Skip to content

Move @types/jsonwebtoken to devDependencies #324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Move @types/jsonwebtoken to devDependencies #324

wants to merge 1 commit into from

Conversation

@bickelj
Copy link

@bickelj bickelj commented Feb 10, 2023

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This prevents dependencies (the usual non-dev dependencies) in downstream TypeScript projects from getting polluted with compile-time-only @types. It should fix #323 without impacting anything else. The build succeeds and passes.

References

#323

Testing

  1. Create a TypeScript project that uses express-jwt in production dependencies and @types/jsonwebtoken in devDependencies.
  2. npm install. Note that there are now @types in prod dependencies by examining package-lock.json.
  3. Try the same again with the changes and note that fewer @types arrive in prod.
  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@felixmosh felixmosh mentioned this pull request Sep 20, 2023
Closed
4 tasks
@felixmosh
Copy link

felixmosh commented Sep 20, 2023

Any update on this one?

@bickelj
Copy link
Author

bickelj commented Sep 20, 2023

@felixmosh 🤷

I see I only did 2 of 4 tasks, but I don't know what documentation or tests would need to change, which is why I left them undone.

IschanLois
IschanLois reviewed Aug 20, 2025
View reviewed changes
Copy link

@IschanLois IschanLois left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, any update on this issue?

@bickelj
Copy link
Author

bickelj commented Aug 20, 2025

@jfromaniello I noticed your comment in #313 that somehow this is needed. What bad thing happens when the types are devDependencies?

@jfromaniello
Copy link
Member

jfromaniello commented Aug 20, 2025

@bickelj The problem is that the types of jsonwebtoken are re-exported or reused in exports of this lbirary:

export type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined)

So basically if you remove @types/jsonwebtoken, you will not get code completion when using this library.... For example, you will see token: any.

One way to solve this will be to copy the used types from jsonwebtoken (and all related types) into this library.... but then updating will be harder. If jsonwebtoken exported its types that will make it easier and one less dependency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@IschanLois IschanLois IschanLois left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TypeScript @types/* deps pollute production deps

4 participants

@bickelj @felixmosh @jfromaniello @IschanLois