Skip to content

QuantumScan

auth0/node-jsonwebtoken

auth0/node-jsonwebtoken
35
risk score
50 findings · 47 files scanned

The node-jsonwebtoken library contains 51 high-severity quantum-vulnerable cryptographic operations and 6 critical-severity weak RSA key instances. However, all identified findings are located exclusively in test files rather than production code, significantly reducing immediate business risk. The library will require migration to post-quantum algorithms (ML-DSA, SLH-DSA) to maintain long-term cryptographic security.

Recent findingsView all findings →
FileAlgorithmSeverity
test/jwt.malicious.tests.js:19RSA key ≤ 2048 bitscriticalBusiness impact 18
test/async_sign.tests.js:64RSA key ≤ 2048 bitscriticalBusiness impact 15
test/async_sign.tests.js:73RSA key ≤ 2048 bitscriticalBusiness impact 15
test/jwt.hs.tests.js:12RSA key ≤ 2048 bitscriticalBusiness impact 15
test/rsa-public-key.tests.js:19RSA key ≤ 2048 bitscriticalBusiness impact 15
test/rsa-public-key.tests.js:29RSA key ≤ 2048 bitscriticalBusiness impact 15
test/jwt.asymmetric_signing.tests.js:20ECDSAhighBusiness impact 80
test/jwt.asymmetric_signing.tests.js:22ECDSAhighBusiness impact 80
test/jwt.asymmetric_signing.tests.js:24ECDSAhighBusiness impact 80
test/jwt.asymmetric_signing.tests.js:25ECDSAhighBusiness impact 80
Exposure by language
JavaScript50 · 100%
Compliance mapping
DORA
OK
NIS2
OK
NIST PQC
Partial
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/a92cf201-6dff-4bc5-a59f-bd8a4ccf3eba
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/auth0/node-jsonwebtoken.svg)](https://github.com/auth0/node-jsonwebtoken)
HTML
<a href="https://github.com/auth0/node-jsonwebtoken"><img src="https://quantumscan.io/api/badge/auth0/node-jsonwebtoken.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/auth0/node-jsonwebtoken.svg)](https://quantumscan.io/en/scan/a92cf201-6dff-4bc5-a59f-bd8a4ccf3eba)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card