# Install jwt-cli with Homebrew, apk, MacPorts, Nix, pacman, scoop, apt

Super fast CLI tool to decode and encode JWTs built in Rust. Version 6.2.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:jwt-cli
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install jwt-cli
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install jwt-cli
```

  Evidence: MacPorts ports tree: devel/jwt-cli/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add jwt-cli
```

  Evidence: Alpine Linux edge package indexes: jwt-cli from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#jwt-cli
```

  Evidence: nixpkgs package indexes: pkgs/by-name/jw/jwt-cli/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S jwt-cli
```

  Evidence: Arch Linux sync databases: jwt-cli from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- Debian apt (92%):

```sh
sudo apt install jwt
```

  Evidence: Debian stable package indexes: jwt from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

### Windows

- Scoop (92%):

```sh
scoop install main/jwt-cli
```

  Evidence: Scoop official bucket manifest trees: bucket/jwt-cli.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:jwt-cli
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/jwt-cli>
- **Version:** 6.2.0
- **Source summary:** Super fast CLI tool to decode and encode JWTs built in Rust
- **Homepage:** <https://github.com/mike-engel/jwt-cli>
- **Repository:** <https://github.com/mike-engel/jwt-cli>
- **Upstream docs:** <https://github.com/mike-engel/jwt-cli>
- **License:** MIT
- **Source archive:** <https://github.com/mike-engel/jwt-cli/archive/refs/tags/6.2.0.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- jwt (cli)
- jwt (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 6.2.0
- Local data: ok
- Upstream repository: https://github.com/mike-engel/jwt-cli
- Upstream latest detected: 6.2.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

jwt-cli is a Rust command-line utility for decoding, verifying, and encoding JSON Web Tokens. It became a common package-manager answer to the everyday developer need to inspect opaque bearer tokens from a shell pipeline.

### Project history

Mike Engel released jwt-cli publicly in March 2017, with GitHub release metadata showing 0.1.0 as an initial prerelease on March 6, 2017. The README frames the tool around two goals: decoding JWT headers and claims like other JWT CLIs, and encoding new JWTs with flexible headers, claims, and secrets.

The project evolved with the Rust JWT ecosystem. Its changelog records a move to the `jsonwebtoken` crate in 0.3.0, JSON output in 2.1.0, stdin support in 2.4.0, ECDSA support in 2.5.0, PEM support through `jsonwebtoken` 7 in 3.0.0, stricter expiration handling and file secrets in 5.0.0, EdDSA and output-file support in 6.0.0, and JWKS support in 6.1.0.

### Adoption history

The tool spread through several package ecosystems because JWT inspection is a cross-platform developer workflow. The README documents installation through Homebrew, MacPorts, Cargo, FreeBSD ports, Scoop, and Arch Linux, and the Homebrew formula also records package-manager distribution under the `jwt-cli` formula.

### How it is used

jwt-cli is used in two main ways: as an interactive command such as `jwt decode TOKEN`, and as a pipeline component, for example extracting an access token with `curl` and `jq` and piping it into `jwt decode -`. Encoding support lets developers create test tokens without reaching for a web UI.

### Why package nerds care

Its significance is package-manager convenience: JWTs are everywhere in web auth, and a small static-ish Rust CLI with shell completion, stdin behavior, and broad OS packaging is exactly the kind of utility users expect to install with one command.

### Timeline

- 2017-03-06: 0.1.0 initial prerelease published.
- 2018-09-24: 2.1.0 adds JSON output for piping into tools such as `jq`.
- 2019-04-19: 2.4.0 adds stdin support for encode and decode.
- 2021-11-14: 5.0.0 adds file secrets and stricter expiration validation.
- 2023-06-22: 6.0.0 adds EdDSA support and output-file support.
- 2024-05-27: 6.1.0 adds JWKS support and shell completion.

### Related projects

- jwt-cli sits alongside browser tools such as JWT.io, security-focused JWT tooling such as jwt-hack, and the Rust `jsonwebtoken` crate used internally for token operations.

### Sources

- <https://crates.io/crates/jwt-cli>
- <https://github.com/mike-engel/jwt-cli>
- <https://github.com/mike-engel/jwt-cli/blob/main/CHANGELOG.md>
- <https://github.com/mike-engel/jwt-cli/releases>
- <https://www.rfc-editor.org/rfc/rfc7519>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** jwt-cli
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - jwt-cli: normalized package name match | nixpkgs package indexes: pkgs/by-name/jw/jwt-cli/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - jwt-cli - 6.2.0-r0: normalized package name match | Alpine Linux edge package indexes: jwt-cli from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Super fast CLI tool to decode and encode JWTs | https://github.com/mike-engel/jwt-cli
- pacman - jwt-cli - 6.2.0-1: normalized package name match | Arch Linux sync databases: jwt-cli from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | A super fast CLI tool to decode and encode JWTs | https://github.com/mike-engel/jwt-cli
- MacPorts - jwt-cli: normalized package name match | MacPorts ports tree: devel/jwt-cli/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/jwt-cli: normalized package name match | Scoop official bucket manifest trees: bucket/jwt-cli.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- Debian apt - jwt - 5.0.0+really4.5.2-1+b2: installed executable or alias match | Debian stable package indexes: jwt from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | golang implementation of JSON Web Tokens (command line) | https://github.com/golang-jwt/jwt
- Ubuntu apt - jwt - 5.0.0+really4.5.0-1: installed executable or alias match | Ubuntu 24.04 LTS package indexes: jwt from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | golang implementation of JSON Web Tokens (command line) | https://github.com/golang-jwt/jwt


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Shares av.db curated category or tags: cli, jwt, security, token.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Shares av.db curated category or tags: cli, rust, security.
- [cargo-deny](https://www.automicvault.com/pkg/brew/cargo-deny/) - Shares av.db curated category or tags: cli, rust, security.
- [cargo-geiger](https://www.automicvault.com/pkg/brew/cargo-geiger/) - Shares av.db curated category or tags: cli, rust, security.
- [checkpwn](https://www.automicvault.com/pkg/brew/checkpwn/) - Shares av.db curated category or tags: cli, rust, security.
- [feluda](https://www.automicvault.com/pkg/brew/feluda/) - Shares av.db curated category or tags: cli, rust, security.
- [observerward](https://www.automicvault.com/pkg/brew/observerward/) - Shares av.db curated category or tags: cli, rust, security.
- [rustscan](https://www.automicvault.com/pkg/brew/rustscan/) - Shares av.db curated category or tags: cli, rust, security.

## Combined YAML source

View the package source record on GitHub. [combined/jwt-cli.yml](https://github.com/automic-vault/db/blob/main/combined/jwt-cli.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
