encryption), and other related standards. It provides a comprehensive set of tools for creating, parsing, and validating JWTs and other token formats, making it a versatile choice for developers looking to implement secure authentication and authorization in their applications. While jose is a powerful library, there are several alternatives in the ecosystem that offer similar functionalities. Here are a few noteworthy options:

  • jsonwebtoken is one of the most widely used libraries for creating and verifying JSON Web Tokens in Node.js applications. It provides a simple API for signing and verifying tokens, making it easy to implement authentication and authorization in your applications. If you are looking for a straightforward solution for handling JWTs without the need for additional features, jsonwebtoken is a solid choice.

  • jwa is a library that focuses on JSON Web Algorithms, providing a set of cryptographic algorithms for signing and verifying tokens. It is often used in conjunction with other libraries to handle JWTs and JWS. If you need a lightweight solution specifically for handling cryptographic algorithms related to JWTs, jwa is a good option.

  • jws is a library for creating and verifying JSON Web Signatures. It provides a simple API for signing and verifying payloads using various algorithms. If your primary focus is on signing and verifying data rather than handling the full JWT lifecycle, jws can be a suitable alternative.

  • node-jose is a comprehensive library for working with JSON Object Signing and Encryption (JOSE) standards, including JWT, JWS, and JWE. It offers a wide range of features, including key management and support for various cryptographic algorithms. If you need a full-featured library that covers all aspects of JOSE standards, node-jose is a great choice.

To explore how jose compares with these alternatives, check out the comparison: Comparing jose vs jsonwebtoken vs jwa vs jws vs node-jose.

Similar Npm Packages to jsonwebtoken

jsonwebtoken is a widely-used library for creating and verifying JSON Web Tokens (JWT) in Node.js applications. JWTs are a compact, URL-safe means of representing claims to be transferred between two parties. The jsonwebtoken library provides a simple API for signing and verifying tokens, making it a popular choice for authentication and authorization in web applications. It supports various algorithms for signing tokens and allows developers to easily manage user sessions and secure API endpoints.

While jsonwebtoken is a robust solution for handling JWTs, there are alternatives that cater to different needs:

  • jwt-decode is a lightweight library that focuses solely on decoding JWTs. Unlike jsonwebtoken, which can both sign and verify tokens, jwt-decode is used to extract the payload from a JWT without validating its signature. This can be useful when you need to read the claims contained in a token without requiring the secret key. If your application needs to read JWTs but does not require signing or verifying them, jwt-decode is a great choice.
  • jwt-simple is another library that provides a simple way to encode and decode JSON Web Tokens. It offers a minimalist API for creating and verifying tokens, focusing on simplicity and ease of use. While it does not support as many features as jsonwebtoken, such as advanced signature algorithms or token expiration handling, it can be a good option for projects that require a straightforward implementation of JWTs without the overhead of a more complex library.

To compare these libraries, check out the following link: Comparing jsonwebtoken vs jwt-decode vs jwt-simple.

Similar Npm Packages to jws

jws is a JavaScript library for creating and verifying JSON Web Signature (JWS) tokens. It provides a simple interface for signing and verifying data using various algorithms, making it a popular choice for developers who need to implement secure token-based authentication in their applications. While jws is a robust solution for handling JWS tokens, there are several alternatives in the ecosystem that offer similar functionality. Here are a few noteworthy options:

  • crypto-js is a widely-used library that provides a variety of cryptographic algorithms, including hashing and encryption. While it is not specifically focused on JWS, it can be used in conjunction with other libraries to create secure tokens. If you need a comprehensive set of cryptographic functions beyond just JWS, crypto-js is a solid choice.
  • jose is a modern library for handling JSON Web Tokens (JWT) and JSON Web Encryption (JWE). It supports a wide range of algorithms and is designed to be compliant with the latest specifications. If you are looking for a library that provides both JWS and JWT functionality with a focus on security and standards compliance, jose is an excellent option.
  • jsonwebtoken is a popular library for creating and verifying JSON Web Tokens (JWT). It is widely used in authentication workflows and provides a straightforward API for signing and verifying tokens. If your primary focus is on JWT rather than JWS, jsonwebtoken is a well-established choice with extensive community support.
  • node-jose is another library that provides support for JWS, JWT, and JWE. It is designed to be flexible and extensible, allowing developers to work with various cryptographic algorithms. If you need a library that can handle multiple token formats and offers a high degree of customization, node-jose is worth considering.

