From 57a80134f201b1329494dc948d64bf5726bddca0 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 4 Sep 2020 22:05:00 +0200
Subject: [PATCH 1/2] refactor: make decode non-enumerable

see #741
---
 index.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 161eb2d..a480f1d 100644
--- a/index.js
+++ b/index.js
@@ -1,8 +1,12 @@
 module.exports = {
-  decode: require('./decode'),
   verify: require('./verify'),
   sign: require('./sign'),
   JsonWebTokenError: require('./lib/JsonWebTokenError'),
   NotBeforeError: require('./lib/NotBeforeError'),
   TokenExpiredError: require('./lib/TokenExpiredError'),
 };
+
+Object.defineProperty(module.exports, 'decode', {
+  enumerable: false,
+  value: require('./decode'),
+});

From d097d30aa817e4d80e395f10f7251351c08e427c Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 4 Sep 2020 22:05:35 +0200
Subject: [PATCH 2/2] docs: make decode impossible to discover before verify

see #741
---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index da35fa5..d76f879 100644
--- a/README.md
+++ b/README.md
@@ -231,6 +231,9 @@ jwt.verify(token, getKey, options, function(err, decoded) {
 
 ```
 
+<details>
+<summary><em></em>Need to peak into a JWT without verifying it? (Click to expand)</summary>
+
 ### jwt.decode(token [, options])
 
 (Synchronous) Returns the decoded payload without verifying if the signature is valid.
@@ -259,6 +262,8 @@ console.log(decoded.header);
 console.log(decoded.payload)
 ```
 
+</details>
+
 ## Errors & Codes
 Possible thrown errors during verification.
 Error is the first argument of the verification callback.