auth0
diff --git a/‎.eslintignore‎
Lines changed: 0 additions & 2 deletions b/‎.eslintignore‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎.eslintrc.json‎
Lines changed: 0 additions & 23 deletions b/‎.eslintrc.json‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎MIGRATION_GUIDE_V10.md‎
Lines changed: 210 additions & 0 deletions b/‎MIGRATION_GUIDE_V10.md‎
Lines changed: 210 additions & 0 deletions
diff --git a/‎MIGRATION_SUMMARY.md‎
Lines changed: 63 additions & 0 deletions b/‎MIGRATION_SUMMARY.md‎
Lines changed: 63 additions & 0 deletions
@@ -2,3 +2,8 @@ node_modules
 .DS_Store
 .nyc_output
 coverage
+.idea
+dist/
+CLAUDE.md
+**/CLAUDE.md
+
@@ -0,0 +1,210 @@
+# Migration Guide: v9.x to v10.0.0
+
+## Breaking Changes
+
+Version 10.0.0 introduces a complete migration from callback-based APIs to modern async/await patterns. This is a major breaking change that requires updating all code using this library.
+
+### Key Changes
+
+1. **All callbacks removed** - `sign()` and `verify()` no longer accept callbacks
+2. **All functions return Promises** - Must use `await` or `.then()`
+3. **GetPublicKeyOrSecret is now async** - Must return a Promise
+4. **Error handling via try/catch** - No more error-first callbacks
+
+### API Changes
+
+#### sign() Function
+
+**Before (v9.x):**
+```javascript
+// Callback style
+jwt.sign(payload, secret, options, (err, token) => {
+  if (err) throw err;
+  console.log(token);
+});
+
+// Synchronous style
+const token = jwt.sign(payload, secret, options);
+```
+
+**After (v10.0.0):**
+```javascript
+// Async/await style
+try {
+  const token = await jwt.sign(payload, secret, options);
+  console.log(token);
+} catch (err) {
+  throw err;
+}
+
+// Promise style
+jwt.sign(payload, secret, options)
+  .then(token => console.log(token))
+  .catch(err => console.error(err));
+```
+
+#### verify() Function
+
+**Before (v9.x):**
+```javascript
+// Callback style
+jwt.verify(token, secret, options, (err, decoded) => {
+  if (err) throw err;
+  console.log(decoded);
+});
+
+// Synchronous style
+const decoded = jwt.verify(token, secret, options);
+```
+
+**After (v10.0.0):**
+```javascript
+// Async/await style
+try {
+  const decoded = await jwt.verify(token, secret, options);
+  console.log(decoded);
+} catch (err) {
+  if (err.name === 'TokenExpiredError') {
+    console.log('Token expired at:', err.expiredAt);
+  }
+  throw err;
+}
+```
+
+#### Dynamic Key Resolution (GetPublicKeyOrSecret)
+
+**Before (v9.x):**
+```javascript
+const getKey = (header, callback) => {
+  // Fetch key based on kid
+  fetchKeyFromDatabase(header.kid, (err, key) => {
+    if (err) return callback(err);
+    callback(null, key);
+  });
+};
+
+jwt.verify(token, getKey, options, (err, decoded) => {
+  // Handle result
+});
+```
+
+**After (v10.0.0):**
+```javascript
+const getKey = async (header) => {
+  // Fetch key based on kid
+  const key = await fetchKeyFromDatabase(header.kid);
+  return key;
+};
+
+try {
+  const decoded = await jwt.verify(token, getKey, options);
+  // Handle result
+} catch (err) {
+  // Handle error
+}
+```
+
+### decode() Function - No Changes
+
+The `decode()` function remains synchronous and unchanged:
+
+```javascript
+const decoded = jwt.decode(token, options);
+```
+
+### Error Handling
+
+All errors are now thrown instead of being passed to callbacks:
+
+**Before (v9.x):**
+```javascript
+jwt.verify(token, secret, (err, decoded) => {
+  if (err) {
+    if (err.name === 'TokenExpiredError') {
+      // Handle expired token
+    } else if (err.name === 'JsonWebTokenError') {
+      // Handle JWT error
+    }
+  }
+});
+```
+
+**After (v10.0.0):**
+```javascript
+try {
+  const decoded = await jwt.verify(token, secret);
+} catch (err) {
+  if (err.name === 'TokenExpiredError') {
+    // Handle expired token
+  } else if (err.name === 'JsonWebTokenError') {
+    // Handle JWT error
+  }
+}
+```
+
+### Testing Updates
+
+If you're using this library in tests, update your test code:
+
+**Before (v9.x):**
+```javascript
+it('should verify token', (done) => {
+  jwt.verify(token, secret, (err, decoded) => {
+    expect(err).toBeNull();
+    expect(decoded.foo).toBe('bar');
+    done();
+  });
+});
+```
+
+**After (v10.0.0):**
+```javascript
