bug: you just clobbered the 'jose' that was on npm before

[davidjludwig]

require('jose') used to return this: https://github.com/autoit4you/node-jose#readme

!!!!

this is a breaking change for anyone who was using require('jose') and getting https://github.com/autoit4you/node-jose#readme

[panva]

this is a breaking change

In the sense that an existing system depending on the old package codebase would be affected? It really isn’t. The old jose, which i had the permission for from the owner of was unmaintained and unsupported, with barely 50 downloads per week, was version 0.3.x.

That semver range is not affected and is still available (npm i jose@0.3) for those who use it and declare in their package.json or lock files.

I have consulted this move both with the author and npmjs organization support and it is nothing more than a major package version bump under semantic versioning.