Check if token expired using this JWT library
This is the answer:
if (Date.now() >= exp * 1000) {
return false;
}
You should use jwt.verify. It will check if the token is expired.
jwt.decode should not be used if the source is not trusted as it doesn't check if the token is valid.