To see how jws compares with crypto-js, jose, jsonwebtoken, and node-jose, check out the comparison: Comparing crypto-js vs jose vs jsonwebtoken vs jws vs node-jose.

Similar Npm Packages to node-jose

node-jose is a JavaScript library for Node.js that provides tools for working with JSON Web Tokens (JWT) and JSON Object Signing and Encryption (JOSE). It allows developers to create, verify, and manipulate JWTs and other JOSE-related structures easily. This library is particularly useful for applications that require secure data transmission and authentication mechanisms. While node-jose is a robust solution for handling JOSE, there are several alternatives available in the ecosystem. Here are a few notable ones:

  • crypto is a built-in Node.js module that provides cryptographic functionality, including a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. While it does not specifically focus on JOSE or JWT, it can be used to implement custom cryptographic operations. If you need low-level cryptographic capabilities or are building a solution that requires more than just JWT handling, the crypto module is a solid choice.
  • jose is a modern library for handling JSON Web Tokens and JOSE, designed to be lightweight and efficient. It supports a wide range of algorithms and provides a straightforward API for creating and verifying JWTs. If you are looking for a more modern and actively maintained alternative to node-jose, jose is an excellent option that offers similar functionality with a focus on performance and simplicity.
  • jsonwebtoken is a widely used library for creating and verifying JSON Web Tokens. It is simple to use and provides a straightforward API for handling JWTs. If your primary need is to work with JWTs specifically, jsonwebtoken is a popular choice among developers due to its ease of use and extensive documentation.
  • node-forge is a comprehensive library that provides various cryptographic tools, including support for TLS, PKI, and cryptographic algorithms. While it is more extensive than just a JWT library, it can be used to implement JOSE and JWT functionalities. If you require a broader set of cryptographic capabilities beyond just JWT handling, node-forge is a versatile option.

To explore how these libraries compare, check out the comparison: Comparing crypto vs jose vs jsonwebtoken vs node-forge vs node-jose.

README for crypto-js

crypto-js

JavaScript library of crypto standards.

Discontinued

Active development of CryptoJS has been discontinued. This library is no longer maintained.

Nowadays, NodeJS and modern browsers have a native Crypto module. The latest version of CryptoJS already uses the native Crypto module for random number generation, since Math.random() is not crypto-safe. Further development of CryptoJS would result in it only being a wrapper of native Crypto. Therefore, development and maintenance has been discontinued, it is time to go for the native crypto module.

Node.js (Install)

Requirements:

  • Node.js
  • npm (Node.js package manager)
npm install crypto-js

Usage

ES6 import for typical API call signing use case:

import sha256 from 'crypto-js/sha256';
import hmacSHA512 from 'crypto-js/hmac-sha512';
import Base64 from 'crypto-js/enc-base64';

const message, nonce, path, privateKey; // ...
const hashDigest = sha256(nonce + message);
const hmacDigest = Base64.stringify(hmacSHA512(path + hashDigest, privateKey));

Modular include:

var AES = require("crypto-js/aes");
var SHA256 = require("crypto-js/sha256");
...
console.log(SHA256("Message"));

Including all libraries, for access to extra methods:

var CryptoJS = require("crypto-js");
console.log(CryptoJS.HmacSHA1("Message", "Key"));

Client (browser)

Requirements:

  • Node.js
  • Bower (package manager for frontend)
bower install crypto-js

Usage

Modular include:

require.config({
    packages: [
        {
            name: 'crypto-js',
            location: 'path-to/bower_components/crypto-js',
            main: 'index'
        }
    ]
});

require(["crypto-js/aes", "crypto-js/sha256"], function (AES, SHA256) {
    console.log(SHA256("Message"));
});

Including all libraries, for access to extra methods:

