# How to Install and Use npm jsonwebtoken in Node.js Projects

> Quickly install and use the jsonwebtoken package in your Node.js projects. Learn how to add jsonwebtoken to dependencies using npm install jsonwebtoken and secure your applications.

- Repository: [Node.js/node](https://github.com/nodejs/node)
- Tags: how-to-guide
- Published: 2026-02-16

---

**Run `npm install jsonwebtoken` in your project directory after initializing with `npm init -y` to add the jsonwebtoken package to your Node.js dependencies.**

Setting up JSON Web Token (JWT) authentication in a new Node.js project requires installing the `jsonwebtoken` package from the npm registry. According to the `nodejs/node` repository source code, the `npm install` command follows specific behaviors documented in the npm CLI reference to manage dependencies. This guide covers the correct way to install **npm jsonwebtoken** and verify your setup.

## Initialize Your Project with npm init

Before installing any package, you must create a [`package.json`](https://github.com/nodejs/node/blob/main/package.json) file to track dependencies. The `nodejs/node` repository documentation in [`deps/npm/docs/content/commands/npm-install.md`](https://github.com/nodejs/node/blob/main/deps/npm/docs/content/commands/npm-install.md) specifies that npm requires a manifest to record installed packages.

Run the initialization command:

```bash
npm init -y

```

This creates a default [`package.json`](https://github.com/nodejs/node/blob/main/package.json) with metadata and an empty `dependencies` object. The `-y` flag accepts all defaults, streamlining setup for new projects.

## Install npm jsonwebtoken

Once your project is initialized, use the `npm install` command to download the package from the registry.

### Basic Installation

Execute the following in your project root:

```bash
npm install jsonwebtoken

```

As documented in [`deps/npm/docs/content/commands/npm-install.md`](https://github.com/nodejs/node/blob/main/deps/npm/docs/content/commands/npm-install.md), this command performs three actions: it downloads the latest stable version into `node_modules/jsonwebtoken/`, adds the dependency to your [`package.json`](https://github.com/nodejs/node/blob/main/package.json) file, and updates the lock file to ensure reproducible installs.

### Verify Installation

Confirm the package installed correctly:

```bash
npm list jsonwebtoken

```

You should see the version number and tree location, confirming that **npm jsonwebtoken** is available in your local `node_modules` directory.

## Using jsonwebtoken in Your Application

After installation, load the module using Node.js's `require` system. The `nodejs/node` repository implements module loading rules that resolve the package from `node_modules`.

Create an [`index.js`](https://github.com/nodejs/node/blob/main/index.js) file:

```javascript
const jwt = require('jsonwebtoken');

// Define payload and secret
const payload = { userId: 123, role: 'admin' };
const secret = 'your-256-bit-secret';

// Generate token with expiration
const token = jwt.sign(payload, secret, { expiresIn: '2h' });

console.log('Generated JWT:', token);

```

Run the script:

```bash
node index.js

```

This demonstrates the complete workflow from **npm jsonwebtoken** installation to generating a signed token.

## Summary

- **Initialize** your project with `npm init -y` to create [`package.json`](https://github.com/nodejs/node/blob/main/package.json) before installing packages.
- **Install** the package using `npm install jsonwebtoken`, which downloads to `node_modules` and updates your manifest as documented in [`deps/npm/docs/content/commands/npm-install.md`](https://github.com/nodejs/node/blob/main/deps/npm/docs/content/commands/npm-install.md).
- **Verify** installation with `npm list jsonwebtoken` to ensure the dependency is correctly registered.
- **Import** using `require('jsonwebtoken')` following Node.js module resolution rules from the `nodejs/node` repository.

## Frequently Asked Questions

### Do I need to install jsonwebtoken globally?

No, you should install it locally in your project directory using `npm install jsonwebtoken` without the `-g` flag. Local installation ensures the package appears in your project's `node_modules` folder and [`package.json`](https://github.com/nodejs/node/blob/main/package.json) dependencies, which is the standard approach for application-specific libraries according to the npm CLI documentation in [`deps/npm/docs/content/commands/npm-install.md`](https://github.com/nodejs/node/blob/main/deps/npm/docs/content/commands/npm-install.md).

### Where does npm install jsonwebtoken store the files?

The package downloads into a `node_modules/jsonwebtoken/` directory within your project root. This location follows Node.js module resolution algorithms implemented in the `nodejs/node` repository, which recursively searches `node_modules` folders when resolving `require('jsonwebtoken')` calls.

### How do I update jsonwebtoken to the latest version?

Run `npm update jsonwebtoken` to upgrade to the latest version that satisfies your [`package.json`](https://github.com/nodejs/node/blob/main/package.json) semver range, or use `npm install jsonwebtoken@latest` to force the newest version regardless of existing constraints. Both commands modify your [`package.json`](https://github.com/nodejs/node/blob/main/package.json) and lock file while replacing the contents of `node_modules/jsonwebtoken/`.

### Can I use jsonwebtoken with TypeScript?

Yes, after installing the main package with `npm install jsonwebtoken`, install the type definitions by running `npm install --save-dev @types/jsonwebtoken`. This provides TypeScript declarations for the `jwt.sign()`, `jwt.verify()`, and other methods, enabling IntelliSense and compile-time type checking while using the same runtime package installed via npm.