JSNode.js / JavaScript
4 packages
Modern, zero-dep, runs in Node, Deno, Bun and the browser. Covers JWS, JWE, JWK and JWKS out of the box.
The classic. Synchronous API, widely understood, but minimal JWK/JWKS support — pair with jwks-rsa for asymmetric flows.
NestJS module wrapping jsonwebtoken with DI-friendly providers.
Browser-safe decoder only. Don't use this to verify — it deliberately doesn't.
PYPython
3 packages
The standard. Clean encode/decode API, supports HS/RS/ES/EdDSA. Add the [crypto] extra for asymmetric keys.
Full OAuth 2.0 / OIDC toolkit. Reach for it when you need flows and discovery, not just tokens.
JOSE implementation covering JWS, JWE, JWK. Less actively maintained than PyJWT in 2024+.
GOGo
2 packages
Community fork of the original dgrijalva/jwt-go after that project was archived. The de-facto Go JWT library.
Full JOSE suite (JWS, JWE, JWK, JWA). Use when you need JWE or JWKS handling beyond plain JWT.
RSRust
2 packages
JVJava / Kotlin
3 packages
Fluent Java API for signing and verifying. Split into api / impl / jackson modules so you only pull what you use.
Industrial-grade JOSE library used by Spring Security under the hood. Reach for it when you need JWE or detailed JWK control.
Simple builder/verifier API from Auth0. Good for straightforward use, less flexible than Nimbus.
C#.NET / C#
2 packages
Microsoft's first-party JOSE/JWT stack. The default for ASP.NET Core authentication handlers.
Small, library-only alternative. Useful in CLI tools or when you don't want the full Microsoft stack.
RBRuby
1 package
PHPPHP
2 packages
Compact, dependency-free. Used by Laravel/Lumen ecosystems and most PHP frameworks.
Full JOSE framework with JWS, JWE, JWK and key management. Reach for it on complex Symfony setups.
SWSwift
1 package
EXElixir
1 package