What security regression does this diff introduce — or fix?

A JWT (JSON Web Token) has a header, payload, and signature. The header contains an alg field that specifies which algorithm was used to sign it. The alg: none attack exploits libraries that blindly trust the algorithm declared in the token itself: an attacker strips the signature, sets alg to none, and edits the payload claims (e.g. sets admin: true). A vulnerable library accepts this because it sees 'alg: none — no signature needed'.

The original code passes only the secret to jwt.verify(), leaving the library free to honour whatever algorithm the token claims. The fix adds { algorithms: ['HS256'] }, so the server independently asserts which algorithm it expects — any token claiming a different algorithm (including none) is immediately rejected, regardless of what the token header says.