Enourmous Bundle Size ! 340 KiB

[GaddMaster]

Can we make the bundle size smaller?

[panva]

340 KiB

That doesn't sound right... https://bundlephobia.com/result?p=jsonwebtoken@8.5.1

[GaddMaster]

All I know is when I remove it from webpack build, it goes to 390 Kib, when I uncomment it and use it, it jumps to 740 KiB

[panva]

That's because jsonwebtoken is not built to be transpiled, under its hood it uses node's crypto module that your webpack bundle has a registered polyfill for. We can't control that, nor do we actually support browser environment as a runtime for this module. Although you might be able to use jsonwebtoken in a browser through this transpiled code using webpack, this library's focus is the node.js runtime and we lack the test suite to confirm it all works as intended when transpiled.

We are not providing jsonwebtoken for the browser platform and would recommend use of JWT modules that utilize the browser built-in Web Cryptography API instead.

[GaddMaster]

semver.js alone is 14 KiB
bn.js is 40
elliptic is 68
and their are many more new things added due to this package

[GaddMaster]

OK, I understand. Thanks very much for the tip. I suppose we can close this silly thread I opened :)

[switz]

I just ran into this. I shaved a huge amount off my bundle by switching to jwt-decode on the client.

Obviously, this is not this module's fault. In no way, at all. But it would be really cool if this module threw an error or a warning if it's run in the browser with a helpful link to https://github.com/auth0/jwt-decode. I went from a 450kb bundle to 250kb bundle by swapping out this module alone.

Anyway cheers, just a suggestion and hope you don't take this as anything but a helpful idea so users are aware not to use this on the client.