Skip to content

Move @types/jsonwebtoken to devDependencies#324

Open
bickelj wants to merge 1 commit into
auth0:masterfrom
bickelj:move-jsonwebtoken-ts-types-to-dev-deps
Open

Move @types/jsonwebtoken to devDependencies#324
bickelj wants to merge 1 commit into
auth0:masterfrom
bickelj:move-jsonwebtoken-ts-types-to-dev-deps

Conversation

@bickelj

@bickelj bickelj commented Feb 10, 2023

Copy link
Copy Markdown

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This prevents dependencies (the usual non-dev dependencies) in downstream TypeScript projects from getting polluted with compile-time-only @types. It should fix #323 without impacting anything else. The build succeeds and passes.

References

#323

Testing

  1. Create a TypeScript project that uses express-jwt in production dependencies and @types/jsonwebtoken in devDependencies.
  2. npm install. Note that there are now @types in prod dependencies by examining package-lock.json.
  3. Try the same again with the changes and note that fewer @types arrive in prod.
  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@felixmosh felixmosh mentioned this pull request Sep 20, 2023
Closed
4 tasks
@felixmosh

felixmosh commented Sep 20, 2023

Copy link
Copy Markdown

Any update on this one?

@bickelj

bickelj commented Sep 20, 2023

Copy link
Copy Markdown
Author

@felixmosh 🤷

I see I only did 2 of 4 tasks, but I don't know what documentation or tests would need to change, which is why I left them undone.

IschanLois
IschanLois reviewed Aug 20, 2025
View reviewed changes

@IschanLois IschanLois left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, any update on this issue?

@bickelj

bickelj commented Aug 20, 2025

Copy link
Copy Markdown
Author

@jfromaniello I noticed your comment in #313 that somehow this is needed. What bad thing happens when the types are devDependencies?

@jfromaniello

jfromaniello commented Aug 20, 2025

Copy link
Copy Markdown
Member

@bickelj The problem is that the types of jsonwebtoken are re-exported or reused in exports of this lbirary:

export type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined)

So basically if you remove @types/jsonwebtoken, you will not get code completion when using this library.... For example, you will see token: any.

One way to solve this will be to copy the used types from jsonwebtoken (and all related types) into this library.... but then updating will be harder. If jsonwebtoken exported its types that will make it easier and one less dependency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@IschanLois IschanLois IschanLois left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TypeScript @types/* deps pollute production deps

4 participants

@bickelj @felixmosh @jfromaniello @IschanLois