I have a feeling this is going to be a quick answer, but I can't seem to find any great definitive answers on the web - what is the difference between the jsonwebtoken npm package and the express-jwt npm package? I think express-jwt is written on top of jsonwebtoken and simply verifies incoming tokens and sets req.user to the user payload on the JWT.
Is that correct? Sorry if this is a total noob question... I just started learning authentication and node/express, so it's all pretty new to me.
Coming back to this many months later. In case it's helpful to anyone, express-jwt is built on top of the jsonwebtoken package and does a bunch of additional cool things. You still use jsonwebtoken to sign and verify your JWTs, but express-jwt helps you protect routes, checks JWTs against a secret, and creates a req.user from the payload of the token if it can verify it.
tl;dr: express-jwt uses jsonwebtoken in its own code and adds additional neatness.