express-jwt vs. jsonwebtoken
Coming back to this many months later. In case it's helpful to anyone, express-jwt is built on top of the jsonwebtoken package and does a bunch of additional cool things. You still use jsonwebtoken to sign and verify your JWTs, but express-jwt helps you protect routes, checks JWTs against a secret, and creates a req.user from the payload of the token if it can verify it.
tl;dr: express-jwt uses jsonwebtoken in its own code and adds additional neatness.
Express-JWT is just a library for Express that validates/signs json web tokens whcih can be used with the express web server (middleware). JsonWebTokens is just another implementation of json web tokens. There are many other JWT token libraries you can implement with node. Express-jwt is just one of those. They both essentially do the same thing and you can use either or. None are built on top of each other, they are build using the JWT standard. Choose the one which best suites your requirements.