🛡️ JWT Inspector — VS Code Extension
A lightweight and developer-friendly extension to decode, validate, and inspect JSON Web Tokens (JWTs) directly inside VS Code — no external websites needed.
🚀 Features
🔍 1. Instant JWT Decode (No Internet Required)
- Automatically detects JWTs in your editor
- Decodes Header, Payload, and Signature in real-time
- Works offline — secure for sensitive tokens
🧩 2. Syntax-Highlighted JWT Panel
- Opens a side panel showing structured JSON
- Beautiful syntax highlighting for JSON keys, strings, numbers, and booleans
- Highlights expired tokens, missing claims, invalid structure, etc.
⏱️ 3. Expiry & Claim Validation
- Human-readable expiration status (e.g., "Expired 2 hours ago" or "Valid for 3 days")
- Highlights important claims:
exp - Expiration timeiat - Issued atnbf - Not beforeiss - Issuersub - Subjectaud - Audiencescope - Scope
🔐 4. Signature Algorithm Detection
- Displays algorithm used (HS256, RS256, ES256, etc.)
- Warns about insecure algorithms (e.g.,
none, deprecated ones)
- Visual badges for algorithm status
🧪 5. Token Integrity Checks
- Detect malformed tokens
- Detect mismatches between header alg and signature format
- Warn if payload isn't valid JSON
- Comprehensive error and warning messages
📋 6. Hover Preview
- Hover over any JWT string → see decoded header & payload instantly
- Quick preview without opening the panel
🔄 7. Copy-to-Clipboard Utilities
Quickly copy:
- Header JSON
- Payload JSON
- Pretty-printed JSON
- Individual claim values
🧰 8. Command Palette Support
Run with:
JWT Inspector: Decode Token - Decode selected tokenJWT Inspector: Open Panel - Open the inspection panel
🗂️ 9. Supports Multiple Tokens in One File
- Auto-detect and lists all tokens found in the active editor
- Works with multiple tokens in the same document
📦 Installation
- Open VS Code
- Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
- Search for "JWT Inspector"
- Click Install
Or install from the command line:
code --install-extension jwt-inspector
🎯 Usage
Method 1: Hover Preview
Simply hover your mouse over any JWT token in your editor to see a quick preview of the decoded header and payload.
Method 2: Command Palette
- Select a JWT token in your editor
- Press
Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (Mac)
- Type "JWT Inspector: Decode Token"
- Press Enter
- Select a JWT token
- Right-click and choose "JWT Inspector: Decode Token"
- Open the JWT Inspector panel using the command palette
- Paste your JWT token into the input field
- Click "Decode Token" or press
Ctrl+Enter
🎨 Features in Detail
Modern UI
- Clean, intuitive interface with card-based layout
- Color-coded sections for easy navigation
- Responsive design that adapts to your VS Code theme
- Smooth animations and transitions
Smart Token Detection
- Automatically recognizes JWT tokens in your code
- Supports tokens in strings, comments, and configuration files
- Pattern matching for standard JWT format
Security
- All processing happens locally - no data leaves your machine
- No network requests required
- Safe for sensitive production tokens
🔧 Development
Building from Source
# Clone the repository
git clone https://github.com/kailashyogeshwar85/jwt-inspector.git
cd jwt-inspector
# Install dependencies
npm install
# Compile TypeScript
npm run compile
# Watch for changes
npm run watch
Running in Development Mode
- Open the project in VS Code
- Press
F5 to launch a new Extension Development Host window
- Test the extension in the new window
📝 Example JWT Token
Here's a sample JWT token you can use for testing:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
👤 Author
Kailash Yogeshwar
🙏 Acknowledgments
⭐ If you find this extension useful, please consider giving it a star on GitHub!
