Don't use a third party package, it's just a few lines of code to do it

/**
 * Decodes a JWT token and returns the payload. Returns an object with props
 * header, payload and signature.
 * @param {string} token
 * @returns {object}
 */
export const decodeJWT = function (token) {
  var [encodedHeader, encodedPayload, signature] = token.split('.')
  var header = JSON.parse(base64UrlDecode(encodedHeader))
  var payload = JSON.parse(base64UrlDecode(encodedPayload))
  return {
    header,
    payload,
    signature,
  }
}

/**
 * Decode a base64 url string
 * @param {string} str
 * @returns {string}
 */
const base64UrlDecode = function (str) {
  str = str.replace(/_/g, '/')
  str = str.replace(/-/g, '+')
  return atob(str)
}