From a46097e962621ab2ba718d1da6025cdeba3597c8 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 4 Sep 2020 22:05:35 +0200
Subject: [PATCH] docs: make decode impossible to discover before verify

see #741
---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index da35fa5..d76f879 100644
--- a/README.md
+++ b/README.md
@@ -231,6 +231,9 @@ jwt.verify(token, getKey, options, function(err, decoded) {
 
 ```
 
+<details>
+<summary><em></em>Need to peak into a JWT without verifying it? (Click to expand)</summary>
+
 ### jwt.decode(token [, options])
 
 (Synchronous) Returns the decoded payload without verifying if the signature is valid.
@@ -259,6 +262,8 @@ console.log(decoded.header);
 console.log(decoded.payload)
 ```
 
+</details>
+
 ## Errors & Codes
 Possible thrown errors during verification.
 Error is the first argument of the verification callback.