how-to-guide

How to Install and Use npm jsonwebtoken in Node.js Projects

February 16, 2026 nodejs/node ↗

Run npm install jsonwebtoken in your project directory after initializing with npm init -y to add the jsonwebtoken package to your Node.js dependencies.

Setting up JSON Web Token (JWT) authentication in a new Node.js project requires installing the jsonwebtoken package from the npm registry. According to the nodejs/node repository source code, the npm install command follows specific behaviors documented in the npm CLI reference to manage dependencies. This guide covers the correct way to install npm jsonwebtoken and verify your setup.

Initialize Your Project with npm init

Before installing any package, you must create a package.json file to track dependencies. The nodejs/node repository documentation in deps/npm/docs/content/commands/npm-install.md specifies that npm requires a manifest to record installed packages.

Run the initialization command:

npm init -y

This creates a default package.json with metadata and an empty dependencies object. The -y flag accepts all defaults, streamlining setup for new projects.

Install npm jsonwebtoken

Once your project is initialized, use the npm install command to download the package from the registry.

Basic Installation

Execute the following in your project root:

npm install jsonwebtoken

As documented in deps/npm/docs/content/commands/npm-install.md, this command performs three actions: it downloads the latest stable version into node_modules/jsonwebtoken/, adds the dependency to your package.json file, and updates the lock file to ensure reproducible installs.

Verify Installation

Confirm the package installed correctly:

npm list jsonwebtoken

You should see the version number and tree location, confirming that npm jsonwebtoken is available in your local node_modules directory.

Using jsonwebtoken in Your Application

After installation, load the module using Node.js's require system. The nodejs/node repository implements module loading rules that resolve the package from node_modules.

Create an index.js file:

const jwt = require('jsonwebtoken');

// Define payload and secret
const payload = { userId: 123, role: 'admin' };
const secret = 'your-256-bit-secret';

// Generate token with expiration
const token = jwt.sign(payload, secret, { expiresIn: '2h' });

console.log('Generated JWT:', token);

Run the script:

node index.js

This demonstrates the complete workflow from npm jsonwebtoken installation to generating a signed token.

Summary

Initialize your project with npm init -y to create package.json before installing packages.
Install the package using npm install jsonwebtoken, which downloads to node_modules and updates your manifest as documented in deps/npm/docs/content/commands/npm-install.md.
Verify installation with npm list jsonwebtoken to ensure the dependency is correctly registered.
Import using require('jsonwebtoken') following Node.js module resolution rules from the nodejs/node repository.

Frequently Asked Questions

Do I need to install jsonwebtoken globally?

No, you should install it locally in your project directory using npm install jsonwebtoken without the -g flag. Local installation ensures the package appears in your project's node_modules folder and package.json dependencies, which is the standard approach for application-specific libraries according to the npm CLI documentation in deps/npm/docs/content/commands/npm-install.md.

Where does npm install jsonwebtoken store the files?

The package downloads into a node_modules/jsonwebtoken/ directory within your project root. This location follows Node.js module resolution algorithms implemented in the nodejs/node repository, which recursively searches node_modules folders when resolving require('jsonwebtoken') calls.

How do I update jsonwebtoken to the latest version?

Run npm update jsonwebtoken to upgrade to the latest version that satisfies your package.json semver range, or use npm install jsonwebtoken@latest to force the newest version regardless of existing constraints. Both commands modify your package.json and lock file while replacing the contents of node_modules/jsonwebtoken/.

Can I use jsonwebtoken with TypeScript?

Yes, after installing the main package with npm install jsonwebtoken, install the type definitions by running npm install --save-dev @types/jsonwebtoken. This provides TypeScript declarations for the jwt.sign(), jwt.verify(), and other methods, enabling IntelliSense and compile-time type checking while using the same runtime package installed via npm.

Have a question about this repo?

These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:

Share the following with your agent to get started:

curl -s "https://instagit.com/install.md"

Add to your MCP client configuration:

{
  "mcpServers": {
    "instagit": {
      "command": "npx",
      "args": ["-y", "instagit@latest"]
    }
  }
}

Ask your agent:

"Use Instagit MCP to understand how nodejs/node works."

Works with

Claude Codex Cursor VS Code OpenClaw Any MCP Client

Maintain an open-source project? Get it listed too →