// Above-mentioned will work or use this simple form
require.config({
    paths: {
        'crypto-js': 'path-to/bower_components/crypto-js/crypto-js'
    }
});

require(["crypto-js"], function (CryptoJS) {
    console.log(CryptoJS.HmacSHA1("Message", "Key"));
});

Usage without RequireJS

<script type="text/javascript" src="path-to/bower_components/crypto-js/crypto-js.js"></script>
<script type="text/javascript">
    var encrypted = CryptoJS.AES(...);
    var encrypted = CryptoJS.SHA256(...);
</script>

API

See: https://cryptojs.gitbook.io/docs/

AES Encryption

Plain text encryption

var CryptoJS = require("crypto-js");

// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString();

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var originalText = bytes.toString(CryptoJS.enc.Utf8);

console.log(originalText); // 'my message'

Object encryption

var CryptoJS = require("crypto-js");

var data = [{id: 1}, {id: 2}]

// Encrypt
var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123').toString();

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));

console.log(decryptedData); // [{id: 1}, {id: 2}]

List of modules

  • crypto-js/core
  • crypto-js/x64-core
  • crypto-js/lib-typedarrays
  • crypto-js/md5
  • crypto-js/sha1
  • crypto-js/sha256
  • crypto-js/sha224
  • crypto-js/sha512
  • crypto-js/sha384
  • crypto-js/sha3
  • crypto-js/ripemd160
  • crypto-js/hmac-md5
  • crypto-js/hmac-sha1
  • crypto-js/hmac-sha256
  • crypto-js/hmac-sha224
  • crypto-js/hmac-sha512
  • crypto-js/hmac-sha384
  • crypto-js/hmac-sha3
  • crypto-js/hmac-ripemd160
  • crypto-js/pbkdf2
  • crypto-js/aes
  • crypto-js/tripledes
  • crypto-js/rc4
  • crypto-js/rabbit
  • crypto-js/rabbit-legacy
  • crypto-js/evpkdf
  • crypto-js/format-openssl
  • crypto-js/format-hex
  • crypto-js/enc-latin1
  • crypto-js/enc-utf8
  • crypto-js/enc-hex
  • crypto-js/enc-utf16
  • crypto-js/enc-base64
  • crypto-js/mode-cfb
  • crypto-js/mode-ctr
  • crypto-js/mode-ctr-gladman
  • crypto-js/mode-ofb
  • crypto-js/mode-ecb
  • crypto-js/pad-pkcs7
  • crypto-js/pad-ansix923
  • crypto-js/pad-iso10126
  • crypto-js/pad-iso97971
  • crypto-js/pad-zeropadding
  • crypto-js/pad-nopadding

Release notes

4.2.0

Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.

Custom KDF Hasher

Blowfish support

4.1.1

Fix module order in bundled release.

Include the browser field in the released package.json.

4.1.0

Added url safe variant of base64 encoding. 357

Avoid webpack to add crypto-browser package. 364

4.0.0

This is an update including breaking changes for some environments.

In this version Math.random() has been replaced by the random methods of the native crypto module.

For this reason CryptoJS might not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native.

3.3.0

Rollback, 3.3.0 is the same as 3.1.9-1.

The move of using native secure crypto module will be shifted to a new 4.x.x version. As it is a breaking change the impact is too big for a minor release.

3.2.1

The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved.

3.2.0

In this version Math.random() has been replaced by the random methods of the native crypto module.

For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before.

If it's absolute required to run CryptoJS in such an environment, stay with 3.1.x version. Encrypting and decrypting stays compatible. But keep in mind 3.1.x versions still use Math.random() which is cryptographically not secure, as it's not random enough.

This version came along with CRITICAL BUG.

DO NOT USE THIS VERSION! Please, go for a newer version!

3.1.x

The 3.1.x are based on the original CryptoJS, wrapped in CommonJS modules.

npm-compare.com is an independent website designed to help developers choose the most suitable npm packages. We are not affiliated with npm, Inc, the official website for the npm registry. Note that npm is a registered trademark of npm, Inc. Please share your feedback via our GitHub repository. For more details, please refer to our Terms & Privacy.