+it('should verify token', async () => {
+  const decoded = await jwt.verify(token, secret);
+  expect(decoded.foo).toBe('bar');
+});
+```
+
+### TypeScript Changes
+
+The following types have been removed:
+- `SignCallback`
+- `VerifyCallback`
+
+The `GetPublicKeyOrSecret` type has been updated:
+
+**Before:**
+```typescript
+type GetPublicKeyOrSecret = (
+  header: JwtHeader,
+  callback: (err: any, secret?: Secret | PublicKey) => void
+) => void;
+```
+
+**After:**
+```typescript
+type GetPublicKeyOrSecret = (
+  header: JwtHeader
+) => Promise<Secret | PublicKey>;
+```
+
+### Migration Steps
+
+1. **Update all `sign()` calls** to use async/await or Promises
+2. **Update all `verify()` calls** to use async/await or Promises
+3. **Update error handling** from callbacks to try/catch blocks
+4. **Update GetPublicKeyOrSecret functions** to return Promises
+5. **Update tests** to use async/await patterns
+6. **Remove any TypeScript references** to removed callback types
+
+### Benefits of v10
+
+- **Cleaner code** - No callback hell, better error handling
+- **Modern JavaScript** - Uses latest language features
+- **Better TypeScript support** - Simpler types, better inference
+- **Easier testing** - Async/await tests are more readable
+- **Better performance** - No callback overhead, cleaner stack traces
+
+### Need Help?
+
+If you encounter issues during migration, please check our [GitHub issues](https://github.com/auth0/node-jsonwebtoken/issues) or create a new issue with details about your migration challenges.
@@ -0,0 +1,63 @@
+# JSON Web Token Library Migration Summary
+
+## Changes Made
+
+### 1. Removed 'none' Algorithm Support
+- **Security Enhancement**: The insecure 'none' algorithm has been completely removed from the library
+- Removed from TypeScript types, algorithm lists, and all handling code
+- All tests using 'none' algorithm have been removed
+- This prevents unsigned tokens from being accepted
+
+### 2. Testing Framework Migration: Mocha → Jest
+- Successfully migrated from Mocha + Chai + Sinon + NYC to Jest
+- Benefits:
+  - Single testing dependency (Jest includes assertions, mocks, and coverage)
+  - Better TypeScript support
+  - Faster parallel test execution
+  - Better error messages
+  - Built-in watch mode
+- Coverage thresholds maintained at 95% lines/branches, 100% functions
+
+### 3. Modern Algorithm Support
+
+#### Fully Supported Algorithms:
+- **HMAC**: HS256, HS384, HS512
+- **RSA**: RS256, RS384, RS512
+- **RSA-PSS**: PS256, PS384, PS512
+- **ECDSA**: ES256, ES384, ES512
+
+#### Limited Support:
+- **ES256K** (secp256k1): TypeScript types and validation added, but not supported by underlying jws library v4.0.0
+- **EdDSA** (Ed25519/Ed448): TypeScript types and validation added, but not supported by underlying jws library v4.0.0
+
+### 4. Test Coverage Improvements
+- Added comprehensive tests for all RSA variants (RS256, RS384, RS512)
+- Added tests for all ECDSA variants (ES256, ES384, ES512)
+- Added tests for all RSA-PSS variants (PS256, PS384, PS512)
+- Generated test keys for modern algorithms (Ed25519, Ed448, secp256k1)
+
+## Current Limitations
+
+### EdDSA and ES256K Support
+While the TypeScript implementation includes support for EdDSA and ES256K algorithms:
+- The underlying `jws` library (v4.0.0) does not support these algorithms
+- Attempting to use EdDSA or ES256K will result in: `TypeError: "[algorithm]" is not a valid algorithm`
+- Full support would require either:
+  1. Updating to a newer version of jws (if available)
+  2. Replacing jws with a library that supports modern algorithms
+  3. Implementing the algorithms directly
+
+### Recommendations
+1. For maximum compatibility, use RS256
+2. For better performance with good support, use ES256
+3. Avoid using ES256K and EdDSA until the underlying library is updated
+
+## Breaking Changes
+- **Removed 'none' algorithm**: Any code using algorithm 'none' will need to be updated
+- **Jest migration**: Test scripts now use Jest instead of Mocha
+
+## Next Steps
+To fully support EdDSA and ES256K, consider:
+1. Contributing EdDSA/ES256K support to the jws library
+2. Evaluating alternative JWT libraries that support modern algorithms
+3. Implementing a custom signing/verification layer for these algorithms