Move @types/jsonwebtoken to devDependencies

[bickelj]

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This prevents dependencies (the usual non-dev dependencies) in downstream TypeScript projects from getting polluted with compile-time-only @types. It should fix https://github.com/auth0/express-jwt/issues/323 without impacting anything else. The build succeeds and passes.

References

https://github.com/auth0/express-jwt/issues/323

Testing

1. Create a TypeScript project that uses express-jwt in production dependencies and @types/jsonwebtoken in devDependencies.
2. npm install. Note that there are now @types in prod dependencies by examining package-lock.json.
3. Try the same again with the changes and note that fewer @types arrive in prod.

• [ ] This change adds test coverage for new/changed/fixed functionality

Checklist

• [ ] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• [X] All active GitHub checks for tests, formatting, and security are passing
• [X] The correct base branch is being used, if not the default branch

[felixmosh]

Any update on this one?

[bickelj]

@felixmosh :shrug:

I see I only did 2 of 4 tasks, but I don't know what documentation or tests would need to change, which is why I left them undone.