QuantumScan
auth0/node-jsonwebtoken
The node-jsonwebtoken library contains 51 high-severity quantum-vulnerable cryptographic operations and 6 critical-severity weak RSA key instances. However, all identified findings are located exclusively in test files rather than production code, significantly reducing immediate business risk. The library will require migration to post-quantum algorithms (ML-DSA, SLH-DSA) to maintain long-term cryptographic security.
| File | Algorithm | Severity | |
|---|---|---|---|
| test/jwt.malicious.tests.js:19 | RSA key ≤ 2048 bits | criticalBusiness impact 18 | |
| test/async_sign.tests.js:64 | RSA key ≤ 2048 bits | criticalBusiness impact 15 | |
| test/async_sign.tests.js:73 | RSA key ≤ 2048 bits | criticalBusiness impact 15 | |
| test/jwt.hs.tests.js:12 | RSA key ≤ 2048 bits | criticalBusiness impact 15 | |
| test/rsa-public-key.tests.js:19 | RSA key ≤ 2048 bits | criticalBusiness impact 15 | |
| test/rsa-public-key.tests.js:29 | RSA key ≤ 2048 bits | criticalBusiness impact 15 | |
| test/jwt.asymmetric_signing.tests.js:20 | ECDSA | highBusiness impact 80 | |
| test/jwt.asymmetric_signing.tests.js:22 | ECDSA | highBusiness impact 80 | |
| test/jwt.asymmetric_signing.tests.js:24 | ECDSA | highBusiness impact 80 | |
| test/jwt.asymmetric_signing.tests.js:25 | ECDSA | highBusiness impact 80 |
Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.
https://quantumscan.io/en/share/a92cf201-6dff-4bc5-a59f-bd8a4ccf3ebaShow your project's post-quantum readiness in the README. The badge updates automatically after every new scan.
[](https://github.com/auth0/node-jsonwebtoken)<a href="https://github.com/auth0/node-jsonwebtoken"><img src="https://quantumscan.io/api/badge/auth0/node-jsonwebtoken.svg" alt="Post-Quantum Readiness" /></a>Add badge to your README
Show your quantum-safety score directly on GitHub.
[](https://quantumscan.io/en/scan/a92cf201-6dff-4bc5-a59f-bd8a4ccf3eba)Save your results & track future changes
Create a free account to get drift alerts, compliance PDF exports, and scan history.
- Weekly drift alerts when new vulnerabilities appear
- Track risk score over time across all your repos
- Export DORA / NIS2 compliance PDF for auditors
Free forever for design partners · No credit card